Closed suzuki-shunsuke closed 1 year ago
- type: github_release
repo_owner: suzuki-shunsuke
repo_name: github-comment
asset: 'github-comment_{{trimV .Version}}_{{.OS}}_amd64.tar.gz'
description: CLI to create a GitHub comment
checksum:
filename: 'github-comment_{{trimV .Version}}_checksums.txt'
format: goreleaser
algorithm: sha256
# how to extract the checksum from file
# Algorithm to be used.
# Accepted options are sha256, sha512, sha1, crc32, md5, sha224 and sha384.
# Default is sha256.
algorithm: sha256
9568289b4cabb368771b2cd92575b9474ced9865b092f13cecf992cfcf908bae github-comment_4.0.1_linux_amd64.tar.gz
b5c06ff10364f136ccfa65e8bd0a4154bef94d79910fab41413b756c51520224 github-comment_4.0.1_windows_amd64.tar.gz
fb3b75af28078dbeef9c9dde95955fa7877623c8f77d3ebaaba4990764fb6c8e github-comment_4.0.1_darwin_amd64.tar.gz
aqua.checksum.json
{
"packages": [
{
"name": "suzuki-shunsuke/github-comment@v4.0.0",
"assets": [
{
"id": "github-comment_4.0.1_linux_amd64.tar.gz",
"checksum": "9568289b4cabb368771b2cd92575b9474ced9865b092f13cecf992cfcf908bae"
}
]
}
]
}
Create or update file when aqua i is run. Get checksum when file is donwloaded.
I gave up this idea once, but I reconsider it.
I've implemented basic feature by #794 .
It works as expected, but it is difficult to merge this for now because it harms the user experience of aqua.
We have to maintain .aqua-checksums.json
.
When we update tools by Renovate, we have to update .aqua-checksums.json
too.
The checksum would be different per OS and CPU architecture.
Some users would be confused by unexpected changes of .aqua-checksums.json
.
We have to solve the problem.
I'm working on this.
aqua.yaml
checksum:
enabled: true
checksum:
type: github_release
algorithm: sha256
path: tfcmt_{{trimV .Version}}_checksums.txt
file_format: regexp
pattern:
checksum: ^(.{64})
file: ^.{64} (.*)$
tfcmt_3.2.5_checksums.txt
2397316c12b9e8be8756fde576607fe6d0eb7ddc2bc6ed78b55b787167847ecd tfcmt_darwin_arm64.tar.gz
4e7951939337b45ff150d00b8cef8eba1c011232290d6902b0895740a20dfdb0 tfcmt_linux_arm64.tar.gz
652fced48841530601f7baef6150547820392c0498929e7a7d9a90c298d9abce tfcmt_windows_arm64.tar.gz
90a36e8d0c373ff22755aa8231c3b37deb3e3f03d3f048017b6c51296114a4cf tfcmt_windows_amd64.tar.gz
93899f8cce451c007740493f32187625418bebbe7ec9fa975cf865fa65bd5f06 tfcmt_darwin_amd64.tar.gz
e23730b18d1ae83242f0d0b48ceeb2db71f55b5ef44426cc2830f98f8b571a3c tfcmt_linux_amd64.tar.gz
Download checksum files and create or update .aqua-checksum.json
$ aqua update-checksum
If checksum isn't found in .aqua-checksums.json
, aqua tries to download checksum file and get checksums from it.
.aqua-checksums.json
for future updateAdd a field checksums
.
{
"checksums": {
"github_release/github.com/suzuki-shunsuke/tfcmt/v3.3.0/tfcmt_darwin_amd64.tar.gz": "dc057c1eab3c0e254f7e0a668096ca2dd79216106a3d6597811a0d91709068aa",
"github_release/github.com/suzuki-shunsuke/tfcmt/v3.3.0/tfcmt_darwin_arm64.tar.gz": "e163468dac3cf8da437d5da993b6e9874f97e28de7cfc276cac35f6ab03e3410",
"github_release/github.com/suzuki-shunsuke/tfcmt/v3.3.0/tfcmt_linux_amd64.tar.gz": "08bbbb54ce7a068f54fcf0e32b3fbd80025eae3f48126296f607223e084cf443",
"github_release/github.com/suzuki-shunsuke/tfcmt/v3.3.0/tfcmt_linux_arm64.tar.gz": "f50f44900eae2ebd041f262c93b7f145f0fe8166f9b84e500ad4a05b3677ffb6",
"github_release/github.com/suzuki-shunsuke/tfcmt/v3.3.0/tfcmt_windows_amd64.tar.gz": "e3b3f3c454ad1228af5540dff34ac37b7c98ef6c89f99da9069cf7f32204a905",
"github_release/github.com/suzuki-shunsuke/tfcmt/v3.3.0/tfcmt_windows_arm64.tar.gz": "0e7f26a973afef87c7eb1681fdd639229b96c6f5122197ab56ddfa66f1d9af52"
}
}
We will add fields in future.
e.g.
{
"meta": {
},
"checksums": {}
}
https://releases.hashicorp.com/terraform/1.2.6/terraform_1.2.6_SHA256SUMS
94d1efad05a06c879b9c1afc8a6f7acb2532d33864225605fc766ecdd58d9888 terraform_1.2.6_darwin_amd64.zip
452675f91cfe955a95708697a739d9b114c39ff566da7d9b31489064ceaaf66a terraform_1.2.6_darwin_arm64.zip
1bedf7564838493f7cd9cb72544996c27dcfbbae9bf5436ef334e865515e6f24 terraform_1.2.6_freebsd_386.zip
353b21367e5eb9804cfba3140e786c5c149c10098b2a54aa5be3ec30c8425be0 terraform_1.2.6_freebsd_amd64.zip
47aa169b52c4b566f37d9f39f41cfc34ee2e4152641a9109c2767f48007b2457 terraform_1.2.6_freebsd_arm.zip
3d6c0dc8836dbfcfc82e6ba69891f21bfad6a09116e6ddf7a14187b8ee0acce5 terraform_1.2.6_linux_386.zip
9fd445e7a191317dcfc99d012ab632f2cc01f12af14a44dfbaba82e0f9680365 terraform_1.2.6_linux_amd64.zip
322755d11f0da11169cdb234af74ada5599046c698dccc125859505f85da2a20 terraform_1.2.6_linux_arm64.zip
ed49a5422ca51cbc90472a754979f9bbba5f0c39f6a0abe570e525bbae4e6540 terraform_1.2.6_linux_arm.zip
426d39f1b87bf5dbda3ebb4585483288dba09c36731d5cae146f29df0119036c terraform_1.2.6_openbsd_386.zip
5b0c59ffe5f83363b20f74df428490b95ff81f53348f8c8394519768085f3eef terraform_1.2.6_openbsd_amd64.zip
64e70edf5af0e77f54d111ae318282aebcdaa33e8dd545b93881fd421dc4d982 terraform_1.2.6_solaris_amd64.zip
f26acca0060c42c0e6fb81d268fbf4ab9baac3d5f34c8263ecdb48c0a78f905b terraform_1.2.6_windows_386.zip
1e3c884cf32879646f97b8b6a253686710eb6e445d44097580a27511a49db88b terraform_1.2.6_windows_amd64.zip
checksum:
type: http
algorithm: sha256
url: https://releases.hashicorp.com/terraform/{{trimV .Version}}/terraform_{{trimV .Version}}_SHA256SUMS
file_format: regexp
pattern:
checksum: ^(.{64})
file: ^.{64} (.*)$
http/releases.hashicorp.com/terraform/1.2.6/terraform_1.2.6_darwin_arm64.zip/terraform
- type: http
repo_owner: hashicorp
repo_name: terraform
url: https://releases.hashicorp.com/terraform/{{trimV .Version}}/terraform_{{trimV .Version}}_{{.OS}}_{{.Arch}}.zip
description: Terraform enables you to safely and predictably create, change, and improve infrastructure. It is an open source tool that codifies APIs into declarative configuration files that can be shared amongst team members, treated as code, edited, reviewed, and versioned
supported_envs:
- linux
- darwin
- amd64
checksum:
type: http
algorithm: sha256
url: https://releases.hashicorp.com/terraform/{{trimV .Version}}/terraform_{{trimV .Version}}_SHA256SUMS
file_format: regexp
pattern:
checksum: ^(.{64})
file: ^.{64} (.*)$
version_constraint: semver(">= 1.0.2")
version_overrides:
- version_constraint: "true"
rosetta2: true
aqua.yaml
checksum:
enabled: true
require_checksum: true
If checksum isn't found in .aqua-checksums.json
, it failed to install tools.
You have to run aqua update-checksum
in advance.
✅ Generate checksum config in aqua gr
command
$ aqua gr suzuki-shunsuke/tfcmt
packages:
- type: github_release
repo_owner: suzuki-shunsuke
repo_name: tfcmt
asset: tfcmt_{{.OS}}_{{.Arch}}.tar.gz
description: Fork of mercari/tfnotify. tfcmt enhances tfnotify in many ways, including Terraform >= v0.15 support and advanced formatting options
checksum:
type: github_release
path: tfcmt_{{trimV .Version}}_checksums.txt
file_format: regexp
pattern:
checksum: ^(.{64})
file: ^.{64} (.*)$
✅ Patch checksum config
https://github.com/aquaproj/registry-tool
$ aqua-registry patch-checksum registry.yaml
✅ We have to support SHA512
asciigraph_0.5.5_sha512-checksums.txt
https://github.com/guptarohit/asciigraph/releases/tag/v0.5.5
✅ Rename github_release
's path
attribute to asset
.
e.g.
aqua.yaml
checksum:
enabled: true
require_checksum_in_advance: true
create_json: true
require_checksum: false
save_calculated_checksum: false
excludes:
- name: foo
version: <= 1.0.0
envs:
- darwin
- linux/amd64
- registry: foo
attribute | default | description |
---|---|---|
enabled | true | Enable checksum verification |
require_checksum_in_advance | false | When this is true, it fails to install a package if the checksum isn't found in .aqua-checksums.json in advance install |
create_json | false | If this is true, aqua creates .aqua-checksums.json. Otherwise, aqua verifies checksum only downloading checksum file. |
require_checksum | false | If this is true, it fails to install packages without checksum. This forbids to install packages without checksum configuration |
save_calculated_checksum | false | If this is true, aqua adds a checksum calcurated from downloaded asset when the checksum isn't found in .aqua-checksums.json and checksum file |
excludes | [] | Disable checksum verification in the specific packages and registries |
excludes
All attributes are AND
condition.
attribute | description |
---|---|
name | package name. Glob support |
version | version constraint |
envs | os and arch |
registry | registry name |
status
emoji | description |
---|---|
❌ | It is difficult to support |
🔺 | Currently, it is difficult to support, but let's consider to support later |
👻 | checksum file doesn't exist |
✅ | it works |
status | package | note |
---|---|---|
👻 | 1xyz/pryrite | |
99designs/aws-vault | ||
👻 | Aloxaf/silicon | |
✅ | Arriven/db1000n | |
👻 | Azure/aks-engine | |
✅ | Azure/aztfy | |
✅ | BeryJu/korb | |
BurntSushi/ripgrep | ||
✅ | Cian911/switchboard | |
✅ | CircleCI-Public/circleci-cli | |
ClementTsang/bottom | ||
Dreamacro/clash | ||
✅ | FairwindsOps/nova | |
✅ | FairwindsOps/pluto | |
✅ | FairwindsOps/polaris | |
✅ | FairwindsOps/rbac-lookup | |
FiloSottile/age | ||
FiloSottile/mkcert | ||
✅ | GoodwayGroup/gwvault | |
GoogleCloudPlatform/terraformer/aws | ||
GoogleCloudPlatform/terraformer | ||
GoogleContainerTools/container-diff | ||
GoogleContainerTools/container-structure-test | ||
✅ | GoogleContainerTools/kpt | |
GoogleContainerTools/skaffold | ||
Jarred-Sumner/bun | ||
✅ | Jeffail/benthos | |
✅ | Kong/deck | |
✅ | Ladicle/kubectl-rolesum | |
Lallassu/gorss | ||
LukeChannings/deno-arm64 | ||
MiSawa/xq | ||
✅ | Mic-U/ecsher | |
MusicDin/kubitect | ||
PaulJuliusMartinez/jless | ||
Peltoche/lsd | ||
✅ | Percona-Lab/mysql_random_data_load | |
✅ | Phantas0s/devdash | |
✅ | Praqma/helmsman | |
🔺 | Rigellute/spotify-tui | It is difficult to support |
Schniz/fnm | ||
Shopify/ejson | ||
Shopify/kubeaudit | ||
Songmu/ecschedule | ||
Songmu/ghch | ||
Songmu/ghg | ||
Songmu/gocredits | ||
Songmu/gotesplit | ||
Songmu/goxz | ||
Songmu/horenso | ||
SpectralOps/teller | ||
TaKO8Ki/frum | ||
TaKO8Ki/gobang | ||
TheZoraiz/ascii-image-converter | ||
TimothyYe/skm | ||
TomWright/dasel | ||
Traackr/binnacle | ||
Trendyol/kink | ||
Versent/saml2aws | ||
Wilfred/difftastic | ||
WoozyMasta/kube-dump | ||
XAMPPRocky/tokei | ||
🔺 | abiosoft/colima | https://github.com/aquaproj/aqua/issues/427#issuecomment-1207557765 |
abs-lang/abs | ||
acorn-io/acorn | ||
aelsabbahy/goss/dcgoss | ||
aelsabbahy/goss/dgoss | ||
aelsabbahy/goss/kgoss | ||
aelsabbahy/goss | ||
ahmetb/kubectl-tree | ||
ahmetb/kubectx/kubens | ||
ahmetb/kubectx | ||
ajeetdsouza/zoxide | ||
alexellis/arkade | ||
alexellis/k3sup | ||
amacneil/dbmate | ||
anchore/grype | ||
anchore/syft | ||
andreazorzetto/yh | ||
anqiansong/github-compare | ||
antonmedv/fx | ||
antonmedv/llama | ||
apache/camel-k | ||
aporia-ai/kubesurvival | ||
aquaproj/aqua-installer | ||
aquaproj/registry-tool | ||
aquasecurity/chain-bench | ||
aquasecurity/kube-bench | ||
aquasecurity/kubectl-who-can | ||
aquasecurity/starboard | ||
aquasecurity/tfsec | ||
aquasecurity/trivy | ||
arduino/arduino-cli | ||
argoproj-labs/argocd-autopilot | ||
argoproj-labs/argocd-image-updater | ||
argoproj/argo-cd | ||
argoproj/argo-rollouts | ||
argoproj/argo-workflows | ||
aristocratos/btop | ||
arl/gitmux | ||
armosec/kubescape | ||
arrow2nd/nekome | ||
arttor/helmify | ||
asciimoo/wuzz | ||
astefanutti/kubebox | ||
aws-containers/amazon-ecs-exec-checker | ||
aws/amazon-ec2-instance-selector | ||
aws/aws-cli | ||
aws/copilot-cli | ||
awslabs/amazon-ecr-credential-helper | ||
awslabs/git-secrets | ||
awslabs/ssosync | ||
b3nj5m1n/xdg-ninja | ||
b4b4r07/afx | ||
b4b4r07/changed-objects | ||
b4b4r07/gist | ||
b4b4r07/git-bump | ||
b4b4r07/github-labeler | ||
b4b4r07/gomi | ||
b4b4r07/iap_curl | ||
b4b4r07/stein | ||
barnybug/cli53 | ||
batchcorp/plumber | ||
bats-core/bats-core | ||
bcicen/ctop | ||
bcicen/slackcat | ||
becheran/roumon | ||
benbjohnson/litestream | ||
benchkram/bob | ||
bengadbois/pewpew | ||
bitnami-labs/sealed-secrets | ||
blacknon/hwatch | ||
bojand/ghz | ||
bootandy/dust | ||
boz/kail | ||
bridgecrewio/yor | ||
brigadecore/brigade | ||
bronze1man/yaml2json | ||
budimanjojo/talhelper | ||
bufbuild/buf | ||
buildkite/agent | ||
buildkite/cli | ||
buildpacks/pack | ||
c-bata/kube-prompt | ||
c1982/bomberman | ||
caarlos0/fork-cleaner | ||
cantino/mcfly | ||
casey/just | ||
cea-hpc/sshproxy | ||
chanzuckerberg/fogg | ||
charmbracelet/glow | ||
charmbracelet/gum | ||
che-incubator/chectl | ||
cheat/cheat | ||
chmln/sd | ||
chriswalz/bit | ||
civo/cli | ||
cli/cli | ||
clog-tool/clog-cli | ||
cloud-hypervisor/cloud-hypervisor/ch-remote | ||
cloud-hypervisor/cloud-hypervisor | ||
cloudflare/cfssl/mkbundle | ||
cloudflare/cfssl | ||
cloudflare/cloudflared | ||
cloudflare/gokey | ||
cloudfoundry/bosh-cli | ||
cloudfoundry/credhub-cli | ||
cloudposse/atmos | ||
cloudspannerecosystem/wrench | ||
cloudspannerecosystem/yo | ||
cnrancher/autok3s | ||
codeclimate/test-reporter | ||
coder/coder | ||
codesenberg/bombardier | ||
compose/transporter | ||
containerd/nerdctl | ||
controlplaneio/kubesec | ||
corneliusweig/ketall | ||
corneliusweig/rakkess/access-matrix | ||
corneliusweig/rakkess | ||
cortesi/modd | ||
cosmtrek/air | ||
crate-ci/typos | ||
create-go-app/cli | ||
crossplane/crossplane | ||
cswank/kcli | ||
cue-lang/cue | ||
cyberark/kubeletctl | ||
cycloidio/inframap | ||
dagger/dagger | ||
dalance/procs | ||
dandavison/delta | ||
danielfoehrKn/kubeswitch | ||
danielfoehrKn/kubeswitch/switch-sh | ||
dapr/cli | ||
databricks/click | ||
datanymizer/datanymizer | ||
datastax-labs/astra-cli | ||
datreeio/datree | ||
ddddddO/gtree | ||
ddosify/ddosify | ||
deepmap/oapi-codegen | ||
denisidoro/navi | ||
denoland/deno | ||
derailed/k9s | ||
derailed/popeye | ||
deref/exo | ||
deviceinsight/kafkactl | ||
devops-works/dw-query-digest | ||
devops-works/egress-auditor | ||
dhall-lang/dhall-haskell | ||
digitalocean/doctl | ||
direnv/direnv | ||
dnnrly/abbreviate | ||
docker-slim/docker-slim | ||
docker/cli | ||
docker/cli/rootless | ||
docker/compose | ||
doitintl/kube-no-trouble | ||
dolthub/dolt | ||
dominikh/go-tools/staticcheck | ||
dotenv-linter/dotenv-linter | ||
dprint/dprint | ||
drlau/akashi | ||
dstotijn/hetty | ||
dtan4/k8stail | ||
ducaale/xh | ||
dundee/gdu | ||
dutchcoders/cloudman | ||
dwisiswant0/tlder | ||
earthly/earthly | ||
editorconfig-checker/editorconfig-checker | ||
ekalinin/github-markdown-toc | ||
ekzhang/bore | ||
emirozer/kubectl-doctor | ||
env0/terratag | ||
ernoaapa/kubectl-warp | ||
errata-ai/vale | ||
erroneousboat/slack-term | ||
evilmartians/lefthook | ||
exoscale/cli | ||
extrawurst/gitui | ||
fabpot/local-php-security-checker | ||
fatedier/frp | ||
ffuf/ffuf | ||
fiatjaf/jiq | ||
firecracker-microvm/firecracker | ||
fishi0x01/vsh | ||
fission/fission | ||
flosell/iam-policy-json-to-terraform | ||
fluxcd/flux2 | ||
fsaintjacques/semver-tool | ||
fujiwara/lambroll | ||
fujiwara/tfstate-lookup | ||
fujiwara/tracer | ||
fullstorydev/grpcurl | ||
gabrie30/ghorg | ||
gcla/termshark | ||
genuinetools/img | ||
genuinetools/reg | ||
geofffranks/spruce | ||
getsentry/sentry-cli | ||
getzola/zola | ||
ginuerzh/gost | ||
git-chglog/git-chglog | ||
git-lfs/git-lfs | ||
github.com/zeromicro/go-zero/tools/goctl | ||
github/hub | ||
github/licensed | ||
gleam-lang/gleam | ||
go-jira/jira | ||
go-swagger/go-swagger | ||
go-task/task | ||
goccy/kubetest | ||
gocruncher/jenkins-job-cli | ||
gohugoio/hugo | ||
gojuno/minimock | ||
gokcehan/lf | ||
golang-migrate/migrate | ||
golang.org/x/perf/cmd/benchstat | ||
golang.org/x/tools/cmd/goimports | ||
golang.org/x/tools/gopls | ||
golang/go | ||
golang/mock | ||
golangci/golangci-lint | ||
gomods/athens | ||
goodwithtech/dockle | ||
google/go-containerregistry | ||
google/go-jsonnet | ||
google/jsonnet | ||
google/ko | ||
google/pprof | ||
google/wire | ||
gopasspw/gopass | ||
goreleaser/goreleaser | ||
goreleaser/nfpm | ||
gotestyourself/gotestsum | ||
grafana/grafana-kiosk | ||
grafana/grizzly | ||
grafana/k6 | ||
grafana/loki/logcli | ||
grafana/tanka | ||
greymd/teip | ||
grpc-ecosystem/grpc-gateway/protoc-gen-grpc-gateway | ||
grpc-ecosystem/grpc-gateway/protoc-gen-openapiv2 | ||
grpc/grpc-go/protoc-gen-go-grpc | ||
gruntwork-io/kubergrunt | ||
gruntwork-io/terragrunt | ||
gsamokovarov/jump | ||
hadolint/hadolint | ||
hairyhenderson/gomplate | ||
harelba/q | ||
harness/drone-cli | ||
hashicorp/consul | ||
hashicorp/go-getter | ||
hashicorp/levant | ||
hashicorp/nomad | ||
hashicorp/packer | ||
hashicorp/terraform-ls | ||
hashicorp/terraform-plugin-docs | ||
hashicorp/terraform | ||
hashicorp/vault | ||
hashicorp/waypoint | ||
haskell/cabal/cabal-install | ||
haskell/ghcup-hs | ||
hasura/graphql-engine | ||
heartbeatsjp/check-tls-cert | ||
helm/chart-releaser | ||
helm/chart-testing | ||
helm/helm | ||
helmwave/helmwave | ||
hetznercloud/cli | ||
hhatto/gocloc | ||
hidetatz/kubecolor | ||
high-moctane/mocword | ||
high-moctane/nextword | ||
hktalent/scan4all | ||
hmarr/codeowners | ||
homeport/dyff | ||
homeport/havener | ||
iann0036/iamlive | ||
iawia002/lux | ||
im2nguyen/rover | ||
incu6us/goimports-reviser | ||
influxdata/influx-cli | ||
infracost/infracost | ||
inlets/inlets-pro | ||
inlets/inletsctl | ||
instrumenta/kubeval | ||
int128/ghcp | ||
int128/kauthproxy | ||
int128/kubectl-external-forward | ||
int128/kubelogin | ||
int128/yamlpatch | ||
iovisor/kubectl-trace | ||
ipfs/kubo | ||
istio/istio/istioctl | ||
itamae-kitchen/mitamae | ||
itchyny/gojo | ||
itchyny/gojq | ||
itchyny/mmv | ||
ivanilves/lstags | ||
jacobdeichert/mask | ||
jamesob/desk | ||
jenkins-zh/jenkins-cli | ||
jesseduffield/horcrux | ||
jesseduffield/lazydocker | ||
jesseduffield/lazygit | ||
jetstack/cert-manager/cmctl | ||
jez/as-tree | ||
jiro4989/ojosama | ||
jiro4989/relma | ||
jiro4989/textimg | ||
joehillen/sysz | ||
johanhaleby/kubetail | ||
johnkerl/miller | ||
jonaslu/ain | ||
joshdk/retry | ||
jpillora/chisel | ||
jreisinger/checkip | ||
jreleaser/jreleaser | ||
jreleaser/jreleaser/standalone | ||
jsonnet-bundler/jsonnet-bundler | ||
jtyr/gbt | ||
juliosueiras/terraform-lsp | ||
junegunn/fzf/fzf-tmux | ||
junegunn/fzf | ||
k0sproject/k0s | ||
k0sproject/k0sctl | ||
kanisterio/kanister | ||
kastenhq/external-tools/k10multicluster | ||
kastenhq/external-tools/k10tools | ||
kastenhq/kubestr | ||
katbyte/terrafmt | ||
kayac/ecspresso | ||
kdabir/has | ||
kevwan/depu | ||
kevwan/tproxy | ||
kitabisa/teler | ||
knative/client | ||
knqyf263/cob | ||
knqyf263/pet | ||
knqyf263/utern | ||
ko1nksm/shdotenv | ||
koalaman/shellcheck | ||
kool-dev/kool | ||
kopia/kopia | ||
kreuzwerker/awsu | ||
kreuzwerker/envplate | ||
kreuzwerker/m1-terraform-provider-helper | ||
ktock/buildg | ||
ktr0731/evans | ||
kubecost/kubectl-cost | ||
kubemq-io/kubemqctl | ||
kubernetes-sigs/cluster-api | ||
kubernetes-sigs/controller-tools/controller-gen | ||
kubernetes-sigs/kind | ||
kubernetes-sigs/krew | https://github.com/kubernetes-sigs/krew/releases/tag/v0.4.3 | |
kubernetes-sigs/kubebuilder | ||
kubernetes-sigs/kubefed | ||
kubernetes-sigs/kustomize | ||
kubernetes/kompose | ||
kubernetes/kops | https://github.com/kubernetes/kops/releases/tag/v1.24.1 | |
kubernetes/kubectl | ||
kubernetes/minikube | ||
kubesphere/kubeeye | ||
kudobuilder/kuttl | ||
kurehajime/dajarep | ||
kurehajime/kuzusi | ||
kurehajime/pong-command | ||
kvaps/kubectl-node-shell | ||
kvz/json2hcl | ||
kyleconroy/sqlc | ||
kyoh86/richgo | ||
lc/gau | ||
liamg/comet | ||
liamg/dismember | ||
liamg/extrude | ||
liamg/gitjacker | ||
liamg/memit | ||
liamg/pax | ||
liamg/scout | ||
liamg/traitor | ||
liggitt/audit2rbac | ||
lima-vm/lima | ||
livebud/bud | ||
loft-sh/devspace | ||
loft-sh/vcluster | https://github.com/loft-sh/vcluster/releases/tag/v0.11.0 | |
lotabout/skim | ||
maaslalani/slides | ||
magefile/mage | ||
mantil-io/mantil | ||
marcosnils/bin | ||
marp-team/marp-cli | ||
mattn/efm-langserver | ||
mattn/gof | ||
mattn/goreman | ||
mattn/memo | ||
megaease/easeprobe | ||
mercari/hcledit | ||
mercari/tfnotify | ||
mergestat/mergestat | ||
mgdm/htmlq | ||
microsoft/ripgrep-prebuilt | ||
mikefarah/yq | ||
miku/zek | ||
minamijoyo/hcledit | ||
minamijoyo/tfmigrate | ||
minamijoyo/tfschema | ||
minamijoyo/tfupdate | ||
miniscruff/changie | ||
minishift/minishift | https://github.com/minishift/minishift/releases/tag/v1.34.3 | |
mitchellh/gox | ||
mkchoi212/fac | ||
mongodb/mongocli | ||
mozilla/sops | ||
mpostument/awstaghelper | ||
msoap/shell2http | ||
mszostok/codeowners-validator | ||
muesli/duf | ||
mumoshu/config-registry | ||
mumoshu/variant | ||
mumoshu/variant2 | ||
mvdan/gofumpt | ||
mvdan/sh | ||
naggie/dstask/dstask-import | ||
naggie/dstask | ||
nakabonne/ali | ||
nametake/golangci-lint-langserver | ||
nektos/act | ||
neovim/neovim | ||
newrelic/newrelic-cli | ||
nikochiko/autosaved | ||
ninja-build/ninja | ||
noborus/trdsql | ||
nojima/httpie-go | ||
norwoodj/helm-docs | ||
npryce/adr-tools | ||
numtide/treefmt | https://github.com/numtide/treefmt/releases/tag/v0.4.1 | |
nushell/nushell | ||
o2sh/onefetch | ||
oam-dev/kubevela/kubectl-plugin | ||
oam-dev/kubevela | ||
ogham/dog | ||
ogham/exa | ||
okteto/okteto | ||
open-policy-agent/conftest | ||
open-policy-agent/opa | ||
openfaas/faas-cli | ||
operator-framework/operator-registry | ||
operator-framework/operator-sdk | ||
optiv/Mangle | ||
orf/gping | ||
orhun/git-cliff | ||
orisano/dlayer | ||
ossf/scorecard | ||
owenthereal/upterm | ||
ozankasikci/dockerfile-generator | ||
pacedotdev/oto | ||
particledecay/kconf | ||
peak/s5cmd | ||
peco/peco | ||
pemistahl/grex | ||
pen-lang/pen | ||
pglet/pglet | ||
phiresky/ripgrep-all | ||
pivotal-cf/om | ||
pivotal-cf/pivnet-cli | ||
planetscale/cli | ||
plexsystems/sinker | ||
porter-dev/porter | ||
postfinance/kubectl-sudo | ||
praetorian-inc/gokart | ||
pressly/goose | ||
profclems/glab | ||
projectdiscovery/httpx | ||
projectdiscovery/naabu | https://github.com/projectdiscovery/naabu/releases/tag/v2.1.0 | |
projectdiscovery/nuclei | ||
projectdiscovery/subfinder | ||
projectdiscovery/tlsx | ||
protocolbuffers/protobuf-go/protoc-gen-go | ||
pulumi/kubespy | ||
pulumi/pulumi | ||
pulumi/tf2pulumi | ||
quarkslab/kdigger | ||
rancher/cli | ||
rancher/k3d | ||
rancher/kim | ||
rancher/rke | ||
rapiz1/catp | ||
rclone/rclone | ||
rebuy-de/aws-nuke | ||
replicatedhq/kots | ||
replicatedhq/outdated | ||
restic/restic | ||
reviewdog/reviewdog | ||
rhysd/actionlint | ||
rhysd/hgrep | ||
rhysd/vim-startuptime | ||
rikatz/kubepug | ||
rlmcpherson/s3gof3r | ||
roboll/helmfile | ||
robscott/kube-capacity | ||
rogerwelin/cassowary | ||
ropnop/kerbrute | ||
rs/curlie | ||
rust-lang/mdBook | ||
rust-lang/rust-analyzer | ||
ryane/kfilt | ||
s0md3v/Smap | ||
sachaos/note | ||
sachaos/tcpterm | ||
sachaos/todoist | ||
sachaos/toggl | ||
sachaos/viddy | ||
sahilm/yamldiff | ||
sanathp/statusok | ||
sbstp/kubie | ||
scaleway/scaleway-cli | ||
schollz/croc | ||
sclevine/yj | ||
securego/gosec | ||
segmentio/chamber | ||
sethvargo/ratchet | ||
sharkdp/bat | ||
sharkdp/diskus | ||
sharkdp/fd | ||
sharkdp/hexyl | ||
sharkdp/hyperfine | ||
sharkdp/pastel | ||
sheepla/fzwiki | ||
sheepla/longgopher | ||
sheepla/pingu | ||
sheepla/qiitaz | ||
sheepla/srss | ||
shellspec/shellspec | ||
shipyard-run/shipyard | ||
shyiko/kubesec | ||
siderolabs/conform | ||
siderolabs/talos | ||
siderolabs/theila | ||
sigstore/cosign | ||
sigstore/gitsign | ||
sigstore/rekor | ||
six-ddc/plow | ||
skanehira/gjo | ||
slackhq/nebula | ||
slok/sloth | ||
slsa-framework/slsa-verifier | ||
snyk/driftctl | ||
soywod/himalaya | ||
spinnaker/spin | ||
sqshq/sampler | ||
squat/kilo | ||
sstadick/crabz | ||
stackrox/kube-linter | ||
🔺 | starship/starship | https://github.com/aquaproj/aqua/issues/427#issuecomment-1207557765 |
stedolan/jq | ||
stepchowfun/docuum | ||
stern/stern | ||
stoplightio/spectral | ||
sumneko/lua-language-server | ||
suzuki-shunsuke/akoi | ||
suzuki-shunsuke/asciinema-trim | ||
suzuki-shunsuke/checkout-merged-branch-with-ci-info | ||
suzuki-shunsuke/ci-info | ||
suzuki-shunsuke/ci-renovate-config-validator | ||
suzuki-shunsuke/circleci-config-merge | ||
suzuki-shunsuke/cmdx | ||
suzuki-shunsuke/dd-time | ||
suzuki-shunsuke/discussion-slack-notifier | ||
suzuki-shunsuke/durl | ||
suzuki-shunsuke/git-rm-branch | ||
suzuki-shunsuke/github-comment | ||
suzuki-shunsuke/matchfile | ||
suzuki-shunsuke/renovate-issue-action | ||
suzuki-shunsuke/tfcmt | ||
suzuki-shunsuke/yaml2json | ||
swaggo/swag | ||
sysdiglabs/kube-psp-advisor | ||
taskctl/taskctl | ||
tcnksm/ghr | ||
tektoncd/cli | ||
telepresenceio/telepresence | ||
temporalio/tctl | ||
temporalio/temporal | ||
tenable/terrascan | ||
terraform-docs/terraform-docs | ||
terraform-linters/tflint | ||
tfmigrator/cli | ||
tfutils/tfenv | ||
thazelart/terraform-validator | ||
theryangeary/choose | ||
thought-machine/please | ||
tilt-dev/ctlptl | ||
tilt-dev/tilt | ||
timdp/lwc | ||
tinygo-org/tinygo | ||
tkuchiki/alp | ||
tmccombs/hcl2json | ||
tomnomnom/gron | ||
trufflesecurity/driftwood | ||
trufflesecurity/trufflehog | ||
tsenart/vegeta | ||
turbot/steampipe | ||
twpayne/chezmoi | ||
txn2/kubefwd | ||
up9inc/mizu | ||
updatecli/updatecli | ||
uptrace/uptrace | ||
uw-labs/strongbox | ||
uzimaru0000/tv | ||
variantdev/vals | ||
vektra/mockery | ||
vi/websocat | ||
vishaltelangre/ff | ||
visma-prodsec/confused | ||
vmware-tanzu/carvel-imgpkg | ||
vmware-tanzu/carvel-kapp | ||
vmware-tanzu/carvel-kbld | ||
vmware-tanzu/carvel-kwt | ||
vmware-tanzu/carvel-vendir | ||
vmware-tanzu/carvel-ytt | ||
vmware-tanzu/octant | ||
vmware-tanzu/velero | ||
wader/fq | ||
wagoodman/dive | ||
wallix/awless | ||
watchexec/watchexec | ||
weaveworks/eksctl | ||
webdevops/go-crond | ||
windvalley/gossh | ||
wtfutil/wtf | ||
x-motemen/ghq | ||
xiecat/fofax | ||
xitonix/trubka | ||
xo/usql | ||
xtaci/kcptun | ||
xwjdsh/manssh | ||
xxxserxxx/gotop | ||
yannh/kubeconform | ||
ycd/dstp | ||
yohamta/dagu | ||
zaquestion/lab | ||
zegl/kube-score | ||
zellij-org/zellij | ||
ziglang/zig | ||
zigtools/zls | ||
zix99/rare | ||
zricethezav/gitleaks |
checksum:
type: github_release_multifile
asset: spotify-tui-{{.OS}}.sha256
file_format: raw
Published the document. https://aquaproj.github.io/docs/reference/checksum
Published the prerelease version. https://github.com/aquaproj/aqua/releases/tag/v1.20.0-0-checksum
✅ Support both aqua-checksums.json
and .aqua-checksums.json
.
If .?aqua-checksums\.json
isn't found, aqua creates aqua-checksums.json
.
I dislike the convention of .
, but this is widely accepted so aqua supports this convention too.
Disabled the checksum verification once and merged https://github.com/aquaproj/aqua/pull/1070 Then I created https://github.com/aquaproj/aqua/pull/1118
FATA[0001] aqua failed aqua_version= env=darwin/arm64 error="parse a checksum file: no checksum is extracted" program=aqua
Probably this means the package's registry configuration is wrong.
If you use the standard registry, please create an issue or pull request to aquaproj/aqua-registry.
Finally, aqua now supports the Checksum Verification. 🎉
https://github.com/aquaproj/aqua/releases/tag/v1.20.0
This was very tough work.
Please let me try and give us your feedback!
ref. https://zenn.dev/shunsuke_suzuki/scraps/7cfc2d3a5c6d04
Overview
Verify the checksum of downloaded file, and if the checksum is wrong make the installation failure.
Motivation
Make aqua secure. Prevent the supply chain atack.
Consideration
We have to keep aqua simple. We should avoid making aqua complicated by introducing checksum verification.
Proposal of Specification
When a tool is installed, aqua verifies the checksum as the following.
.aqua-checksums.json
on the same directory as aqua configuration file. If.aqua-checksums.json
isn't found, aqua treats the file is empty.aqua-checksums.json
.aqua-checksums.json
, the actual checksum is added to.aqua-checksums.json
:warning: Note
If the file is falsified before the correct checksum is added to
.aqua-checksums.json
, it is difficult to detect the falsification.:bulb: Ignore the specific checksum verification
If you would like to ignore the specific checksum verification, you can do it by removing the checksum from
.aqua-checksums.json
..aqua-checksums.json
Pairs of package id and checksum are recorded.
e.g.
This file is created and updated by
aqua
automatically, so you don't have to update this file manually.Question: Should
.aqua-checksums.json
be managed with Git?Coming soon
Algorithm to calculate checksums
sha256 is used for goreleaser by default, so aqua would also support sha256 by default. In future, aqua may support other algorithms too.
Idea: command to update
.aqua-checksums.json
liketerraform providers lock
Coming soon
Future work
Implementation
Reference