Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consider providing checksums for the release files #590

Closed
rolinh opened this issue May 23, 2018 · 3 comments
Closed

Consider providing checksums for the release files #590

rolinh opened this issue May 23, 2018 · 3 comments
Assignees
@To-om
Labels
feature request
Milestone
3.1.0-RC1 (Cerana 1)

Comments

@rolinh
Copy link

rolinh commented May 23, 2018

Request Type

Feature Request

Problem Description

The release files (binary/zip/deb/rpm) are currently uploaded to bintray. No file checksum is provided so there are no way for users to verify the integrity of the files.

Possible Solutions

Upload a SHA256 (or other popular secure hash) sum of each file along with them.
Bonus: sign the files (eg with PGP) so that their authenticity can be validated as well. I believe this is important considering the binaries are deployed on production systems by users.
@saadkadhi saadkadhi added this to the 3.1.0 (Cerana 1) milestone May 23, 2018
@saadkadhi saadkadhi mentioned this issue May 23, 2018
Closed
@saadkadhi
Copy link
Contributor

@rolinh we already provide PGP-signed RPMs and DEBs but we should definitely extend that to bin packages and possibly add SHA256 sums if lazy folks don't want to put up with the PGP PITA. I've created an issue for that in the Cortex repo as well (TheHive-Project/Cortex#105).

❯ gpg --verify TheHive_3.0.9-1_all.deb.asc TheHive_3.0.9-1_all.deb
gpg: Signature made Fri Apr 13 15:22:43 2018 CEST
gpg:                using RSA key 3D99BB18562CBC1C
[...]
gpg: Good signature from "TheHive Project (TheHive release key) <support@thehive-project.org>" [full]

@saadkadhi
Copy link
Contributor

The pubkey is located at https://github.com/TheHive-Project/TheHive/blob/master/PGP-PUBLIC-KEY.

@saadkadhi saadkadhi removed this from the 3.1.0 (Cerana 1) milestone Jun 13, 2018
@To-om To-om self-assigned this Jun 21, 2018
@To-om To-om added this to the 3.1.0 (Cerana 1) milestone Jun 21, 2018
@To-om
Copy link
Contributor

To-om commented Jun 21, 2018

It will be done in the new repository (cf. #618)

@To-om To-om closed this as completed Jun 21, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@To-om To-om

Labels
feature request
Projects
None yet
Milestone
3.1.0-RC1 (Cerana 1)
Development

No branches or pull requests
3 participants
@rolinh @saadkadhi @To-om