Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Move artifact to the expected location #2322

Merged
merged 1 commit into from
Jan 8, 2021
Merged

Move artifact to the expected location #2322

merged 1 commit into from
Jan 8, 2021

Conversation

fredrikekre
Copy link
Member

@fredrikekre fredrikekre commented Jan 8, 2021
edited
Loading

Move artifact to the expected location when tree hash computation goes wrong, fixes #2317.

Probably need to update some tests. Nope, but added one.

@fredrikekre fredrikekre mentioned this pull request Jan 8, 2021
Closed
@staticfloat
Copy link
Member

Are we okay with this? I'm not sure we should be installing something with an incorrect hash by default. I would rather we only do this if the user has exported JULIA_PKG_IGNORE_HASHES=1 or something, because this is the only check that prevents a nightmare scenario like e.g. a compromised Pkg server sending out viruses to everyone. Disabling this check completely breaks the chain of trust, so I think we should treat it like -k on curl. Useful in rare situations, but definitely not something you want on by default.

@fredrikekre
Copy link
Member Author

Sure, having an option seems fine.

@fredrikekre
Copy link
Member Author

Should probably revert #1885 too then

@fredrikekre
Make tree hash mismatch fatal again and use
74c9ec5 
    JULIA_PKG_IGNORE_HASHES=1
to manually ignore them, fixes #2317.
@fredrikekre fredrikekre merged commit c1e31ab into master Jan 8, 2021
@fredrikekre fredrikekre deleted the fe/hash branch January 8, 2021 18:37
fredrikekre added a commit that referenced this pull request Jan 13, 2021
@fredrikekre
Make tree hash mismatch fatal again (#2322)
32c5a0f 
Make tree hash mismatch fatal again and use
    JULIA_PKG_IGNORE_HASHES=1
to manually ignore them, fixes #2317.
(cherry picked from commit c1e31ab, PR #2322)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@staticfloat staticfloat staticfloat approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Artifact hashes wrong on MacOS when depot resides on a FAT32 drive
2 participants
@fredrikekre @staticfloat