Support other checksum algorithms

[dmikusa]

In #26 we added support for checksum = "algo:hash", but only where the algorithm is sha256.

This issue is to support additional algorithms. Supporting more algorithms is additional work because it requires modifications to the code that validates the checksums as well.

If you need support for other algorithms, please post here and indicate the algorithms you're using. Thanks

[dmikusa]

the dotnet buildpack uses sha512:

https://github.com/paketo-buildpacks/dotnet-core-sdk/blob/46fd6bbfe0ce38cd38efa2c1b30dbf736313cf2a/buildpack.toml#L22C24-L22C152

[doddisam]

Is there a plan to supports sha512 in newer version?

I see dotnet core used sha512.

[dmikusa]

Is there a plan to supports sha512 in newer version?

Yes. Follow this issue for updates.

If you'd like to submit a PR, happy to chat about what that might entail.

[doddisam]

Meanwhile, Do you know if we can add sha512 id manually in dependency secrets. I dont see sha512 field in the dotnet buildpacks builder.toml file. In java we have sha256 field and adding that to mappings works as expected.

https://github.com/paketo-buildpacks/dotnet-core-aspnet-runtime/blob/main/buildpack.toml

For java
0390f964e9cadbb0795f44b2b29d2e6755bd8b800a94fee980aed8c26766c124: https://xxx.xxx.xxx:443/artifactory/dicf/paketo-java-dependencies/binaries/spring-cloud-bindings-2.0.3.jar - Works

How to add it for dontnet since there is no sha512 field in builder.toml

Is there a way to add it for these dotnet buildpacks ?

[dmikusa]

@doddisam The sha256 field is the old field. Going forward the field is called checksum.

For example:

checksum = "sha512:757d017db28b8e34c4b242c082aa51eb85bce8fca16af37a0beabedb271c9bd13e1631868faa131745d7784db48974567f82275da09041ba434dcb7abe821a2d"

The algorithm goes in the first part followed by a : followed by the actual check sum value.

So for the binding file, the key would be checksum and the contents would be algo:actual-checksum, from the example above sha512:757d017db28b8e34c4b242c082aa51eb85bce8fca16af37a0beabedb271c9bd13e1631868faa131745d7784db48974567f82275da09041ba434dcb7abe821a2d.

That should work. We haven't updated the Java-related buildpacks yet, so those still use the old key. At some point we'll get around to it, but it's not particularly urgent as sha256 is good enough.

[doddisam]

@dmikusa Thanks for the reply.

I am using K8's dependency mapping and this is how my secrets looks. I don't think key can have ":" in the k8's secrets. That is issue i am facing currently. Can you please check below and advice proper format ?

apiVersion: v1
kind: Secret
metadata:
name: dependencies
type: service.binding/dependency-mapping
stringData:
type: dependency-mapping
sha512:16cd54c431d80710a06037f8ea593e04764a80cbaad75e1db4225fbe3e7fce4c4d279f40757b9811e1c092436d2a1ca3be64c74cb190ebf78418a9865992ad12: https://xxx.xxx.xx:443/artifactory/dicf/paketo-java-dependencies/binaries/aspnetcore-runtime-8.0.6-linux-x64.tar.gz

[dmikusa]

Oh, you're right. I forgot about that.

Modify RFC to allow checksum dependency mappings to be passed in with a _ instead of : to enable functionality on Kubernetes (: is not an allowed character).

https://github.com/paketo-buildpacks/rfcs/blob/11691011512b9f075d06c31b74ea29bb5c3e5f69/text/0010-dependency-mappings.md?plain=1#L79

So in your case it would be <algo>_<actual-checksum>.

[doddisam]

@dmikusa Thanks for your input. Its working fine