ctron
commented
3 weeks ago There's one catch. It relies on fetch_advisory, which is also limited and allows only retrieving by Uuid and Sha256. But I guess that another problem to fix.
Closed ctron closed 3 weeks ago
ctron
commented
3 weeks ago There's one catch. It relies on fetch_advisory, which is also limited and allows only retrieving by Uuid and Sha256. But I guess that another problem to fix.
ctron
commented
3 weeks ago The CI disagrees. I'll fix that tomorrow.
carlosthe19916
commented
3 weeks ago Tested and the REST API worked as expected, thanks!
ctron
commented
3 weeks ago I updated the PR and would value a second review.
The same issue was present for SBOMs. That should not also be fixed.
I also did refactor the storage part in a way that it is clear that there is a "storage key", which is opaque on the API. And there's a translation from the Id (and Vec<Id>). Which I is a better approach to the find_sha256 function.
ctron
commented
3 weeks ago @jcrossley3 unless you think the PR is getting too big, I could amend it tomorrow, adding the struct and trying to pass through the list of hashes.
jcrossley3
commented
3 weeks ago @jcrossley3 unless you think the PR is getting too big, I could amend it tomorrow, adding the struct and trying to pass through the list of hashes.
I do think it's getting pretty big. Can you change the title to be more descriptive and move the "Fix #394" into the description before merging?
ctron
commented
3 weeks ago @jcrossley3 does that work?
ctron
commented
3 weeks ago I continued work in https://github.com/trustification/trustify/pull/405
Fix #394: Before downloading the actual content, we look up the sha256 digest from the database and use that to fetch the content from the storage. This is done for advisories, but also for SBOMs.
Also:
Idof the database instead of some ID field from the documentHashOrUuidKeytoIdStorageKey)