Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Terraform: Hashes for MacOS binaries have changed (Cherry-pick of #19004) #19136

Merged
merged 1 commit into from May 24, 2023
Merged

Terraform: Hashes for MacOS binaries have changed (Cherry-pick of #19004) #19136

merged 1 commit into from May 24, 2023

Conversation

stuhood
Copy link
Sponsor Member

@stuhood stuhood commented May 24, 2023

Related to their change in signing keys and certs because of HCSEC-2023-01, specifically the guidance here

Action for customers:
After certificate revocation, users are expected to encounter errors using Apple artifacts that were downloaded before January 23rd.
Users will need to re-download Apple artifacts from the Releases Site, which have been signed using the new certificate.

Probably the cert bakes a signature into the artifact, so it looks like just rerunning the build-support script to get the new versions is the correct course of action.

Also adds more recent versions and bumps the default version (old one was EOL)

Should resolve #18488

@lilatomic @stuhood
Terraform: Hashes for MacOS binaries have changed (pantsbuild#19004)
0984b00 
Related to their change in signing keys and certs because of
[HCSEC-2023-01](https://discuss.hashicorp.com/t/hcsec-2023-01-hashicorp-response-to-circleci-security-alert/48842/1),
specifically the [guidance
here](https://support.hashicorp.com/hc/en-us/articles/13177506317203)

> Action for customers:
> After certificate revocation, users are expected to encounter errors
using Apple artifacts that were downloaded before January 23rd.
> Users will need to re-download Apple artifacts from the Releases Site,
which have been signed using the new certificate.

Probably the cert bakes a signature into the artifact, so it looks like
just rerunning the build-support script to get the new versions is the
correct course of action.

Also adds more recent versions and bumps the default version (old one
was EOL)

Should resolve pantsbuild#18488
@stuhood stuhood requested review from kaos and lilatomic May 24, 2023 17:56
@stuhood stuhood merged commit 5d382ae into pantsbuild:2.17.x May 24, 2023
24 checks passed
@stuhood stuhood deleted the cherry-pick-19004-to-2.17.x branch May 24, 2023 19:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kaos kaos Awaiting requested review from kaos

@lilatomic lilatomic Awaiting requested review from lilatomic

Assignees
No one assigned
Labels
category:user api change
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@stuhood @lilatomic