binding-tool icon indicating copy to clipboard operation
binding-tool copied to clipboard
Published 2 months ago verified publisher icon dmikusa

Support other checksum algorithms

Open dmikusa opened this issue 1 year ago • 8 comments

In https://github.com/dmikusa/binding-tool/issues/26 we added support for checksum = "algo:hash", but only where the algorithm is sha256.

This issue is to support additional algorithms. Supporting more algorithms is additional work because it requires modifications to the code that validates the checksums as well.

If you need support for other algorithms, please post here and indicate the algorithms you're using. Thanks

dmikusa avatar Mar 11 '24 15:03 dmikusa

the dotnet buildpack uses sha512:

https://github.com/paketo-buildpacks/dotnet-core-sdk/blob/46fd6bbfe0ce38cd38efa2c1b30dbf736313cf2a/buildpack.toml#L22C24-L22C152

dmikusa avatar Mar 12 '24 14:03 dmikusa

Is there a plan to supports sha512 in newer version?

I see dotnet core used sha512.

doddisam avatar Jun 10 '24 08:06 doddisam

Is there a plan to supports sha512 in newer version?

Yes. Follow this issue for updates.

If you'd like to submit a PR, happy to chat about what that might entail.

dmikusa avatar Jun 10 '24 12:06 dmikusa

Meanwhile, Do you know if we can add sha512 id manually in dependency secrets. I dont see sha512 field in the dotnet buildpacks builder.toml file. In java we have sha256 field and adding that to mappings works as expected.

https://github.com/paketo-buildpacks/dotnet-core-aspnet-runtime/blob/main/buildpack.toml

For java 0390f964e9cadbb0795f44b2b29d2e6755bd8b800a94fee980aed8c26766c124: https://xxx.xxx.xxx:443/artifactory/dicf/paketo-java-dependencies/binaries/spring-cloud-bindings-2.0.3.jar - Works

How to add it for dontnet since there is no sha512 field in builder.toml

Is there a way to add it for these dotnet buildpacks ?

doddisam avatar Jun 20 '24 02:06 doddisam

@doddisam The sha256 field is the old field. Going forward the field is called checksum.

For example:

checksum = "sha512:757d017db28b8e34c4b242c082aa51eb85bce8fca16af37a0beabedb271c9bd13e1631868faa131745d7784db48974567f82275da09041ba434dcb7abe821a2d"

The algorithm goes in the first part followed by a : followed by the actual check sum value.

So for the binding file, the key would be checksum and the contents would be algo:actual-checksum, from the example above sha512:757d017db28b8e34c4b242c082aa51eb85bce8fca16af37a0beabedb271c9bd13e1631868faa131745d7784db48974567f82275da09041ba434dcb7abe821a2d.

That should work. We haven't updated the Java-related buildpacks yet, so those still use the old key. At some point we'll get around to it, but it's not particularly urgent as sha256 is good enough.

dmikusa avatar Jun 21 '24 14:06 dmikusa

@dmikusa Thanks for the reply.

I am using K8's dependency mapping and this is how my secrets looks. I don't think key can have ":" in the k8's secrets. That is issue i am facing currently. Can you please check below and advice proper format ?

apiVersion: v1 kind: Secret metadata: name: dependencies type: service.binding/dependency-mapping stringData: type: dependency-mapping sha512:16cd54c431d80710a06037f8ea593e04764a80cbaad75e1db4225fbe3e7fce4c4d279f40757b9811e1c092436d2a1ca3be64c74cb190ebf78418a9865992ad12: https://xxx.xxx.xx:443/artifactory/dicf/paketo-java-dependencies/binaries/aspnetcore-runtime-8.0.6-linux-x64.tar.gz

doddisam avatar Jun 21 '24 17:06 doddisam

Oh, you're right. I forgot about that.

Modify RFC to allow checksum dependency mappings to be passed in with a _ instead of : to enable functionality on Kubernetes (: is not an allowed character).

https://github.com/paketo-buildpacks/rfcs/blob/11691011512b9f075d06c31b74ea29bb5c3e5f69/text/0010-dependency-mappings.md?plain=1#L79

So in your case it would be <algo>_<actual-checksum>.

dmikusa avatar Jun 21 '24 19:06 dmikusa

@dmikusa Thanks for your input. Its working fine

doddisam avatar Jun 22 '24 00:06 doddisam