plugin bundling scripts need to check checksum when downloading #2539

illume · 2024-11-07T13:58:30Z

Describe the bug

There are some plugin bundling scripts for the app and the container image which download plugins without checking their checksums. The risk is that some files might be corrupted or changed.

Related files:

build-manifest.json
app-build-manifest.json
app/scripts/setup-plugins.js
container/fetch-plugins.sh

Probably there are other files that call these.

The package command generates a sha256 checksum, so probably we should use that?

We might want to think of this holistically as being part of the publishing process.

Additional Context

Probably this functionality should live in headlamp-plugin. Currently it's in two different scripts.

The text was updated successfully, but these errors were encountered:

illume added bug Something isn't working security plugins headlamp-plugin Related to the headlamp-plugin NPM package. labels Nov 7, 2024

github-project-automation bot added this to Release Plan / Roadmap Nov 7, 2024

github-project-automation bot moved this to Queued in Release Plan / Roadmap Nov 7, 2024

illume added the release Related to releasing label Nov 7, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

plugin bundling scripts need to check checksum when downloading #2539

plugin bundling scripts need to check checksum when downloading #2539

illume commented Nov 7, 2024

plugin bundling scripts need to check checksum when downloading #2539

plugin bundling scripts need to check checksum when downloading #2539

Comments

illume commented Nov 7, 2024

Describe the bug

Additional Context