SHA validation after pulling source

joedborg · September 8, 2017, 12:58pm

Just wondering if this would be a good idea? Some like

parts:
  minikube:
    plugin: dump
    source: https://github.com/kubernetes/minikube/releases/download/v0.22.0/minikube-linux-amd64
    sha256: aaa439aee636a01e6340a1104721942af43c3fb481a5a32e112ccd8a37d8a1e9

To provide some security when pulling images.

kyrofa · September 8, 2017, 2:12pm

Yeah, try this:

parts:
  minikube:
    plugin: dump
    source: https://github.com/kubernetes/minikube/releases/download/v0.22.0/minikube-linux-amd64
    source-checksum: sha256/aaa439aee636a01e6340a1104721942af43c3fb481a5a32e112ccd8a37d8a1e9

joedborg · September 9, 2017, 3:22pm

Perfect, thanks! Not sure it’s in the docs, is it?

G.S.1 · September 9, 2017, 4:12pm

As I keep reading the forum, I keep finding that the docs have a lot of missing information. It’s like, I keep browsing and someone will say a problem (like above), and then some developer will say, “yeah, just do this” and I think to myself, “where was that ever mentioned?”

We need better Docs.

joedborg · September 9, 2017, 4:20pm

You can make a PR https://github.com/CanonicalLtd/snappy-docs

G.S.1 · September 9, 2017, 5:20pm

Submitted a snapcraft.io homepage PR:

This doesn’t fix the docs though, I was driving by. I am going to fix the docs next and put a link to a PR (if I make one) here when that happens.

kyrofa · September 9, 2017, 7:49pm

I just checked, it seems not. It needs to be, indeed!

Amen. I truly appreciate the work you’ve done so far to combat the matter. It’s easy to develop a feature without considering updating the docs; I’m as guilty as anyone. I’ve submitted a PR to rectify this one in particular:

https://github.com/CanonicalLtd/snappy-docs/pull/101

joedborg · September 9, 2017, 8:01pm

Beat you to it https://github.com/CanonicalLtd/snappy-docs/pull/100

kyrofa · September 9, 2017, 8:58pm

Ah! You’re too fast!