Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Verify signatures of toolchains before installing #94

Merged
merged 13 commits into from
Apr 23, 2024
Merged

Verify signatures of toolchains before installing #94

merged 13 commits into from
Apr 23, 2024

Conversation

patrickfreed
Copy link
Collaborator

Closes #11

patrickfreed and others added 3 commits December 25, 2023 23:41
@patrickfreed
wip validate signatures
7f6d94e 
todo:
  - verify keys are installed, skip otherwise? or install? maybe
  confirm then install
  - add message suggesting users should report validation error?
    - maybe not in case swiftly users spam swift in error
  - add option to skip validation
  - add tests
    - integration happy path
    - mocked failed validation
      - succeed when skip validation
    - installing keys
    - gpg not installed
    - install test for installing gpg + keys
  - option to skip installing gpg + keys in install script?
@patrickfreed
finish validate signatures
9ed01cd
@patrickfreed
add --no-import-pgp-keys option to swiftly-install, update tests
e85675d
@patrickfreed
Copy link
Collaborator Author

@swift-server-bot test install please

1 similar comment
@patrickfreed
Copy link
Collaborator Author

@swift-server-bot test install please

@patrickfreed
Copy link
Collaborator Author

@swift-server-bot test please

@patrickfreed
Copy link
Collaborator Author

@swift-server-bot test install please

@patrickfreed
Copy link
Collaborator Author

@swift-server-bot test install please

patrickfreed
patrickfreed commented Mar 20, 2024
View reviewed changes
Sources/LinuxPlatform/Linux.swift Outdated Show resolved Hide resolved
Sources/LinuxPlatform/Linux.swift Outdated Show resolved Hide resolved
Sources/Swiftly/Install.swift Outdated Show resolved Hide resolved
@patrickfreed patrickfreed marked this pull request as ready for review March 20, 2024 04:11
adam-fowler
adam-fowler reviewed Mar 23, 2024
View reviewed changes
Sources/LinuxPlatform/Linux.swift Outdated Show resolved Hide resolved
Sources/LinuxPlatform/Linux.swift Outdated Show resolved Hide resolved
Sources/Swiftly/Install.swift Outdated Show resolved Hide resolved
Sources/Swiftly/Install.swift Outdated Show resolved Hide resolved
Sources/LinuxPlatform/Linux.swift Outdated Show resolved Hide resolved
Sources/LinuxPlatform/Linux.swift Outdated Show resolved Hide resolved
Sources/Swiftly/Install.swift Outdated Show resolved Hide resolved
@patrickfreed patrickfreed mentioned this pull request Apr 19, 2024
Closed
@adam-fowler
Copy link
Member

adam-fowler commented Apr 19, 2024
edited

If you don't have any of the requirements to check the toolchain signature, you get an error message after downloading the tar ball. You do as suggested and then have to download the tar ball again. Perhaps we should verify for the existence of gpg and that the swift PGP keys have been imported before we do the download.

Otherwise we are good

@adam-fowler
Copy link
Member

Also RHEL and AL2 are failing

@patrickfreed
Copy link
Collaborator Author

@swift-server-bot test install please

@patrickfreed
Copy link
Collaborator Author

The failure on 18.04 is due to swift.org not publishing the latest snapshots for that platform. I filed apple/swift-org-website#647 to look into it. If swift.org has indeed stopped publishing releases for 18.04, we may have to consider dropping support for it, at least for snapshot installations.

@patrickfreed patrickfreed merged commit 90606f3 into swift-server:main Apr 23, 2024
5 of 6 checks passed
@adam-fowler
Copy link
Member

Yeah Swift have stopped supporting 18.04
https://forums.swift.org/t/dropping-support-for-ubuntu-18-04/69561

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adam-fowler adam-fowler adam-fowler approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Validate toolchain signatures before installation
2 participants
@patrickfreed @adam-fowler