bitcoin-kmp icon indicating copy to clipboard operation
bitcoin-kmp copied to clipboard
verified publisher icon ACINQ

Verify dependency checksums

Open sstone opened this issue 10 months ago • 5 comments

We add a file that contains SHA512 checksums for all our dependencies, which will be verified during the build (checksum verification is automatically enabled when gradle/verification-metadata.xml is present).

sstone avatar Feb 03 '25 13:02 sstone

Why are you going with SHA256 here, but went with SHA512 in eclair?

pm47 avatar Feb 03 '25 13:02 pm47

Why are you going with SHA256 here, but went with SHA512 in eclair?

No reason I'll switch to SHA512 to be consistent with eclair.

sstone avatar Feb 03 '25 13:02 sstone

Same comment as eclair, can you document how you initially generated those checksums, and the process to update them easily?

t-bast avatar Feb 04 '25 07:02 t-bast

Same comment as eclair, can you document how you initially generated those checksums, and the process to update them easily?

Done in https://github.com/ACINQ/bitcoin-kmp/pull/143/commits/b1bed42fee92ee1c50096e36e6dfac70771c7a61. Checksums were initially generated with gradle and verified on 3 different machines (excluding github CI).

sstone avatar Feb 04 '25 08:02 sstone

What a mess!! Idea ( 2024.3.2.2) is completely broken now and cannot load the project properly unless I remove verification-metadata.xml ...

sstone avatar Feb 11 '25 13:02 sstone