You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@heron.apache.org by GitBox <gi...@apache.org> on 2018/04/06 15:33:40 UTC
[GitHub] ajorgensen opened a new pull request #2856: Add sha256 checksums for all http_archives
ajorgensen opened a new pull request #2856: Add sha256 checksums for all http_archives
URL: https://github.com/apache/incubator-heron/pull/2856
I have taken the current sha256 checksum for all of the workspace
archives so we can verify their signature on download. Since some
of the artifacts are downloaded over http, we want to make sure
there was no man in the middle attack done to change the resulting
binary. This also gives assurance that the code we are downloading
has not been tampered with in any way either over the wire or at
the source.
I used the following function:
```
checksum_remote () {
curl -L -s $1 | sha256sum | cut -d' ' -f1 | tr -d '\n'
}
```
to get the sha256 signature and then ran `bazel clean && bazel build //heron/...` to verify the signatures were correct.
Closes https://github.com/apache/incubator-heron/issues/2854
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services