Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add sha256sum (or other) verification to downloaded files #19

Open
ts-kris opened this issue Jun 5, 2023 · 0 comments
Open

Add sha256sum (or other) verification to downloaded files #19

ts-kris opened this issue Jun 5, 2023 · 0 comments
Labels
bug Something isn't working

Comments

@ts-kris
Copy link
Contributor

ts-kris commented Jun 5, 2023

Currently, fetch_tar implements downloading the file, if a shasum does not exist, create one from the downloaded file. This is problematic as it would not catch a corrupt (or malicious) download and the whole system would continue to happily use it.

I've implemented a very rudimentary mechanism in fetch_blob that will read an arbitrary file passed to the script and use that as a check file for sha256sum. This works, but is really clunky. Ideally would want to streamline all of the hashing in to a separate process that each fetch_ mechanism could call so its not built in to the fetch_ script itself.
@ts-kris ts-kris added the bug Something isn't working label Jun 5, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ts-kris