Skip to content

Avoid altering signature for .cargo/vendor files#800

Merged
val-ms merged 1 commit intoCisco-Talos:mainfrom
atoomic:patch-1
Mar 9, 2023
Merged

Avoid altering signature for .cargo/vendor files#800
val-ms merged 1 commit intoCisco-Talos:mainfrom
atoomic:patch-1

Conversation

@atoomic
Copy link
Contributor

@atoomic atoomic commented Dec 29, 2022

When using the content of the clamav tarball in a git repository to version a debian or RedHat package for example. We should never alter the files from cargo or this result in corrupted signature and thus we cannot install the files.

As the repo provides its own .gitattributes we cannot easily overwrite it without manually updating .git/info/attributes.

Alternatively we could remove the .gitattributes file from the tarball when generating it.

@atoomic
Copy link
Contributor Author

atoomic commented Dec 29, 2022

Note that the published tarballs contain .cargo/vendor files and at the same time a global .gitattributes (at the root) coming from https://github.com/Cisco-Talos/clamav/blob/main/.gitattributes#L3 which set explicitly * text=auto

This change is overwriting that policy for the content of libclamav_rust directory so rust files are not updated which could then result in invalid signature from the cargo-checksum.json files.

val-ms
val-ms requested changes Mar 7, 2023
View reviewed changes
@atoomic atoomic requested a review from val-ms March 8, 2023 17:36
@atoomic
Avoid altering signature for .cargo/vendor files
f5ef20e 
When using the content of the `clamav` tarball in a git repository to version a debian or RedHat package for example.
We should never alter the files from cargo or this result in corrupted signature and thus we cannot install the files.

As the repo provides its own `.gitattributes` we cannot easily overwrite it without manually updating `.git/info/attributes`.

Alternatively we could remove the `.gitattributes` file from the tarball when generating it.
@atoomic
Copy link
Contributor Author

atoomic commented Mar 8, 2023

I ve resubmitted using your suggestion

@val-ms val-ms merged commit 3710689 into Cisco-Talos:main Mar 9, 2023
@val-ms val-ms added the 🍒cherry-pick-candidate A PR that should be backported once approved. label Mar 9, 2023
@val-ms val-ms mentioned this pull request Mar 9, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@val-ms val-ms val-ms approved these changes

+1 more reviewer

@toddr toddr toddr left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

🍒cherry-pick-candidate A PR that should be backported once approved.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@atoomic @toddr @val-ms