Closed ctron closed 3 weeks ago
There's one catch. It relies on fetch_advisory
, which is also limited and allows only retrieving by Uuid
and Sha256
. But I guess that another problem to fix.
The CI disagrees. I'll fix that tomorrow.
Tested and the REST API worked as expected, thanks!
I updated the PR and would value a second review.
The same issue was present for SBOMs. That should not also be fixed.
I also did refactor the storage part in a way that it is clear that there is a "storage key", which is opaque on the API. And there's a translation from the Id
(and Vec<Id>
). Which I is a better approach to the find_sha256
function.
@jcrossley3 unless you think the PR is getting too big, I could amend it tomorrow, adding the struct and trying to pass through the list of hashes.
@jcrossley3 unless you think the PR is getting too big, I could amend it tomorrow, adding the struct and trying to pass through the list of hashes.
I do think it's getting pretty big. Can you change the title to be more descriptive and move the "Fix #394" into the description before merging?
@jcrossley3 does that work?
I continued work in https://github.com/trustification/trustify/pull/405
Fix #394: Before downloading the actual content, we look up the sha256 digest from the database and use that to fetch the content from the storage. This is done for advisories, but also for SBOMs.
Also:
Id
of the database instead of some ID field from the documentHashOrUuidKey
toId
StorageKey
)