Mirrors/flux2
1
0
Fork 0
mirror of synced 2026-02-06 19:05:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

RFC: add design details artifact digest

Browse Source 
Signed-off-by: Hidde Beydals <hello@hidde.co>
This commit is contained in:
Hidde Beydals
2022-10-21 15:09:03 +00:00
parent f92d708051
commit 5faf6ebadc
1 changed files with 48 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
rfcs/XXXX-artifact-revision-format/README.md
View File

@@ -283,15 +283,60 @@ release.
### Artifact Digest
The `Artifact`'s `Digest` field advertises the checksum of the file in the
`URL`. The checksum within the value MUST be appended with an alias for the
algorithm separated by `:` (e.g. `sha256:...`). This follows the
[digest format][go-digest] of OCI.
#### Format
```text
<algo> ":" <checksum>
```
Where `" "` indicates a literal string, and `< >` a variable.
#### Library
The library used for calculating the `Digest` field value is
`github.com/opencontainers/go-digest`. This library is used by various
OCI libraries which we already depend on, stable and extensible.
#### Configuration
The checksum MUST be calculated using the algorithm configured in the
`--artifact-digest-algo` flag of the source-controller binary. The default
value is `sha256`, but can be changed to `sha384`, `sha512` or `blake3`.
**Note:** availability of BLAKE3 is at present dependent on an explicit import
of `github.com/opencontainers/go-digest/blake3`.
When the provided algorithm is NOT supported, the source-controller MUST
fail to start.
When the configured algorithm changes, the `Digest` MAY be recalculated to
update the value.
#### Calculation
The checksum MUST be calculated using the algorithm configured in the
`--artifact-digest-algo` flag of the source-controller binary.
#### Verification
#### Deprecation of Checksum
The checksum of a downloaded artifact MUST be verified against the `Digest`
field value. If the checksum does not match, the verification MUST fail.
### Deprecation of Checksum
The `Artifact`'s `Checksum` field is deprecated and MUST be removed in a
future release. The `Digest` field MUST be used instead.
#### Backwards compatibility
To allow backwards compatability, the source-controller could continue
to advertise the checksum part of a `Digest` in the `Checksum` field until
the field is removed.
## Implementation History
@@ -302,4 +347,5 @@ Major milestones in the lifecycle of the RFC such as:
- The version of Flux where the RFC was retired or superseded.
-->
[BLAKE3]: https://github.com/BLAKE3-team/BLAKE3
[BLAKE3]: https://github.com/BLAKE3-team/BLAKE3
[go-digest]: https://pkg.go.dev/github.com/opencontainers/go-digest#hdr-Basics