search

electron / get

Download Electron release artifacts
https://npm.im/@electron/get
MIT License
338 stars 106 forks source link

feat: support hardcoded checksums #200

Closed MarshallOfSound closed 3 years ago

MarshallOfSound commented 3 years ago

We want to add the checksums directly to the published NPM package. To do so @electron/get needs to be able to take the hardcoded list and pass it to sumchecker. This makes the security chain of our checksums

yarn.lock integrity --> electron npm package --> hardcoded checksums --> remote electron binary is validated

electron-bot commented 3 years ago

:tada: This PR is included in version 1.13.0 :tada:

The release is available on:

Your semantic-release bot :package::rocket:

malept commented 3 years ago

It looks like this caused a regression: https://github.com/electron/electron-packager/runs/3401225023?check_suite_focus=true

ChALkeR commented 2 years ago

This is great, huge thanks for this! The caching logic has a bug though, breaking the abovementioned security chain.