dmikusa
commented
8 months ago the dotnet buildpack uses sha512:
Open dmikusa opened 8 months ago
dmikusa
commented
8 months ago the dotnet buildpack uses sha512:
doddisam
commented
5 months ago Is there a plan to supports sha512 in newer version?
I see dotnet core used sha512.
dmikusa
commented
5 months ago Is there a plan to supports sha512 in newer version?
Yes. Follow this issue for updates.
If you'd like to submit a PR, happy to chat about what that might entail.
doddisam
commented
4 months ago Meanwhile, Do you know if we can add sha512 id manually in dependency secrets. I dont see sha512 field in the dotnet buildpacks builder.toml file. In java we have sha256 field and adding that to mappings works as expected.
https://github.com/paketo-buildpacks/dotnet-core-aspnet-runtime/blob/main/buildpack.toml
For java 0390f964e9cadbb0795f44b2b29d2e6755bd8b800a94fee980aed8c26766c124: https://xxx.xxx.xxx:443/artifactory/dicf/paketo-java-dependencies/binaries/spring-cloud-bindings-2.0.3.jar - Works
How to add it for dontnet since there is no sha512 field in builder.toml
Is there a way to add it for these dotnet buildpacks ?
dmikusa
commented
4 months ago @doddisam The sha256 field is the old field. Going forward the field is called checksum.
For example:
checksum = "sha512:757d017db28b8e34c4b242c082aa51eb85bce8fca16af37a0beabedb271c9bd13e1631868faa131745d7784db48974567f82275da09041ba434dcb7abe821a2d"
The algorithm goes in the first part followed by a : followed by the actual check sum value.
So for the binding file, the key would be checksum and the contents would be algo:actual-checksum, from the example above sha512:757d017db28b8e34c4b242c082aa51eb85bce8fca16af37a0beabedb271c9bd13e1631868faa131745d7784db48974567f82275da09041ba434dcb7abe821a2d.
That should work. We haven't updated the Java-related buildpacks yet, so those still use the old key. At some point we'll get around to it, but it's not particularly urgent as sha256 is good enough.
doddisam
commented
4 months ago @dmikusa Thanks for the reply.
I am using K8's dependency mapping and this is how my secrets looks. I don't think key can have ":" in the k8's secrets. That is issue i am facing currently. Can you please check below and advice proper format ?
apiVersion: v1 kind: Secret metadata: name: dependencies type: service.binding/dependency-mapping stringData: type: dependency-mapping sha512:16cd54c431d80710a06037f8ea593e04764a80cbaad75e1db4225fbe3e7fce4c4d279f40757b9811e1c092436d2a1ca3be64c74cb190ebf78418a9865992ad12: https://xxx.xxx.xx:443/artifactory/dicf/paketo-java-dependencies/binaries/aspnetcore-runtime-8.0.6-linux-x64.tar.gz
dmikusa
commented
4 months ago Oh, you're right. I forgot about that.
Modify RFC to allow
checksumdependency mappings to be passed in with a_instead of:to enable functionality on Kubernetes (:is not an allowed character).
So in your case it would be <algo>_<actual-checksum>.
doddisam
commented
4 months ago @dmikusa Thanks for your input. Its working fine
In https://github.com/dmikusa/binding-tool/issues/26 we added support for
checksum = "algo:hash", but only where the algorithm is sha256.This issue is to support additional algorithms. Supporting more algorithms is additional work because it requires modifications to the code that validates the checksums as well.
If you need support for other algorithms, please post here and indicate the algorithms you're using. Thanks