shellcheck icon indicating copy to clipboard operation
shellcheck copied to clipboard
verified publisher icon koalaman

Request to Add Checksums to Releases

Open holmanb opened this issue 5 years ago • 2 comments

  • [ ] https://github.com/koalaman/shellcheck/releases/ currently doesn't provide checksums with releases

holmanb avatar Feb 03 '21 19:02 holmanb

I second this request.

I believe a file of release archive SHA-256 checksums (e.g., as generated by sha256sum) included in each new GitHub release would be helpful for automation.

For example, when pinning and installing a specific version of ShellCheck via a script in a CI pipeline, the DevOps engineer must currently pre-download the archive, calculate the checksum, and store it in the script or an env var. Ideally, the engineer could provide only the desired version to the script, which could then compare the downloaded archive against the published release checksum as a basic form of integrity checking.

Note that I am not asking the project to retrofit previous releases with checksums, only add them to future releases.

Thanks for your time and this incredible tool!

bryanburke avatar Jul 16 '22 19:07 bryanburke

Same here, we compare checksums to make sure we're not getting altered source code packages when rebuilding images. Getting these with the release would help very much.

dinapappor avatar Sep 05 '22 09:09 dinapappor