This repository has been archived by the owner on Oct 7, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1
Add Cryptographic Digests to GitHub Releases #16
Comments
cc @etcd-io/maintainers-etcd |
@spzala @hexfusion Do you want to work on this? Will be very simple to add https://github.com/etcd-io/etcd/blob/master/scripts/build-binary |
/assign |
@gyuho @hexfusion I would love to have the older releases covered as well. Any objections if I start by running the tool over the currently supported releases? |
@philips Sure, we can add those starting from 3.3 and 3.4. I don't think we will have more 3.2 releases. If we do, we can add that to 3.2. |
@gyuho OK, I will do that in a few hours. |
I added it for the latest release and everything went OK. I will do a few more:
|
Hit a snag... investigating: merklecounty/rget#13 |
3 tasks
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
I think we should consider adding cryptographic digests for the files released in etcd. Commonly called SHA256SUMS files they can be easily generated using the common
sha256sum
tool on most systemsAlternatively, there are some release automation tools that can build these files automatically.
Besides being a useful practice for download verification I would also like to use the SHA256SUMS as a way to ensure the releases aren't tampered with and track when they are modified. There is a tool called rget that I have been building that can do this if you provide SHA256SUMS for your releases.
The rget tool also has a subcommand to make it easy to create SHA256SUMS for existing releases, just run:
If all of the @etcd-io/maintainers-etcd agree I can make this change and publish the SHA256SUMS for all of our older releases.
The text was updated successfully, but these errors were encountered: