Skip to content

chore(releasing): validate tarball sha1 before publishing to homebrew MONGOSH-2059 #2407

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
nirinchev merged 3 commits into from
Mar 26, 2025
Merged

chore(releasing): validate tarball sha1 before publishing to homebrew MONGOSH-2059 #2407

nirinchev merged 3 commits into from
Mar 26, 2025

Conversation

@nirinchev
Copy link
Collaborator

@nirinchev nirinchev commented Mar 13, 2025

This is related to MONGOSH-2059 where we published a homebrew formula with the incorrect sha. There doesn't seem to be anything wrong with the way we're doing these sha updates, so my best guess is that it's a case of incomplete/corrupted download from npm that caused us to compute the wrong sha256. This PR changes it so we use the shasum field from the npm API to validate the tarball integrity before publishing the formula to homebrew, as well as adds a retry mechanism to attempt to recover in case we download the wrong thing.

nirinchev
nirinchev commented Mar 13, 2025
View reviewed changes
.evergreen/verify-packaged-artifact.sh

# Get-AuthenticodeSignature just outputs text, it doesn't exit with a non-zero
# code if the file is not signed
if grep -q NotSigned "$TMP_FILE"; then
Copy link
Collaborator Author

@nirinchev nirinchev Mar 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is unrelated to MONGOSH-2059, but I noticed we don't correctly validate the signature of the package on windows, so figured I'll fix it as a drive by. Happy to move to a different PR if folks prefer a cleaner separation of changes.

@nirinchev nirinchev requested review from addaleax, Copilot and gagik March 13, 2025 15:13
addaleax
addaleax reviewed Mar 14, 2025
View reviewed changes
gagik
gagik approved these changes Mar 18, 2025
View reviewed changes
@nirinchev nirinchev merged commit 3531018 into main Mar 26, 2025
128 of 134 checks passed
@nirinchev nirinchev deleted the ni/homebrew-shasum branch March 26, 2025 15:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@addaleax addaleax addaleax left review comments

@lerouxb lerouxb lerouxb approved these changes

@gagik gagik gagik approved these changes

Copilot code review Copilot Awaiting requested review from Copilot

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@nirinchev @lerouxb @addaleax @gagik