-
Notifications
You must be signed in to change notification settings - Fork 54
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Correctly package binaries for linux-arm64 . #3810
Conversation
rgrunber
commented
Jan 16, 2024
•
edited
edited
- The release workflow should ensure we package the linux-arm64 binaries for a tool into the corresponding vsix, as opposed to the amd64 versions
- Update filename metadata for helm on linux-arm64
src/tools.json
Outdated
@@ -65,7 +65,7 @@ | |||
}, | |||
"darwin-arm64": { | |||
"url": "https://mirror.openshift.com/pub/openshift-v4/clients/ocp/4.14.7/openshift-client-mac-arm64-4.14.7.tar.gz", | |||
"sha256sum": "5f045d5aa7db7e3dd2b125c5f940112a541b77726ad99e9f6b00827f9dee1621", | |||
"sha256sum": "d97b84603382e24c9927150b8bfe83be89b0e63f74a593d59022483a8d039600", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The sha256sum of the downloaded .tar.gz
does not match the expected sha256sum given on the OpenShift mirror website from which the tarball is downloaded.
Here is the sum reported by the OpenShift mirror website: https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/4.14.7/sha256sum.txt . It's the old one that Victor added (5f045...
).
This might signal that the openshift executable for Apple Silicon is malicious.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@datho7561 if you download the tarball and do a sha256sum, it's d97b84603382e24c9927150b8bfe83be89b0e63f74a593d59022483a8d039600
, not 5f045d5aa7db7e3dd2b125c5f940112a541b77726ad99e9f6b00827f9dee1621
. https://github.com/rgrunber/vscode-openshift-tools/actions/runs/7543842946/job/20535768459 .
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The checksum is taken from https://mirror.openshift.com/pub/openshift-v4/clients/ocp/4.14.7/sha256sum.txt
file, from the following row:
5f045d5aa7db7e3dd2b125c5f940112a541b77726ad99e9f6b00827f9dee1621 openshift-client-mac-arm64-4.14.7.tar.gz
So, even if its value is wrong, it's not our fault.
Maybe it'll be better if we'll be really downloading and calculating the checksums when we check for the version updates?
PS: Or the value is really a correct one, but @rgrunber has some other data cached for the binary and as such performs the wrong calculation. Quite possible.
PPS: And yes, for some reason the sha256 provided by the download site differs from what is calculated by sha256sum
:
$ wget https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/4.14.7/openshift-client-mac-arm64-4.14.7.tar.gz
...
HTTP request sent, awaiting response... 200 OK
Length: 51868999 (49M) [application/x-tar]
Saving to: ‘openshift-client-mac-arm64-4.14.7.tar.gz’
...
2024-01-16 20:33:04 (2.67 MB/s) - ‘openshift-client-mac-arm64-4.14.7.tar.gz’ saved [51868999/51868999]
$ sha256sum openshift-client-mac-arm64-4.14.7.tar.gz
d97b84603382e24c9927150b8bfe83be89b0e63f74a593d59022483a8d039600 openshift-client-mac-arm64-4.14.7.tar.gz
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me.
PS: Probably we have to file an issue for https://mirror.openshift.com/pub/openshift-v4/clients maintainers regarding the wrong sha256 checksums.
79b23df
to
ab51c07
Compare
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #3810 +/- ##
=======================================
Coverage 32.41% 32.41%
=======================================
Files 85 85
Lines 6396 6396
Branches 1321 1321
=======================================
Hits 2073 2073
Misses 4323 4323 ☔ View full report in Codecov by Sentry. |
- The release workflow should ensure we package the linux-arm64 binaries for a tool into the corresponding vsix, as opposed to the amd64 versions - Update filename metadata for helm on linux-arm64 Signed-off-by: Roland Grunberg <rgrunber@redhat.com>
ab51c07
to
b66b901
Compare