At startup, always check the digests of the files #18

New issue

Closed

opened 2024-11-13 12:19:44 +00:00 by hannes · 4 comments

hannes commented 2024-11-13 12:19:44 +00:00

Owner

Copy link

we should do this, maybe in the background -- so the startup should be:

• try to get the git archive / index.tar.gz up and running (if not, do the git clone)
• start the webserver
• start the git pull (unless already done in the first step)
• check the hashes of the archive, potentially moving data elsewhere
• allow access to the tarballs that have been checked
• download of needed tarballs

I find the "bringing up the web service" should be the highest priority, but delivering archives with bad checksums is something that we should really avoid.

Currently, we have a --verify-sha256 flag which is off by default and only if it is true, the archive checksums are verified (and this is done before the web server is up and running).

we should do this, maybe in the background -- so the startup should be: - try to get the git archive / index.tar.gz up and running (if not, do the git clone) - start the webserver - start the git pull (unless already done in the first step) - check the hashes of the archive, potentially moving data elsewhere - allow access to the tarballs that have been checked - download of needed tarballs I find the "bringing up the web service" should be the highest priority, but delivering archives with bad checksums is something that we should really avoid. Currently, we have a `--verify-sha256` flag which is off by default and only if it is true, the archive checksums are verified (and this is done before the web server is up and running).

dinosaure commented 2024-11-13 12:25:16 +00:00

Owner

Copy link

Note that we don't need to check values into the git archive. The PACK file has a signature (a SHA1) which verify the integrity of the whole Git archive.

Note that we don't need to check values into the git archive. The PACK file has a signature (a SHA1) which verify the integrity of the whole Git archive.

hannes commented 2024-11-13 12:31:11 +00:00

Author

Owner

Copy link

I'll open a separate issue.

I'll open a separate issue.

hannes referenced this issue 2024-11-13 12:35:00 +00:00

Git to/of_octets and startup #20

hannes referenced this issue from a commit 2024-11-14 15:38:04 +00:00

revise startup (as proposed in #18):

hannes referenced this issue 2024-11-14 15:38:27 +00:00

revise startup, address urls pointing to same sha256 and support mirrors (upstream and in opam file) #24

hannes commented 2024-11-14 15:38:46 +00:00

Author

Owner

Copy link

see #24 for an implementation.

see #24 for an implementation.

hannes referenced this issue 2024-11-14 18:32:45 +00:00

revise startup, address urls pointing to same sha256 and support mirrors (upstream and in opam file) #24

hannes commented 2024-11-20 10:39:25 +00:00

Author

Owner

Copy link

done in #24

done in #24

hannes closed this issue 2024-11-20 10:39:26 +00:00

hannes referenced this issue 2024-11-21 13:21:02 +00:00

Reserve an area for dumping the Serve.t -- basically the tarball and last_modified date #28

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

index-startup

gptar

cache

No results found.

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

2 participants

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: robur/opam-mirror#18

No description provided.