Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pre package pull check #2780

Open
jsallay opened this issue Jul 29, 2024 · 4 comments · May be fixed by #3252
Open

Pre package pull check #2780

jsallay opened this issue Jul 29, 2024 · 4 comments · May be fixed by #3252
Assignees
@jamestexas
Labels
enhancement ✨ New feature or request good first issue 🥇 Good for newcomers

Comments

@jsallay
Copy link

jsallay commented Jul 29, 2024

Is your feature request related to a problem? Please describe.

Zarf packages can become quite large. Sometimes I want to download new packages (zarf package pull) and make sure that old packages haven't been corrupted. I can't see a way to check if the package that I pulled has been modified from what is in the package registry.

Describe the solution you'd like

I can run a sha256sum on a pulled package. It would be nice if I could check the hash for a package in the registry without downloading it first. It be something like:

zarf package pull --hash-only oci://...
# or
zarf package get-hash oci://...
# or
zarf package check oci://...  <path-to-downloaded-file>

Describe alternatives you've considered

With docker images I can run docker manifest inspect and get the info that I'm looking for, but I'm not sure that I can get the same info with zarf. I have a harbor registry and I can look up the sha hash there, but it doesn't match that of the file.

It's possible that there is already an easy way to do this and I'm just not aware.

Additional context

Add any other context or screenshots about the feature request here.
@jsallay jsallay added the enhancement ✨ New feature or request label Jul 29, 2024
@phillebaba
Copy link
Member

Sounds like what you are looking for is that we do a HEAD request to check the package digest and comparing it to what is stored locally. That way we could skip the pull if these already match.

Is this the type of feature you are looking for @jsallay ?

@salaxander salaxander added the good first issue 🥇 Good for newcomers label Aug 7, 2024
@salaxander salaxander added this to Zarf Aug 7, 2024
@github-project-automation github-project-automation bot moved this to Backlog in Zarf Aug 7, 2024
@jamestexas
Copy link
Contributor

I'm interested in tackling this one.

@jsallay
Copy link
Author

jsallay commented Aug 7, 2024 via email

@schristoff
Copy link
Contributor

@jamestexas assigned :)

@jamestexas jamestexas linked a pull request Nov 20, 2024 that will close this issue
Draft
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jamestexas jamestexas

Labels
enhancement ✨ New feature or request good first issue 🥇 Good for newcomers
Projects
Zarf
Status: Backlog
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(src/internal/package2/pull.go): Check if package exists for OCI layers jamestexas/zarf
5 participants
@salaxander @phillebaba @jamestexas @schristoff @jsallay