Add flat-lock.json with checksum #21

BSteffaniak · 2023-06-05T16:58:08Z

To ensure that no packages have changed since they have been installed, airship install should create/update a flat-lock.json with each of the package's contents checksum. If the package's checksum differs from the checksum in the lock file, then error out of the install with a security error about the package's contents changing since the last installation.

Should this handle backing up the existing installation?
- Perhaps new installs are installed to a temp file name and then moved to the destination once checksum passes.

~~Manual checksum tar --exclude-vcs --exclude-from=.gitignore -cf - . | md5sum~~

Check the git SHA git rev-parse --verify HEAD

The text was updated successfully, but these errors were encountered:

BSteffaniak added the enhancement New feature or request label Jun 5, 2023

BSteffaniak self-assigned this Jun 5, 2023

BSteffaniak mentioned this issue Jun 5, 2023

Add warning and confirmation prompt to airship publish if overwriting existing release #22

Open

BSteffaniak changed the title ~~Add flat-lock.json with md5sum~~ Add flat-lock.json with checksum Jun 5, 2023

BSteffaniak added a commit that referenced this issue Jun 13, 2023

Initial lock file functionality #21

a691219

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add flat-lock.json with checksum #21

Add flat-lock.json with checksum #21

BSteffaniak commented Jun 5, 2023 •

edited

Loading

Add flat-lock.json with checksum #21

Add flat-lock.json with checksum #21

Comments

BSteffaniak commented Jun 5, 2023 • edited Loading

BSteffaniak commented Jun 5, 2023 •

edited

Loading