ci: improve installer script #3494

mrinalwadhwa · 2022-09-19T02:09:42Z

I removed the cosign check. As I thought about it, I think there is no threat model under which that extra check is helpful. Cosign checks are useful if the user already has the ockam release public key. If they don't then first fetching the public key and then the binary from the same channel doesn't protect against any additional threats.

Same with shasum checks. If https is doing its job then validating them seems unnecessary.

In this PR I also improved the script with ideas from (MIT licensed)
https://github.com/rust-lang/rustup/blob/master/rustup-init.sh

1. remove shasum and cosign 2. improve output and help

mrinalwadhwa force-pushed the mrinal/installer branch 2 times, most recently from 466fb7e to ceff711 Compare September 19, 2022 03:28

ci: improve installer script

f39186f

1. remove shasum and cosign 2. improve output and help

mrinalwadhwa force-pushed the mrinal/installer branch from ceff711 to f39186f Compare September 19, 2022 03:34

mrinalwadhwa marked this pull request as ready for review September 19, 2022 03:35

mrinalwadhwa requested a review from a team as a code owner September 19, 2022 03:35

mrinalwadhwa added the auto-merge label Sep 19, 2022

mergify bot merged commit 16b3da2 into develop Sep 19, 2022

mrinalwadhwa deleted the mrinal/installer branch March 9, 2023 07:17

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ci: improve installer script #3494

ci: improve installer script #3494

mrinalwadhwa commented Sep 19, 2022 •

edited

ci: improve installer script #3494

ci: improve installer script #3494

Conversation

mrinalwadhwa commented Sep 19, 2022 • edited

mrinalwadhwa commented Sep 19, 2022 •

edited