Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use go-plugin's internal mechanism for verifying checksum #78

Closed
mostafa opened this issue Jan 4, 2023 · 2 comments · Fixed by #233
Closed

Use go-plugin's internal mechanism for verifying checksum #78

mostafa opened this issue Jan 4, 2023 · 2 comments · Fixed by #233
Assignees
@mostafa
Labels
enhancement New feature or request
Milestone
v0.6.x

Comments

@mostafa
Copy link
Member

mostafa commented Jan 4, 2023
edited
Loading

This requires checksums to be loaded securely, rather than being hard-coded in the plugin config file.
@mostafa mostafa self-assigned this Jan 4, 2023
@mostafa mostafa converted this from a draft issue Jan 4, 2023
@mostafa mostafa added the enhancement New feature or request label Jan 4, 2023
@mostafa mostafa added this to the v0.2.x milestone Jan 4, 2023
@mostafa mostafa added the triage Triage based on the content label Jan 6, 2023
@mostafa mostafa removed this from the v0.2.x milestone Jan 6, 2023
@mostafa
Copy link
Member Author

mostafa commented Jan 6, 2023
edited
Loading

This should be done at a later time and I'll remove it from the v0.2.0 milestone. The reason is that there should be a trusted repository to hold the checksums, so that GatewayD can verify the plugins against them. Otherwise the plugins can be downloaded from GitHub and the checksums should reside next to the release files and used in the gatewayd_plugin.yaml file.

@mostafa mostafa moved this from 🆕 New to 📋 Backlog in GatewayD Core Public Roadmap Jan 15, 2023
@mostafa mostafa modified the milestone: v0.3.x Jan 15, 2023
@mostafa mostafa added this to the v0.4.x milestone Jan 24, 2023
@mostafa mostafa moved this from 📋 Backlog to 🆕 New in GatewayD Core Public Roadmap Jan 24, 2023
@mostafa mostafa removed this from the v0.4.x milestone Jan 24, 2023
@mostafa mostafa added this to the v0.6.x milestone Mar 20, 2023
@mostafa mostafa moved this from 🆕 New to 📋 Backlog in GatewayD Core Public Roadmap Mar 20, 2023
@mostafa
Copy link
Member Author

mostafa commented Mar 20, 2023
edited
Loading

The gatewayd-plugin-cache is released. Each gunzipped tar file contain the binary and the checksum of the binary file. The plugin command (#122) can leverage this to include the checksum in the gatewayd_plugins.yaml config. The checksum validation of GatewayD should be removed in favor of go-plugin's.

@mostafa mostafa removed the triage Triage based on the content label Mar 20, 2023
@mostafa mostafa moved this from 📋 Backlog to 🏗 In progress in GatewayD Core Public Roadmap Apr 25, 2023
@mostafa mostafa mentioned this issue Apr 26, 2023
Merged
@mostafa mostafa moved this from 🏗 In progress to 👀 In review in GatewayD Core Public Roadmap Apr 26, 2023
@mostafa mostafa moved this from 👀 In review to ✅ Done in GatewayD Core Public Roadmap Apr 26, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mostafa mostafa

Labels
enhancement New feature or request
Projects
GatewayD Core Public Roadmap
Status: 🎉 Done
Milestone
v0.6.x
Development

Successfully merging a pull request may close this issue.

Use secure config for checksum verification gatewayd-io/gatewayd
1 participant
@mostafa