Correctly package binaries for linux-arm64 . #3810
Conversation
rgrunber
commented
Jan 16, 2024
•
rgrunber
commented
- The release workflow should ensure we package the linux-arm64 binaries for a tool into the corresponding vsix, as opposed to the amd64 versions
- Update filename metadata for helm on linux-arm64
src/tools.json
Outdated
| @@ -65,7 +65,7 @@ | |||
| }, | |||
| "darwin-arm64": { | |||
| "url": "https://mirror.openshift.com/pub/openshift-v4/clients/ocp/4.14.7/openshift-client-mac-arm64-4.14.7.tar.gz", | |||
| "sha256sum": "5f045d5aa7db7e3dd2b125c5f940112a541b77726ad99e9f6b00827f9dee1621", | |||
| "sha256sum": "d97b84603382e24c9927150b8bfe83be89b0e63f74a593d59022483a8d039600", | |||
There was a problem hiding this comment.
The sha256sum of the downloaded .tar.gz does not match the expected sha256sum given on the OpenShift mirror website from which the tarball is downloaded.
Here is the sum reported by the OpenShift mirror website: https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/4.14.7/sha256sum.txt . It's the old one that Victor added (5f045...).
This might signal that the openshift executable for Apple Silicon is malicious.
There was a problem hiding this comment.
@datho7561 if you download the tarball and do a sha256sum, it's d97b84603382e24c9927150b8bfe83be89b0e63f74a593d59022483a8d039600, not 5f045d5aa7db7e3dd2b125c5f940112a541b77726ad99e9f6b00827f9dee1621. https://github.com/rgrunber/vscode-openshift-tools/actions/runs/7543842946/job/20535768459 .
There was a problem hiding this comment.
The checksum is taken from https://mirror.openshift.com/pub/openshift-v4/clients/ocp/4.14.7/sha256sum.txt file, from the following row:
5f045d5aa7db7e3dd2b125c5f940112a541b77726ad99e9f6b00827f9dee1621 openshift-client-mac-arm64-4.14.7.tar.gz
So, even if its value is wrong, it's not our fault.
Maybe it'll be better if we'll be really downloading and calculating the checksums when we check for the version updates?
PS: Or the value is really a correct one, but @rgrunber has some other data cached for the binary and as such performs the wrong calculation. Quite possible.
PPS: And yes, for some reason the sha256 provided by the download site differs from what is calculated by sha256sum:
$ wget https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/4.14.7/openshift-client-mac-arm64-4.14.7.tar.gz
...
HTTP request sent, awaiting response... 200 OK
Length: 51868999 (49M) [application/x-tar]
Saving to: ‘openshift-client-mac-arm64-4.14.7.tar.gz’
...
2024-01-16 20:33:04 (2.67 MB/s) - ‘openshift-client-mac-arm64-4.14.7.tar.gz’ saved [51868999/51868999]
$ sha256sum openshift-client-mac-arm64-4.14.7.tar.gz
d97b84603382e24c9927150b8bfe83be89b0e63f74a593d59022483a8d039600 openshift-client-mac-arm64-4.14.7.tar.gz
There was a problem hiding this comment.
Looks good to me.
PS: Probably we have to file an issue for https://mirror.openshift.com/pub/openshift-v4/clients maintainers regarding the wrong sha256 checksums.
rgrunber
force-pushed
the
fix-darwin-arm
branch
from
79b23df
to
ab51c07
Compare
rgrunber
changed the title
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #3810 +/- ##
=======================================
Coverage 32.41% 32.41%
=======================================
Files 85 85
Lines 6396 6396
Branches 1321 1321
=======================================
Hits 2073 2073
Misses 4323 4323 ☔ View full report in Codecov by Sentry. |
- The release workflow should ensure we package the linux-arm64 binaries for a tool into the corresponding vsix, as opposed to the amd64 versions - Update filename metadata for helm on linux-arm64 Signed-off-by: Roland Grunberg <rgrunber@redhat.com>
rgrunber
force-pushed
the
fix-darwin-arm
branch
from
ab51c07
to
b66b901
Compare
