Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Verify SHA256 checksum of downloaded file #63

Merged
merged 3 commits into from
Jun 29, 2023
Merged

Verify SHA256 checksum of downloaded file #63

merged 3 commits into from
Jun 29, 2023

Conversation

devurandom
Copy link
Contributor

@devurandom devurandom commented Apr 24, 2023
edited
Loading

Verify the binary downloaded before unpacking or executing it, to enhance security. Opt-in by providing the sha256sum argument.

Signed-off-by: Dennis Schridde dennis@metabase.com

@DentonGentry
Copy link
Contributor

We ask that commits include a developer certificate of origin (DCO), which means a Signed-off-by line indicating someone who asserts that the code in the commit is acceptable for the open source license. That can be added to an existing PR by using:

  1. git commit --amend --signoff
  2. git push -f

@devurandom devurandom changed the title Verify SHA256 checksum of downloaded file Optionally verify SHA256 checksum of downloaded file Apr 24, 2023
@devurandom
Optionally verify SHA256 checksum of downloaded file
1bb5b23 
Signed-off-by: Dennis Schridde <dennis@metabase.com>
@devurandom
Make checksum checking unconditional but fall back to loading the che…
c7bfa08 
…cksum form the internet if not provided
@devurandom devurandom changed the title Optionally verify SHA256 checksum of downloaded file Verify SHA256 checksum of downloaded file Jun 21, 2023
willnorris
willnorris approved these changes Jun 29, 2023
View reviewed changes
Copy link
Member

@willnorris willnorris left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like all of the feedback has been incorporated, and I really like where this ended up. @DentonGentry are you okay with this? (This would be the last PR I would want to get in before tagging a v2)

@willnorris
Copy link
Member

(interesting... I've never resolved a merge conflict through the GitHub UI before. I'll squash all this down on final merge)

@DentonGentry
Copy link
Contributor

I had missed that it fetches the sha256 from pkgs.tailscale.com if not specified explicitly, that was my last objection. We can get this in, tag v2, and publish the Changelog.

@willnorris willnorris merged commit 62fddff into tailscale:main Jun 29, 2023
1 check failed
@devurandom devurandom deleted the ds/verify-download branch July 5, 2023 14:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@willnorris willnorris willnorris approved these changes

@DentonGentry DentonGentry DentonGentry approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@devurandom @DentonGentry @willnorris