aquaproj/aqua v1.19.0-0 on GitHub

Pull Requests | Issues | v1.18.0...v1.19.0-0

efa3e59

Features

#427 #1070 Support verifying downloaded assets with checksums

Getting Started

aqua.yaml

---
# aqua - Declarative CLI Version Manager
# https://aquaproj.github.io/
checksum:
  enabled: true
registries:
- type: local
  name: local
  path: registry.yaml
packages:
- name: suzuki-shunsuke/tfcmt@v3.3.0
  registry: local

registry.yaml

packages:
  - type: github_release
    repo_owner: suzuki-shunsuke
    repo_name: tfcmt
    description: Fork of mercari/tfnotify. tfcmt enhances tfnotify in many ways, including Terraform >= v0.15 support and advanced formatting options
    asset: tfcmt_{{.OS}}_{{.Arch}}.tar.gz
    version_constraint: semver(">= 3.2.5")
    version_overrides:
      - version_constraint: "true"
        supported_envs:
          - darwin
          - linux
    checksum:
      type: github_release
      algorithm: sha256
      path: tfcmt_{{trimV .Version}}_checksums.txt
      file_format: regexp
      pattern:
        checksum: ^(.{64})
        file: ^.{64}  (.*)$

Install packages by aqua i.

$ aqua i

Then .aqua-checksums.json is created.

{
  "github_release/github.com/suzuki-shunsuke/tfcmt/v3.3.0/tfcmt_darwin_amd64.tar.gz": "dc057c1eab3c0e254f7e0a668096ca2dd79216106a3d6597811a0d91709068aa",
  "github_release/github.com/suzuki-shunsuke/tfcmt/v3.3.0/tfcmt_darwin_arm64.tar.gz": "e163468dac3cf8da437d5da993b6e9874f97e28de7cfc276cac35f6ab03e3410",
  "github_release/github.com/suzuki-shunsuke/tfcmt/v3.3.0/tfcmt_linux_amd64.tar.gz": "08bbbb54ce7a068f54fcf0e32b3fbd80025eae3f48126296f607223e084cf443",
  "github_release/github.com/suzuki-shunsuke/tfcmt/v3.3.0/tfcmt_linux_arm64.tar.gz": "f50f44900eae2ebd041f262c93b7f145f0fe8166f9b84e500ad4a05b3677ffb6",
  "github_release/github.com/suzuki-shunsuke/tfcmt/v3.3.0/tfcmt_windows_amd64.tar.gz": "e3b3f3c454ad1228af5540dff34ac37b7c98ef6c89f99da9069cf7f32204a905",
  "github_release/github.com/suzuki-shunsuke/tfcmt/v3.3.0/tfcmt_windows_arm64.tar.gz": "0e7f26a973afef87c7eb1681fdd639229b96c6f5122197ab56ddfa66f1d9af52"
}

Basically, this file is created and updated automatically, so you don't have to update this file manually.

When aqua installs packages, aqua verifies the checksum and if the checksum is wrong the installation fails.

$ aqua i
INFO[0000] download and unarchive the package            aqua_version= env=darwin/arm64 package_name=suzuki-shunsuke/tfcmt package_version=v3.3.0 program=aqua registry=local
ERRO[0000] install the package                           actual_checksum=e163468dac3cf8da437d5da993b6e9874f97e28de7cfc276cac35f6ab03e3415 aqua_version= env=darwin/arm64 error="checksum is invalid" expected_checksum=e163468dac3cf8da437d5da993b6e9874f97e28de7cfc276cac35f6ab03e3410 package_name=suzuki-shunsuke/tfcmt package_version=v3.3.0 program=aqua registry=local
FATA[0000] aqua failed                                   aqua_version= env=darwin/arm64 error="it failed to install some packages" program=aqua

You can also create or update .aqua-checksums.json by aqua update-checksum.

$ aqua update-checksum [-a]

Future Work

Update the Standard Registry to support checksum

We have to add such a configuration in each package. This is very tough work so we have to consider the automation.

    checksum:
      type: github_release
      algorithm: sha256
      path: tfcmt_{{trimV .Version}}_checksums.txt
      file_format: regexp
      pattern:
        checksum: ^(.{64})
        file: ^.{64}  (.*)$

Support configuring checksum in aqua gr
Test
Change the format of .aqua-checksums.json for future update