search

docker / buildx

Docker CLI plugin for extended build capabilities with BuildKit
Apache License 2.0
3.58k stars 482 forks source link

Darwin binaries are missing checksum #2727

Closed calebAtIspot closed 1 month ago

calebAtIspot commented 1 month ago

Contributing guidelines

I've found a bug and checked that ...

Description

The darwin binaries in Github releases do not have a checksum listed in the checksums.txt file.

Expected behaviour

checksum is listed

Actual behaviour

no checksum

Additional info

Checksums file:

aa7a9778349e1a8ace685e4c51a1d33e7a9b0aa6925d1c625b09cb3800eba696 *buildx-v0.17.1.linux-amd64
2c52ee5f28378a45fafd29fa8f6aa77548d0a5ae9ba55d8984c4cf37a49eff3d *buildx-v0.17.1.linux-amd64.provenance.json
5753e2af5f4441e2fbd3e34e62cefacab7af62c473758b9c35645a1054b451f7 *buildx-v0.17.1.linux-amd64.sbom.json
8c287b02430036d42323052e228ee8e26a6e7f7c5858b170f6f82be812d8043b *buildx-v0.17.1.linux-arm-v6
8d561009f0a54c6fb469b83219adc15ffb589af1362b57a80c6f25921576b15c *buildx-v0.17.1.linux-arm-v6.provenance.json
dc82a577482ac766633fb37d6ad74e2ae5bc40b26740adac1e177b8d4bafe4b3 *buildx-v0.17.1.linux-arm-v6.sbom.json
5454c2feddb76000c22cb8abafe8f4a03e6fee12aae9031f9e02b661e76012c8 *buildx-v0.17.1.linux-arm-v7
43ab522924b85b6460f7ad169815f819446fb444953b560aaf33d8bbca2d8fc2 *buildx-v0.17.1.linux-arm-v7.provenance.json
426a2a8892e2c35fafe82b0548ab523f21d1b80491ebf488af6a10155913bc67 *buildx-v0.17.1.linux-arm-v7.sbom.json
de05dccd47932eb9fd6e63781ab29d2b0b2c834bbdd19b51d7ea452b1fe378d3 *buildx-v0.17.1.linux-arm64
a14426e5ae3e98fc2f936c08ca4e5ec2cdfceaf06a39ee286051d2c4199ad001 *buildx-v0.17.1.linux-arm64.provenance.json
cc5fb0de87c1dedff227c3b46fdee411935a6a7909383347730be8ba0387bb0e *buildx-v0.17.1.linux-arm64.sbom.json
29b4f2de5a1e6ecb4096868111d693a8ba4aaf144d535242ce19fc4154f94a4e *buildx-v0.17.1.linux-ppc64le
b6873478c315959943dc4fb1865f5d4117c6319f91a7c1063aaa443228b2148d *buildx-v0.17.1.linux-ppc64le.provenance.json
35c3dd73bd302055b5f5e48fb8f4d7ac20d4958c40ca8e2952da3ae265497d60 *buildx-v0.17.1.linux-ppc64le.sbom.json
e67d26acb10c4529b9b5ca4e20781865d63e538228c566af6d1e91da65cdb992 *buildx-v0.17.1.linux-riscv64
62f74022add33bce95a13332fb0e2c5128eb0519287296b6c70a7c1cd63ee8e2 *buildx-v0.17.1.linux-riscv64.provenance.json
0af44cb9e525bbf0b1599a0c390f456f469d420d8d4e08749bb92367bb742930 *buildx-v0.17.1.linux-riscv64.sbom.json
9a3a4376025d1c2771ac69aceff0bcb19a2594413e318a34455af037ce903f06 *buildx-v0.17.1.linux-s390x
5665e32fdc520a70a83e0719dfa670c44b11c5559cf8385e0abc2ccde6574315 *buildx-v0.17.1.linux-s390x.provenance.json
4ada835864cd8fe3d6464468c059c43cb92043599969e7ba368ed8687c655ec4 *buildx-v0.17.1.linux-s390x.sbom.json
8751c926b953edf6dd9c7db0b01e567033c407e85bb5f21d559199e2553a07cc *buildx-v0.17.1.windows-amd64.exe
bd080170b32f88975ec0f8de92b921788ca5181681ac221a7de6d6875f0995e5 *buildx-v0.17.1.windows-amd64.provenance.json
5f0c0feb38fc35e8530d608cbd1f93514eb4be566e39c261ad0ad6a9500bd143 *buildx-v0.17.1.windows-amd64.sbom.json
e9c302fb36d16ba8df5488f536a66966f807c4342efc59f5b669d31cd0370d67 *buildx-v0.17.1.windows-arm64.exe
68914a49af78dc98504f5d18de01e3fdd9868c1d548ec942f2da92e0f81f707a *buildx-v0.17.1.windows-arm64.provenance.json
09f5dc78ccf115a14cb4fc4fac2cf2cd98e5562e36c2b577bfa406aaff9e7367 *buildx-v0.17.1.windows-arm64.sbom.json
tonistiigi commented 1 month ago

Darwin binaries are signed out of the CI after release atm (that changes the checksum). To check their authenticity, check that they have a proper signature.