assemble-streams could validate the data
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
juju-release-tools |
Fix Released
|
High
|
Curtis Hovey |
Bug Description
There are two cases where we want to validate when assembling streams.
1. Does the host possess all the tools that should be in the stream?
init_
by a sync that can be disabled or quietly fails. This case should be detected early and exit.
2. After the metadata is created, does it contain just the additions we expect? as dates the only other changes?
The generate_streams() methdds assumed that everything is okay. We certainly should not sign the data
if it isn't what we expect
We understand that juju metadata generate-tools will append to existing json. Maybe this project could provide the last vetted and approved copies of cpc and canonical metadata, The assemble script can check for the tools in the metadata to know what to expect in the directories. a diff of the previous data against the new data should show date changes and tool inclusions, nothing mroe.
There is one caveat with the suggestion, when tools are retracted, starting set of tools will be less than the data shows and the final data will show removals.
Related branches
- Aaron Bentley (community): Approve
-
Diff: 118 lines (+39/-11)1 file modifiedassemble-streams.bash (+39/-11)
Changed in juju-release-tools: | |
assignee: | nobody → Curtis Hovey (sinzui) |
status: | Triaged → In Progress |
Changed in juju-release-tools: | |
status: | In Progress → Fix Released |