Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Cryptographic Digests to GitHub Releases Body #850

Closed
justaugustus opened this issue Aug 18, 2019 · 6 comments
Closed

Add Cryptographic Digests to GitHub Releases Body #850

justaugustus opened this issue Aug 18, 2019 · 6 comments
Assignees
@justaugustus
Labels
area/release-eng Issues or PRs related to the Release Engineering subproject kind/feature Categorizes issue or PR as related to a new feature. lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. sig/release Categorizes an issue or PR as relevant to SIG Release.
Milestone
v1.16

Comments

@justaugustus
Copy link
Member

justaugustus commented Aug 18, 2019
edited
Loading

Please consider adding cryptographic digests for the files released in this project. Commonly called SHA256SUMS files they can be easily generated using the common sha256sum tool on most systems

sha256sum * > SHA256SUMS

Alternatively, there are some release automation tools that can build these files automatically.

Besides being a useful practice for download verification I would also like to use the SHA256SUMS as a way to ensure the releases aren't tampered with and track when they are modified. There is a tool called rget that can do this if you provide SHA256SUMS for your releases.

The rget tool also has a subcommand to make it easy to create SHA256SUMS for existing releases, just run:

rget github publish-release-sums https://github.com/REPLACE_ORG/REPLACE_PROJ/releases/tag/v2.0

Thanks!

Additional tracking issues:

/assign
/cc @philips @kubernetes/sig-release-admins @kubernetes/release-engineering
/milestone v1.16
/priority important-longterm
/kind feature
@k8s-ci-robot k8s-ci-robot added the priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. label Aug 18, 2019
@k8s-ci-robot k8s-ci-robot added this to the v1.16 milestone Aug 18, 2019
@k8s-ci-robot k8s-ci-robot added the kind/feature Categorizes issue or PR as related to a new feature. label Aug 18, 2019
@justaugustus
Copy link
Member Author

Phase 0 of this work is here: #849

@justaugustus justaugustus mentioned this issue Aug 18, 2019
Merged
@justaugustus
Copy link
Member Author

Original request from @philips: https://github.com/kubernetes/kubernetes/issues/70132#issuecomment-518297891

Mailing list discussion: https://groups.google.com/d/msg/kubernetes-sig-release/R_-VwBk-JUo/-tQk-JzNAgAJ

cc: @dims

@justaugustus
Copy link
Member Author

Bookmark to notes from today's WG K8s Infra meeting: https://docs.google.com/document/d/16VBfsFMynA7tObzuZGPpw-sKDKfFc_T5W_E4IeEIaOQ/edit#bookmark=id.nrt4nqi4a038

@fejta-bot
Copy link

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Nov 19, 2019
@philips
Copy link

philips commented Nov 19, 2019

This can be closed. rget is going to execute on a design to support arbitrary URLs merklecounty/rget#10 (comment)

/close

@k8s-ci-robot
Copy link
Contributor

@philips: Closing this issue.

In response to this:

This can be closed. rget is going to execute on a design to support arbitrary URLs merklecounty/rget#10 (comment)

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@justaugustus justaugustus added sig/release Categorizes an issue or PR as relevant to SIG Release. area/release-eng Issues or PRs related to the Release Engineering subproject labels Dec 9, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@justaugustus justaugustus

Labels
area/release-eng Issues or PRs related to the Release Engineering subproject kind/feature Categorizes issue or PR as related to a new feature. lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. sig/release Categorizes an issue or PR as relevant to SIG Release.
Projects
None yet
Milestone
v1.16
Development

No branches or pull requests
4 participants
@philips @justaugustus @k8s-ci-robot @fejta-bot