Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added package hash validation on restore #380

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Added package hash validation on restore #380

wants to merge 1 commit into from

Conversation

ilchenkob
Copy link
Contributor

This PR contains updated version of Invoke-PackageRestore.ps1 script: it checks hashes of downloaded packages.
It helps to prevent build failure on a later stage if some package was not fully downloaded or is corrupted

jeanfrancoislarente
jeanfrancoislarente reviewed Oct 19, 2020
View reviewed changes
build/modules/SitecoreImageBuilder/1.0.0/Public/Invoke-PackageRestore.ps1 Outdated
Comment on lines 72 to 79
$fileName = ($filePath.Replace(("{0}" -f $destinationPath), "")) -replace "([\/\\])", ""
$package = $packages.$fileName

if (Test-Path $filePath -PathType Leaf)
{
$requiredFile = Get-Item -Path $filePath
$requiredFileHash = $(Get-FileHash -Path $filePath).Hash

if ($requiredFile.Length -gt 0)
if ($package.hash -eq $requiredFileHash)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What happens in the event where the url and hash are not provided in the sitecore-packages.json file?

Do we need to add the hash for all files in the sitecore-packages.json file?

ie:

"Data Exchange Framework 5.0.0 rev. 01466.scwdp.zip": {
        "url": "",
        "hash": ""
    }

Copy link
Contributor Author

@ilchenkob ilchenkob Oct 19, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a good point. Should I add check to skip hash if it's empty?
For me it sounds better to put hashes for all files in sitecore-packages.json, but I understand that might be tricky to do it.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's up to you. Ideally the hash for all files exists, but it's probably more realistic to skip if hash is empty. Otherwise someone has to download the zip, convert it using SAT and then update the hash.

It's something that can be done over time and perhaps we can enforce future PRs to include the hash for items added to the json (guilty as charged) and as modifications are made, we can add the hash.

I'd say for now just add logic to skip if empty.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jeanfrancoislarente
I updated my changes: if hash in sitecore-packages.json is empty, then old check will be used, otherwise file hash will be verified.

@ilchenkob ilchenkob force-pushed the feature/downloaded-package-check branch from 873b3b1 to 6db0430 Compare October 20, 2020 12:59
@pbering
Copy link
Contributor

pbering commented Oct 20, 2020

FYI, the reason why we haven't done this before is that it takes for ever to do if your packages are stored on for example a Azure Storage file share. Have you tested how long time it tasks to check all packages using a remote file share?

@ilchenkob
Copy link
Contributor Author

@pbering
Unfortunately I have no chance to test it with a remote file share at this moment. Feel free to close this PR without merging it if these changes are not needed.

@jeanfrancoislarente jeanfrancoislarente added the help wanted Extra attention is needed label Oct 30, 2020
@jeanfrancoislarente
Copy link
Member

Hoping someone who is using a remote fileshare can take this for a test-drive.

@jeanfrancoislarente jeanfrancoislarente added testing-help-needed PR has been reviewed and is good but needs some help to get tested and removed help wanted Extra attention is needed labels Nov 5, 2020
@vtml
Copy link
Contributor

vtml commented Dec 12, 2020

@jeanfrancoislarente / @pbering just want to clarify that Remote file share is the equivalent of Azure File Share. I can help testing this next week if this is still required.

@jeanfrancoislarente
Copy link
Member

jeanfrancoislarente commented Dec 12, 2020 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bplasmeijer bplasmeijer Awaiting requested review from bplasmeijer bplasmeijer is a code owner

@jeanfrancoislarente jeanfrancoislarente Awaiting requested review from jeanfrancoislarente jeanfrancoislarente is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
testing-help-needed PR has been reviewed and is good but needs some help to get tested
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@ilchenkob @pbering @jeanfrancoislarente @vtml