Skip to content

roxctl: fix checksum for 4.6.2 #207032

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Feb 10, 2025
Merged

roxctl: fix checksum for 4.6.2 #207032

merged 2 commits into from
Feb 10, 2025

Conversation

stefanb
Copy link
Member

@stefanb stefanb commented Feb 9, 2025
edited
Loading

  • Have you followed the guidelines for contributing?
  • Have you ensured that your commits follow the commit style guide?
  • Have you checked that there aren't other open pull requests for the same formula update/change?
  • Have you built your formula locally with HOMEBREW_NO_INSTALL_FROM_API=1 brew install --build-from-source <formula>, where <formula> is the name of the formula you're submitting?
  • Is your test running fine brew test <formula>, where <formula> is the name of the formula you're submitting?
  • Does your build pass brew audit --strict <formula> (after doing HOMEBREW_NO_INSTALL_FROM_API=1 brew install --build-from-source <formula>)? If this is a new formula, does it pass brew audit --new <formula>?

found in

Tag moving evidence https://github.com/stackrox/stackrox/actions/workflows/release-ci.yaml:
image
matches the timeline.

@stefanb stefanb added the checksum mismatch SHA-256 doesn't match the download label Feb 9, 2025
@github-actions github-actions bot added the go Go use is a significant feature of the PR or issue label Feb 9, 2025
@stefanb stefanb mentioned this pull request Feb 9, 2025
Merged
39 tasks
@daeho-ro
Copy link
Member

daeho-ro commented Feb 9, 2025

https://github.com/stackrox/stackrox/actions?query=branch:4.6.2

The commit for version tag is changed.

image

@stefanb stefanb added the CI-checksum-change-confirmed A checksum change was confirmed by upstream label Feb 9, 2025
@SMillerDev
Copy link
Member

Did we also confirm this as intentional? Because that's the main problem, the tag moving can just as well be malicious.

@SMillerDev SMillerDev removed the CI-checksum-change-confirmed A checksum change was confirmed by upstream label Feb 9, 2025
@daeho-ro daeho-ro mentioned this pull request Feb 9, 2025
Closed
@stefanb
Copy link
Member Author

stefanb commented Feb 9, 2025

Diff between commits where tag was moved does not seem malicious:
stackrox/stackrox@90eec18...ecff2a4 (fixed commit sha)
stackrox/stackrox@90eec18...4.6.2 (based on current tag position)

@SMillerDev SMillerDev added the CI-checksum-change-confirmed A checksum change was confirmed by upstream label Feb 10, 2025
@SMillerDev
Copy link
Member

Upstream confirmed this was intentional

@github-actions GitHub Actions
Copy link
Contributor

🤖 An automated task has requested bottles to be published to this PR.

@github-actions github-actions bot added the CI-published-bottle-commits The commits for the built bottles have been pushed to the PR branch. label Feb 10, 2025
@BrewTestBot BrewTestBot added this pull request to the merge queue Feb 10, 2025
Merged via the queue into master with commit be7abe0 Feb 10, 2025
15 checks passed
@BrewTestBot BrewTestBot deleted the roxctl-fix-checksum branch February 10, 2025 10:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SMillerDev SMillerDev SMillerDev approved these changes

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees
No one assigned
Labels
checksum mismatch SHA-256 doesn't match the download CI-checksum-change-confirmed A checksum change was confirmed by upstream CI-published-bottle-commits The commits for the built bottles have been pushed to the PR branch. go Go use is a significant feature of the PR or issue
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@stefanb @daeho-ro @SMillerDev @BrewTestBot