-
Notifications
You must be signed in to change notification settings - Fork 846
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Do not merge: Dummy test change #12315
Conversation
Are there any plans to have the Sha256 field be anything (a URL perhaps?) but a string of the form of Part of our build process creates a
And it would be great to be able to have the modern setup point to:
|
Not at this time. The idea behind that hash is to guarantee that the distribution doesn't change after it's been added to the manifest, so having a remote file containing the hash wouldn't have that guarantee unfortunately. |
Is that some kind of internal check? Maybe something is auto-checked/validated before a PR would be accepted? Our build service can build the tarball and hash it and even host both files. So it's a bummer if I'd still need to do point-in-time uploads w/ a simple hash; I don't really see the value in that, especially compared to the Store where it felt like it made more sense since we signed the .appx, then Microsoft signed it and there were the other elements related to the Store (and presentation). |
Completely understood. This hash is here to prevent potential supply chain attacks so it would need to be directly in the manifest. Would automating the generation of the pull request be an option for you ? We could potentially have a script hosted in this repo that could do the hashing / generating of the updated manifest and creation of the pull request. If you could call it from your build pipeline that would remove the need for manual work at least |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for your contribution to WSL.
The following fatal errors have been found in this pull request:
- test/test-v1: File "./etc/wsl-distribution.conf" not found in tar
The following suggestions have been found in this pull request:
- test/test-v1: file: "./etc/wsl-distribution.conf" has unexpected mode: 0o755 (expected: ['0o664', '0o644'])
- test/test-v1: value for oobe.command is not under /usr/lib/wsl: "/oobe.sh"
- test/test-v1: file: "./debian.ico" has unexpected mode: 0o755 (expected: ['0o660', '0o640'])
- test/test-v1: value for shortcut.icon is not under /usr/lib/wsl: "/debian.ico"
- test/test-v1: Found discouraged system unit: /usr/lib/systemd/system/sysinit.target.wants/systemd-tmpfiles-setup.service
- test/test-v1: Found discouraged system unit: /usr/lib/systemd/system/sysinit.target.wants/systemd-tmpfiles-setup-dev.service
- test/test-v1: Found discouraged system unit: /etc/systemd/system/multi-user.target.wants/networking.service
- test/test-v1: Found discouraged system unit: /usr/lib/systemd/system/sysinit.target.wants/systemd-tmpfiles-setup.service
- test/test-v1: Found discouraged system unit: /usr/lib/systemd/system/sysinit.target.wants/systemd-tmpfiles-setup-dev.service
- test/test-v1: Found discouraged system unit: /etc/systemd/system/multi-user.target.wants/systemd-resolved.service
- test/test-v1: Found discouraged system unit: /etc/systemd/system/multi-user.target.wants/systemd-networkd.service
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for your contribution to WSL.
The following fatal errors have been found in this pull request:
- test/test-v1: File "./etc/wsl-distribution.conf" not found in tar
The following suggestions have been found in this pull request:
- test/test-v1: file: "./etc/wsl-distribution.conf" has unexpected mode: 0o755 (expected: ['0o664', '0o644'])
- test/test-v1: value for oobe.command is not under /usr/lib/wsl: "/oobe.sh"
- test/test-v1: file: "./debian.ico" has unexpected mode: 0o755 (expected: ['0o660', '0o640'])
- test/test-v1: value for shortcut.icon is not under /usr/lib/wsl: "/debian.ico"
- test/test-v1: Found discouraged system unit: /usr/lib/systemd/system/sysinit.target.wants/systemd-tmpfiles-setup.service
- test/test-v1: Found discouraged system unit: /usr/lib/systemd/system/sysinit.target.wants/systemd-tmpfiles-setup-dev.service
- test/test-v1: Found discouraged system unit: /etc/systemd/system/multi-user.target.wants/networking.service
- test/test-v1: Found discouraged system unit: /usr/lib/systemd/system/sysinit.target.wants/systemd-tmpfiles-setup.service
- test/test-v1: Found discouraged system unit: /usr/lib/systemd/system/sysinit.target.wants/systemd-tmpfiles-setup-dev.service
- test/test-v1: Found discouraged system unit: /etc/systemd/system/multi-user.target.wants/systemd-resolved.service
- test/test-v1: Found discouraged system unit: /etc/systemd/system/multi-user.target.wants/systemd-networkd.service
I have no problem with it being there, just the fact that the process continues to be manual when it feels like there's a better chance where it could be more automated because the pieces seem like they're present. We'd have the hosting built-in and they're already hashed. I'm not saying this process (w/o it being automated in some sense) is difficult but I'm disappointed if the new way (tarballs <->
The build process is cut off from the internet, so seems very unlikely. I'd also be concerned there'd be some indeterminate amount of time where a PR is in flux and the build process has produced a new build, so that PR's file/hash are no good since that file is gone. Sure, that's alleviated by it being a manual process where I provide a static file to you somehow, so it is what it is. I guess we'd continue what we've been doing, just with a different file type. Here's 2 URLS, as an example:
Both contain a "BuildX.Y" specific
Granted, I'd have to make those changes to the build, so those links aren't valid. Also, the I'm not realistically concerned about a supply chain attack in the sense of a static hash for a There's also a chance this can't work for SLE as that build service is generally cut-off from the outside world, but I feel there's enough benefit for openSUSE if this could work, I'm throwing it out here. |
Agreed with that. The official recommendation is to keep at least the two most recent builds on unique URL's, so the hash doesn't get invalidated.
Unfortunately we can't easily change the manifest format now that If the build process itself is disconnected from the internet, there's probably a later step that actually publishes the .tar on a publicly accessible URL right ? Could the pull request step be added there ? Or maybe if that not an option, could we use a "pull" model, where another script looks for updated tars, and automatically hashes them and creates the pull request ? |
At this point I'm not sure. I don't believe this (OBS, aka "Open Build Service") is anything like a github CI/CD pipeline or anything like that. Maybe they have some hooks that could tie into something like that, but I'm sure it would leave us in a place where 'latest build' overwrites 'current build' and it's out of sync w/ this type of an 'open a PR' and wait scenario. My hope would be that there's an established level of trust between Microsoft and SUSE about the origins of these files (even the
That seems like more of a possibility to work for this situation where we'd already have the pieces built and published via OBS. We'd essentially have a static reference to 'the latest' |
No description provided.