ajorgensen opened a new pull request #2856: Add sha256 checksums for all http_archives URL: https://github.com/apache/incubator-heron/pull/2856 I have taken the current sha256 checksum for all of the workspace archives so we can verify their signature on download. Since some of the artifacts are downloaded over http, we want to make sure there was no man in the middle attack done to change the resulting binary. This also gives assurance that the code we are downloading has not been tampered with in any way either over the wire or at the source. I used the following function: ``` checksum_remote () { curl -L -s $1 | sha256sum | cut -d' ' -f1 | tr -d '\n' } ``` to get the sha256 signature and then ran `bazel clean && bazel build //heron/...` to verify the signatures were correct. Closes https://github.com/apache/incubator-heron/issues/2854
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
