Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Validate downloaded binaries #10021

Closed
gmarek opened this issue Jun 18, 2015 · 8 comments
Closed

Validate downloaded binaries #10021

gmarek opened this issue Jun 18, 2015 · 8 comments
Assignees
@zmerlynn
Labels
sig/node Categorizes an issue or PR as relevant to SIG Node.
Milestone
v1.0

Comments

@gmarek
Copy link
Contributor

gmarek commented Jun 18, 2015

Today during short hands on session we run into a problem which looked like corrupted Kubelet archive. Do we validate those when we upload them to salt master/download it through salt (or does the salt does this for us)?
@gmarek gmarek added this to the v1.0-candidate milestone Jun 18, 2015
@gmarek
Copy link
Contributor Author

gmarek commented Jun 18, 2015

@zmerlynn ?

@zmerlynn
Copy link
Member

No. A couple of months ago, I put all the machinery in place to allow this to happen, but the actual validation wasn't added. There's a sha1 and md5 in the bucket, though:

$ gsutil ls gs://kubernetes-release/release/v0.19.1/
gs://kubernetes-release/release/v0.19.1/kubernetes-client-darwin-386.tar.gz
gs://kubernetes-release/release/v0.19.1/kubernetes-client-darwin-386.tar.gz.md5
gs://kubernetes-release/release/v0.19.1/kubernetes-client-darwin-386.tar.gz.sha1
gs://kubernetes-release/release/v0.19.1/kubernetes-client-darwin-amd64.tar.gz
gs://kubernetes-release/release/v0.19.1/kubernetes-client-darwin-amd64.tar.gz.md5
gs://kubernetes-release/release/v0.19.1/kubernetes-client-darwin-amd64.tar.gz.sha1
gs://kubernetes-release/release/v0.19.1/kubernetes-client-linux-386.tar.gz
gs://kubernetes-release/release/v0.19.1/kubernetes-client-linux-386.tar.gz.md5
gs://kubernetes-release/release/v0.19.1/kubernetes-client-linux-386.tar.gz.sha1
gs://kubernetes-release/release/v0.19.1/kubernetes-client-linux-amd64.tar.gz
gs://kubernetes-release/release/v0.19.1/kubernetes-client-linux-amd64.tar.gz.md5
gs://kubernetes-release/release/v0.19.1/kubernetes-client-linux-amd64.tar.gz.sha1
gs://kubernetes-release/release/v0.19.1/kubernetes-client-linux-arm.tar.gz
gs://kubernetes-release/release/v0.19.1/kubernetes-client-linux-arm.tar.gz.md5
gs://kubernetes-release/release/v0.19.1/kubernetes-client-linux-arm.tar.gz.sha1
gs://kubernetes-release/release/v0.19.1/kubernetes-client-windows-amd64.tar.gz
gs://kubernetes-release/release/v0.19.1/kubernetes-client-windows-amd64.tar.gz.md5
gs://kubernetes-release/release/v0.19.1/kubernetes-client-windows-amd64.tar.gz.sha1
gs://kubernetes-release/release/v0.19.1/kubernetes-salt.tar.gz
gs://kubernetes-release/release/v0.19.1/kubernetes-salt.tar.gz.md5
gs://kubernetes-release/release/v0.19.1/kubernetes-salt.tar.gz.sha1
gs://kubernetes-release/release/v0.19.1/kubernetes-server-linux-amd64.tar.gz
gs://kubernetes-release/release/v0.19.1/kubernetes-server-linux-amd64.tar.gz.md5
gs://kubernetes-release/release/v0.19.1/kubernetes-server-linux-amd64.tar.gz.sha1
gs://kubernetes-release/release/v0.19.1/kubernetes-test.tar.gz
gs://kubernetes-release/release/v0.19.1/kubernetes-test.tar.gz.md5
gs://kubernetes-release/release/v0.19.1/kubernetes-test.tar.gz.sha1
gs://kubernetes-release/release/v0.19.1/kubernetes.tar.gz
gs://kubernetes-release/release/v0.19.1/kubernetes.tar.gz.md5
gs://kubernetes-release/release/v0.19.1/kubernetes.tar.gz.sha1

@gmarek
Copy link
Contributor Author

gmarek commented Jun 18, 2015

Can someone with enough power triage this? @davidopp @thockin @brendanburns

IMO it should go to v1 - it's really annoying experience on flaky network (e.g. on conferences) and one needs to know to check startupscript logs to figure out that this is a problem.

@zmerlynn
Copy link
Member

You want me to work something up? I know this path really well.

@gmarek
Copy link
Contributor Author

gmarek commented Jun 18, 2015

Well, I don't know if someone else considers it's v1. I'm going to have hands on session next Thursday, so I'd be really happy to have it fixed, but that's just me.

@thockin
Copy link
Member

thockin commented Jun 18, 2015

I think it makes sense to scope for v1

On Thu, Jun 18, 2015 at 7:24 AM, Marek Grabowski notifications@github.com
wrote:

Well, I don't know if someone else considers it's v1. I'm going to have
hands on session next Thursday, so I'd be really happy to have it fixed,
but that's just me.


Reply to this email directly or view it on GitHub
#10021 (comment)
.

@zmerlynn
Copy link
Member

I've got a PR in flight.

@zmerlynn zmerlynn self-assigned this Jun 18, 2015
@zmerlynn
Copy link
Member

(It was trivial and I noticed a little bug while I was glancing around anyways.)

@zmerlynn zmerlynn changed the title Do we validate Kubelet binaries? Validate downloaded binaries Jun 18, 2015
@gmarek gmarek modified the milestones: v1.0, v1.0-candidate Jun 18, 2015
@zmerlynn zmerlynn mentioned this issue Jun 18, 2015
Merged
zmerlynn added a commit to zmerlynn/kubernetes that referenced this issue Jun 18, 2015
@zmerlynn
Validate binaries downloaded from GCS:
d8da39e 
* Set SHA1 for Kubernetes server binary and Salt tar in kube-env.
* Check SHA1 in configure-vm.sh. If the env variable isn't available,
download the SHA1 from GCS and double check that.
* Fixes a bug in the devel path where we were actually uploading the
wrong sha1 to the bucket.

Fixes kubernetes#10021
@satnam6502 satnam6502 added the sig/node Categorizes an issue or PR as relevant to SIG Node. label Jun 18, 2015
zmerlynn added a commit to zmerlynn/kubernetes that referenced this issue Jul 5, 2015
@zmerlynn
Validate binaries downloaded from GCS:
125605e 
* Set SHA1 for Kubernetes server binary and Salt tar in kube-env.
* Check SHA1 in configure-vm.sh. If the env variable isn't available,
download the SHA1 from GCS and double check that.
* Fixes a bug in the devel path where we were actually uploading the
wrong sha1 to the bucket.

Fixes kubernetes#10021
zmerlynn added a commit to zmerlynn/kubernetes that referenced this issue Jul 8, 2015
@zmerlynn
Validate binaries downloaded from GCS:
8dce552 
* Set SHA1 for Kubernetes server binary and Salt tar in kube-env.
* Check SHA1 in configure-vm.sh. If the env variable isn't available,
download the SHA1 from GCS and double check that.
* Fixes a bug in the devel path where we were actually uploading the
wrong sha1 to the bucket.

Fixes kubernetes#10021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@zmerlynn zmerlynn

Labels
sig/node Categorizes an issue or PR as relevant to SIG Node.
Projects
None yet
Milestone
v1.0
Development

No branches or pull requests
4 participants
@gmarek @zmerlynn @thockin @satnam6502