Add zip file checksum verification in updater
MERGE REQUEST
Overview
Adds verification to check that the hash of the zip file downloaded matches the hash in the signed checksums file.
v1.4.3 onward the checksums file will include both hashes of the binaries (to aid in reproducibility) and the zip files (for easier verification)
Tested in following circumstances (with build.Version
set to v1.4.0.0):
-
siac update
by default will fail on the "no checksum for zip found" message - skipping the zip checksum message causes the update to succeed
- hardcoded skynet portal links which included zip checksums in v1.4.2.1 file. Signature verification fails as expected.
- If signature verification is skipped, the update succeeeds.
Example for Visual changes (ie Screenshot)
Issues Closed
Checklist
Review and complete the checklist to ensure that the MR is complete before assigned to an approver.
-
All new methods, or updating methods have clear docstrings -
Testing added or updated for new methods -
Any new packages are added to Makefile and .gitlab-ci.yml -
API documentation updated for API updates -
Module README.md updated for changes to work flow -
Issue added to Sia-UI repo for new supporting features