d60209aef0
Use the newly published checksum files to verify the integrity of the downloaded IPA files. If verification fails, we try a few more times before we give up since that would either mean that there is a connectivity issue on our end or a problem with the uploaded files. Checksum verification is enabled by default but it can be easily disabled in case we do a non-upstream build with no checksum files available. Depends-On: I66afa3682ee1461ba1cdb68a134eaa4fd85af4e0 Change-Id: I7b3cad1b42e297b87ca839d66a16303250e27404
21 lines
1.2 KiB
YAML
21 lines
1.2 KiB
YAML
---
|
|
features:
|
|
- Downloaded IPA files can now be verified using checksum files.
|
|
Upstream builds will be verified by default but you can disable
|
|
this behavior by setting ``ipa_kernel_upstream_checksum_url`` or
|
|
``ipa_ramdisk_upstream_checksum_url`` variables to empty strings.
|
|
The default checksum algorithm is ``sha256`` which matches
|
|
the one provided in the upstream files. In case you want to
|
|
provide your own checksum files, you can set the previously mentioned
|
|
variables appropriately to match your setup. You can also set
|
|
``ipa_kernel_upstream_checksum_algo`` or ``ipa_ramdisk_upstream_checksum_algo``
|
|
to checksum algorithms like ``md5`` in case you want to provide
|
|
non-sha256 checksums. Be careful though because these values
|
|
must be valid for Ansible ``get_url`` module's ``checksum``
|
|
parameter. Finally, it's also possible to provide the checksum
|
|
directly by setting the ``ipa_kernel_checksum`` or ``ipa_ramdisk_checksum``
|
|
variables to ``$algorithm:$checksum``.
|
|
In case the verification fails, bifrost will retry a few more times
|
|
to re-download and re-verify the files before giving up assuming
|
|
there is a network issue or a file corruption on the remote server.
|