Skip to content

Commit

Permalink
Verify default bundles downloaded from mirror.openshift.com
Browse files Browse the repository at this point in the history
this removes the hardcoded hashes for each bundle and instead
directly gets the bundle hash from the sha256sum.txt.sig file
at mirror.openshift.com by using the helper from the previous
commit which returns gpg verified hash for the default bundle
  • Loading branch information
anjannath committed Apr 18, 2023
1 parent a647747 commit a156222
Show file tree
Hide file tree
Showing 4 changed files with 12 additions and 87 deletions.
8 changes: 8 additions & 0 deletions pkg/crc/constants/constants.go
Original file line number Diff line number Diff line change
Expand Up @@ -116,6 +116,14 @@ func GetDefaultBundlePath(preset crcpreset.Preset) string {
return filepath.Join(MachineCacheDir, GetDefaultBundle(preset))
}

func GetDefaultBundleDownloadURL(preset crcpreset.Preset) string {
return fmt.Sprintf(DefaultBundleURLBase,
preset.String(),
version.GetBundleVersion(preset),
GetDefaultBundle(preset),
)
}

func GetDefaultBundleSignedHashURL(preset crcpreset.Preset) string {
return fmt.Sprintf(DefaultBundleURLBase,
preset.String(),
Expand Down
37 changes: 0 additions & 37 deletions pkg/crc/machine/bundle/constants.go

This file was deleted.

34 changes: 0 additions & 34 deletions pkg/crc/machine/bundle/constants_test.go

This file was deleted.

20 changes: 4 additions & 16 deletions pkg/crc/machine/bundle/metadata.go
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,6 @@ import (
"path"
"path/filepath"
"regexp"
"runtime"
"strconv"
"strings"
"time"
Expand Down Expand Up @@ -291,23 +290,12 @@ func GetBundleNameFromURI(bundleURI string) string {
}
}

type presetDownloadInfo map[crcPreset.Preset]*download.RemoteFile
type bundlesDownloadInfo map[string]presetDownloadInfo

func getBundleDownloadInfo(preset crcPreset.Preset) (*download.RemoteFile, error) {
bundles, ok := bundleLocations[runtime.GOARCH]
if !ok {
return nil, fmt.Errorf("Unsupported architecture: %s", runtime.GOARCH)
}
presetdownloadInfo, ok := bundles[runtime.GOOS]
if !ok {
return nil, fmt.Errorf("Unknown GOOS: %s", runtime.GOOS)
}
downloadInfo, ok := presetdownloadInfo[preset]
if !ok {
return nil, fmt.Errorf("Unknown preset: %s", preset)
sha256sum, err := getDefaultBundleVerifiedHash(preset)
if err != nil {
return nil, fmt.Errorf("unable to get verified hash for default bundle: %w", err)
}

downloadInfo := download.NewRemoteFile(constants.GetDefaultBundleDownloadURL(preset), sha256sum)
return downloadInfo, nil
}

Expand Down

0 comments on commit a156222

Please sign in to comment.