zyedidia
commented
10 months ago How is this different than the existing functionality that verifies checksums?
Open gfelbing opened 11 months ago
zyedidia
commented
10 months ago How is this different than the existing functionality that verifies checksums?
gfelbing
commented
10 months ago The current functionality only uses single-file checksums, e.g. when there is a binaryname.sha256 next to binaryname.
Many projects offer their checksums in a single sha256 file format, e.g. the checksums.txt in k9s.
This PR adds the functionality for checking against such files.
hhromic
commented
10 months ago +1 for this feature.
GoReleaser is used by many Go projects nowadays and it generates single checksum files by default as well. Their own releases page is an example.
gfelbing
commented
6 months ago @zyedidia I rebased the PR against your latest master and simplified the match for sha256files. Is there anything you are missing from the PR? If you need more examples for the usefulness of the feature: e.g. kubebuilder uses a single checksums file as well.
Many projects offer a single asset in form of a sha256sum file, e.g. k9s. This PR checks the asset list for such files and verifies a checksum against it.