|
How the pws / cloud-ops team verify the buildpack checksum before deploying
it ?
toggle quoted message
Show quoted text
On Thu, May 19, 2016 at 3:57 AM, Danny Rosen <drosen(a)pivotal.io> wrote: In the future we may consider implementing a json feed. If we did go
forward with this work, would you be interested in creating example CI / CD
implementations as references?
On Tue, May 17, 2016 at 10:30 PM, Gwenn Etourneau <getourneau(a)pivotal.io>
wrote:
Hi,
Any json feed /api ?
Can be nice and more easy to integrate with any CI/CD tool.
Thanks
On Wed, May 18, 2016 at 11:15 AM, taichi nakashima <nsd22843(a)gmail.com>
wrote:
Great,
I hope cloudfoundry/cli will provide the same thing.
cf.
https://lists.cloudfoundry.org/archives/list/cf-dev(a)lists.cloudfoundry.org/thread/K3BEBY4A2WSUKS7YS5IF2UDQHHSU35A7/
Taichi Nakashima
2016年5月18日(水) 6:20 David Jahn <djahn(a)pivotal.io>:
Dear Cloud Foundry Users,
To help operators and users of Cloud Foundry establish a "chain of
custody" for buildpacks, we have launched the following checksum site:
https://buildpackverify.cloudfoundry.org
This site provides a checksum for all cached buildpack release zip
files (except for the java-buildpack). Whenever the buildpacks team
generates a new buildpack release, we will immediately compute the SHA256
checksum of that file and upload it to this website.
The site is hosted on a different repository from the main buildpack
github repositories. It allows operators to validate that the zip file we
produced is the same artifact that has been downloaded and installed.
Additionally, if an operator wishes to further investigate the
components of a buildpack, the "manifest.yml" in each buildpack root
directory (for
example,
https://github.com/cloudfoundry/go-buildpack/blob/master/manifest.yml)
provides a catalog of every third party component in the buildpack, a URL
of that component's location, and an MD5 checksum of that component.
We hope that this will assist people in auditing the source of their
buildpack code!
Cheers,
Buildpacks Team
|
|
|
In the future we may consider implementing a json feed. If we did go forward with this work, would you be interested in creating example CI / CD implementations as references? On Tue, May 17, 2016 at 10:30 PM, Gwenn Etourneau <getourneau(a)pivotal.io> wrote: Hi,
Any json feed /api ?
Can be nice and more easy to integrate with any CI/CD tool.
Thanks
On Wed, May 18, 2016 at 11:15 AM, taichi nakashima <nsd22843(a)gmail.com>
wrote:
Great,
I hope cloudfoundry/cli will provide the same thing.
cf.
https://lists.cloudfoundry.org/archives/list/cf-dev(a)lists.cloudfoundry.org/thread/K3BEBY4A2WSUKS7YS5IF2UDQHHSU35A7/
Taichi Nakashima
2016年5月18日(水) 6:20 David Jahn <djahn(a)pivotal.io>:
Dear Cloud Foundry Users,
To help operators and users of Cloud Foundry establish a "chain of
custody" for buildpacks, we have launched the following checksum site:
https://buildpackverify.cloudfoundry.org
This site provides a checksum for all cached buildpack release zip files
(except for the java-buildpack). Whenever the buildpacks team generates a
new buildpack release, we will immediately compute the SHA256 checksum of
that file and upload it to this website.
The site is hosted on a different repository from the main buildpack
github repositories. It allows operators to validate that the zip file we
produced is the same artifact that has been downloaded and installed.
Additionally, if an operator wishes to further investigate the
components of a buildpack, the "manifest.yml" in each buildpack root
directory (for
example,
https://github.com/cloudfoundry/go-buildpack/blob/master/manifest.yml)
provides a catalog of every third party component in the buildpack, a URL
of that component's location, and an MD5 checksum of that component.
We hope that this will assist people in auditing the source of their
buildpack code!
Cheers,
Buildpacks Team
|
|
|
Hi, Any json feed /api ? Can be nice and more easy to integrate with any CI/CD tool. Thanks On Wed, May 18, 2016 at 11:15 AM, taichi nakashima <nsd22843(a)gmail.com> wrote: Great,
I hope cloudfoundry/cli will provide the same thing.
cf.
https://lists.cloudfoundry.org/archives/list/cf-dev(a)lists.cloudfoundry.org/thread/K3BEBY4A2WSUKS7YS5IF2UDQHHSU35A7/
Taichi Nakashima
2016年5月18日(水) 6:20 David Jahn <djahn(a)pivotal.io>:
Dear Cloud Foundry Users,
To help operators and users of Cloud Foundry establish a "chain of
custody" for buildpacks, we have launched the following checksum site:
https://buildpackverify.cloudfoundry.org
This site provides a checksum for all cached buildpack release zip files
(except for the java-buildpack). Whenever the buildpacks team generates a
new buildpack release, we will immediately compute the SHA256 checksum of
that file and upload it to this website.
The site is hosted on a different repository from the main buildpack
github repositories. It allows operators to validate that the zip file we
produced is the same artifact that has been downloaded and installed.
Additionally, if an operator wishes to further investigate the components
of a buildpack, the "manifest.yml" in each buildpack root directory (for
example,
https://github.com/cloudfoundry/go-buildpack/blob/master/manifest.yml)
provides a catalog of every third party component in the buildpack, a URL
of that component's location, and an MD5 checksum of that component.
We hope that this will assist people in auditing the source of their
buildpack code!
Cheers,
Buildpacks Team
|
|
|
toggle quoted message
Show quoted text
Dear Cloud Foundry Users,
To help operators and users of Cloud Foundry establish a "chain of
custody" for buildpacks, we have launched the following checksum site:
https://buildpackverify.cloudfoundry.org
This site provides a checksum for all cached buildpack release zip files
(except for the java-buildpack). Whenever the buildpacks team generates a
new buildpack release, we will immediately compute the SHA256 checksum of
that file and upload it to this website.
The site is hosted on a different repository from the main buildpack
github repositories. It allows operators to validate that the zip file we
produced is the same artifact that has been downloaded and installed.
Additionally, if an operator wishes to further investigate the components
of a buildpack, the "manifest.yml" in each buildpack root directory (for
example,
https://github.com/cloudfoundry/go-buildpack/blob/master/manifest.yml)
provides a catalog of every third party component in the buildpack, a URL
of that component's location, and an MD5 checksum of that component.
We hope that this will assist people in auditing the source of their
buildpack code!
Cheers,
Buildpacks Team
|
|
|
Dear Cloud Foundry Users, To help operators and users of Cloud Foundry establish a "chain of custody" for buildpacks, we have launched the following checksum site: https://buildpackverify.cloudfoundry.orgThis site provides a checksum for all cached buildpack release zip files (except for the java-buildpack). Whenever the buildpacks team generates a new buildpack release, we will immediately compute the SHA256 checksum of that file and upload it to this website. The site is hosted on a different repository from the main buildpack github repositories. It allows operators to validate that the zip file we produced is the same artifact that has been downloaded and installed. Additionally, if an operator wishes to further investigate the components of a buildpack, the "manifest.yml" in each buildpack root directory (for example, https://github.com/cloudfoundry/go-buildpack/blob/master/manifest.yml) provides a catalog of every third party component in the buildpack, a URL of that component's location, and an MD5 checksum of that component. We hope that this will assist people in auditing the source of their buildpack code! Cheers, Buildpacks Team
|
|
|
