New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Does tfswitch verifies the sha256sums? #290
Comments
As far as I can tell it does not. The download is done by this method -> terraform-switcher/lib/download.go Line 13 in d7dfd1b
It is called from here and I don't see any signature verification until the method exits -> https://github.com/warrensbox/terraform-switcher/blob/master/lib/install.go#L136 I am not sure if |
Duplicates #160, will close this issue. |
…warrensbox#290 - added github action for testing - added test for checksum matching - add gitattributes for windows testing. if not present the lf line endings will be converted to crlf which messes with the checksum tests. - update changelog and readme
…warrensbox#290 - added github action for testing - added test for checksum matching - add gitattributes for windows testing. if not present the lf line endings will be converted to crlf which messes with the checksum tests. - update changelog and readme
…warrensbox#290 - added github action for testing - added test for checksum matching - add gitattributes for windows testing. if not present the lf line endings will be converted to crlf which messes with the checksum tests. - update changelog and readme
…warrensbox#290 - added github action for testing - added test for checksum matching - add gitattributes for windows testing. if not present the lf line endings will be converted to crlf which messes with the checksum tests. - update changelog and readme
…warrensbox#290 - added github action for testing - added test for checksum matching - add gitattributes for windows testing. if not present the lf line endings will be converted to crlf which messes with the checksum tests. - update changelog and readme
…warrensbox#290 - added github action for testing - added test for checksum matching - add gitattributes for windows testing. if not present the lf line endings will be converted to crlf which messes with the checksum tests. - update changelog and readme
…warrensbox#290 - added github action for testing - added test for checksum matching - add gitattributes for windows testing. if not present the lf line endings will be converted to crlf which messes with the checksum tests. - update changelog and readme
…warrensbox#290 - added github action for testing - added test for checksum matching - add gitattributes for windows testing. if not present the lf line endings will be converted to crlf which messes with the checksum tests. - update changelog and readme
…warrensbox#290 - added github action for testing - added test for checksum matching - add gitattributes for windows testing. if not present the lf line endings will be converted to crlf which messes with the checksum tests. - update changelog and readme
Co-authored-by: George L. Yermulnik <yz@yz.kiev.ua> - implemented check for signature and checksums for #160 and #290 - added test for checksum matching - add gitattributes for windows testing. if not present the lf line endings will be converted to crlf which messes with the checksum tests. - make public key options configurable via command line - delete hash files after checking the signatures and checksums - remove obsolete go.yml which is replaced with build.yml - move default values into defaults.go - replace unnecessary function calls with defer
When
tfswitch
downloads aterraform
binary, does it verifies thesha256sum
advertised on hashicorp release site (https://releases.hashicorp.com/terraform)?If yes, it will be good to advertise the same in the
README.md
:)The text was updated successfully, but these errors were encountered: