-
Notifications
You must be signed in to change notification settings - Fork 38
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Simplify the nginx commands and verify the checksums after download #52
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the contribution. I've left some questions/comments.
echo "{{ $keys.sha512sum.initramfs }}" >> /usr/share/nginx/html/checksums.txt; | ||
wget -O /tmp/hook{{ $index }}.tar.gz {{ $keys.url }} | ||
tar -zxvf /tmp/hook{{ $index }}.tar.gz | ||
rm /tmp/hook{{ $index }}.tar.gz |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I appreciate the old code does this, but if we remove the tarball the sha512sum --check
call is redundant as it won't have anything to compute against the checksum in checksum.txt
- am I missing something?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's the strange part about the logic. It's checking the checksum of the files inside the tarball, not the tarball itself.
I would only check the tarball itself, but that change would be a breaking change. Should I do it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for clarifying.
@jacobweinstock What was the rational for this? Would you be opposed to simplifying to checking the tarball checksum? I'm in favor.
@rgl what breakages are you foreseeing? I don't think it'll be a breaking change given its the same tarball and fundamental mechanism, just a simpler implementation.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@chrisdoherty4 this would break:
As it needs to be changed into:
downloads:
- url: https://github.com/tinkerbell/hook/releases/download/v0.8.0/hook_x86_64.tar.gz
sha512sum: <hook_x86_64.tar.gz sha512 checksum would go here>
- url: https://github.com/tinkerbell/hook/releases/download/v0.8.0/hook_aarch64.tar.gz
sha512sum: <hook_aarch64.tar.gz sha512 checksum would go here>
PS: tinkering out loud, maybe we should even get rid of all of this, and make boots reference an oci oras image artifact, which would allow a machine to directly boot from an image registry like zot.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm good with this breaking change. Just checksum the tarballs. 👍🏼
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for clarifying @rgl. We aren't worried, for now, about that kind of breakage.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please check it now.
Signed-off-by: Rui Lopes <rgl@ruilopes.com>
Signed-off-by: Rui Lopes <rgl@ruilopes.com>
Signed-off-by: Rui Lopes <rgl@ruilopes.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
@Mergifyio queue
Description
Simplify the nginx commands and verify the checksums after download.
Why is this needed
Simplifies the code.
How Has This Been Tested?
Tested by launching the k8s stack in https://github.com/rgl/tinkerbell-k8s-vagrant
How are existing users impacted? What migration steps/scripts do we need?
None.
Checklist:
I have: