Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

certification archive lacks sha256sum line in json file #35

Open
judovana opened this issue May 27, 2022 · 4 comments
Open

certification archive lacks sha256sum line in json file #35

judovana opened this issue May 27, 2022 · 4 comments
Labels
enhancement New feature or request

Comments

@judovana
Copy link

where

"package": {
                        "name": "java-17-openjdk-17.0.3.0.7-4.portable.jdk.el.x86_64.tar.xz",
                        "link": "https://openjdk-sources.osci.io/marketplace/17/java-17-openjdk-17.0.3.0.7-4.portable.jdk.el.x86_64.tar.xz",
                        "sha265sum": "47156f0eaba955602c9249054aa7e69a32e71de91d96359a0a3b672980d0f10d"
                    },

Allow marketplace to identify change in LINK by changing sum, the

 "aqavit_results_link": "https://openjdk-sources.osci.io/marketplace/17/java-17-openjdk-17.0.3.0.7-4.portable.jdk.el.x86_64.cert.tar.gz"

Is lacking this, and thus not allow the marektpalce to recognize the change in the aqavit_results_link, even allows to forge the results.

Can we have aqavit_results_sha265sum field and appropriate logic, which allows updating the results if overwritten?

@judovana judovana changed the title certification archive lacks sha256shum line in json file certification archive lacks sha256sum line in json file May 27, 2022
@karianna karianna added the enhancement New feature or request label May 27, 2022
@smlambert
Copy link

Transferring to api repo, where I believe the change will need to take place to add this to the schema.

@smlambert
Copy link

@karianna - are you able to transfer this to https://github.com/adoptium/api.adoptium.net, as I appear not to have the correct permissions for the api repository to do so...

Screen Shot 2022-05-27 at 5 44 36 AM

@smlambert
Copy link

There will also be associated documentation updates to be done in https://github.com/adoptium/website-v2/blob/main/src/asciidoc-pages/docs/aqavit-verification.adoc which I can take care of, upon the updated schema being available.

@tellison
Copy link
Contributor

Agreed, and we'll need to add the checksum field to the schema and let publishers catch up before making it required. So expect multiple phases of implementation.

@gdams gdams transferred this issue from adoptium/api.adoptium.net Oct 22, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

4 participants