Add (or default to) a "strict" mode which requires specifying size/hash

[sureshjoshi]

For files, you can supply a "size" and sha256 "hash". Without these the boot-pack will calculate them, but you may want to set them in advance as a security precaution. The scie-jump will refuse to operate on any file whose size or hash do not match those specified.

Just thinking long-term updates, and supply-chain attacks - might be nice to have the ability to enforce adding that information.

Not urgent, either - might even be useful to wait for some stability and more usage to see if there is another angle.

[jsirois]

In case it's not clear, file size and hash are required in the scie and at runtime. They're also required at build time when assembling the scie via cat. Its only when building a scie via the scie-jump boot pack that the size and hash are not required, but instead filled in immediately by measuring the local seed files you've just fed to the scie-jump. Put another way, scies always contain fully specified lift manifests or else they do not run. So this feature would look like scie-jump --trust-me to gain back the current behavior if the default for the scie-jump boot pack were made to behave like building via cat and require sizes and hashes by default.

[jsirois]

For example, using the java example:

$ cat ../../dist/scie-jump-linux-x86_64 amazon-corretto-11.0.17.8.1-linux-x64.tar.gz coursier.jar <(echo) <(jq -c . lift.linux-x86_64.json) > coursier && chmod +x coursier
$ SCIE=inspect ./coursier
Error: Failed to prepare a scie jump action: The scie at /home/jsirois/dev/a-scie/jump/examples/java/coursier has a lift manifest with no scie-jump information.

So just trying to use the lift manifest checked in there immediately gets you into trouble at runtime. Not only are the files strict at runtime, but the need for a "jump" object is not met, scuttling the launch.

There is a bug here though. If the scie is deployed and it happens to both have a lift with no sizes and hashes but it happens to be deposited in a directory with loose files at just the right paths to satify the file names in its embedded manifest, it will currently hash them and accept the results! That is not intended. I'll work up a fix. Filed #26

[sureshjoshi]

Ah, right. 🤦🏽

While writing this ticket, I had it in my head that scie-jump was also downloading files - I forgot that the files are already downloaded to the location where the scie is being prepared. So, the hash + size check needs to be on acquisition of the files, not the packaging step.

I think it was because I was reading the updated docs while doing some updates to my scie Pants plugin, and I conflated the acquisition (done in Pants, requiring the size and hash) with the final packaging step of the already downloaded/created files.

Closing.