fix: verify installer checksum against asset filename#14
Merged
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Add a Unix installer regression test for release checksum files that reference platform asset filenames. Constraint: PR #14 fixes the shell path directly, but branch protection requires checks to prove the installer path stays fixed. Rejected: Relying on manual installer smoke tests only | The checksum filename behavior regressed because it was not encoded in tests. Confidence: high Scope-risk: narrow Directive: Keep this test aligned with release asset naming if artifact names change. Tested: cargo test --test install_script_test on the earlier merged main before reconstructing this PR branch. Not-tested: Full precommit has not run yet on this reconstructed PR branch.
Prepare v0.6.2 so the merged installer checksum repair can be tagged and built by the release workflow. Constraint: v0.6.1 already exists upstream and does not include the final merged PR #14 installer hardening plus regression test. Rejected: Reusing v0.6.1 | Existing tags are immutable release records. Confidence: high Scope-risk: narrow Directive: Tag v0.6.2 from this commit after pushing main. Tested: bash -n install.sh; cargo test --test install_script_test; dr precommit Not-tested: GitHub tag release workflow has not run until the tag is pushed.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
devrunneronly after verification passesshasumfallback compare hashes directly instead of relying on GNU-style filename checksValidation
bash -n install.shsha256sum -csucceeds against the real v0.6.1 release asset checksum