When #7277 was merged is was intended to create shasums accessible
in a way shasum -c or sha256sum could use to verify the files the
Helm project ships. The solution created a new file named
shasums.txt. This setup contained a few problems:
1. The new file file was not uploaded to get.helm.sh for someone
to download and use.
2. The file had not version in the naming or path. This means that
each new release of Helm will overwrite it. Downloading and
validating an old file is impossible.
3. If one downloads a single file, the shasums.txt file, and uses
shasum -c it will return an exit code that is 1. This is because
of missing files as it is looking for all the files from the
release.
4. The shasums.txt file is not signed for verification like the
other files.
This change fixes these problems with the following changes:
* Instead of a shasums.txt file there is a .sha256sum file for
each package. For example, helm-3.1.0-linux-amd64.zip.sha256sum.
This file will can be used with `shasum -a 256 -c` to verify
the single file helm-3.1.0-linux-amd64.zip. The exit code of
checking a single file is 0 if the file passes.
* This new .sha256sum file is signed just like the .tar.gz, .zip,
and .sha256 files. The provenance can be verified.
* The file name starts with `helm-` meaning the existing upload
script in the deploy.sh file will move it to get.helm.sh.
Note, the existing .sha256 file can be deprecated and removed
in Helm v4 with the new .sha256sum file taking over. But,
for backwards compatibility with scripts it needs to be kept
during v3.
Closes#7567
Signed-off-by: Matt Farina <matt@mattfarina.com>
For commands using the new post-render flag, the completion for the
--output flag was broken.
For example:
helm install -o <TAB>
__helm_handle_reply:47: command not found: __helm_output_options
The bash __helm_output_options function is no longer used but was
referred to by mistake.
This commit removes the offending code.
Signed-off-by: Marc Khouzam <marc.khouzam@montreal.ca>
The template command uses the memory driver. This driver now supports
namespaces, so the template code-path now specifies the namespace as
required by the memory driver.
Signed-off-by: Marc Khouzam <marc.khouzam@montreal.ca>
The unit test added to cover #7233 was causing changes to show up in git
when tests were ran. This was due to the dependency build creating a new
tarball. These changes would cause a dirty build when we build our major
versions, so I removed the subchart tarball from git and added the charts
folder for that test chart to the gitignore to avoid any future problems.
Based on all I can see, this should have any impact on the test itself
Signed-off-by: Taylor Thomas <taylor.thomas@microsoft.com>
* Fix issue with apiVersion v1 lock digest
When apiVersion v1 chart dependencies are built with Helm 2
and then built with Helm 3, the lock digests differ. To avoid
this issue, a depdendency update is forced.
Signed-off-by: Martin Hickey <martin.hickey@ie.ibm.com>
* Check against Helm v2 hash
Handle scenario where dependency hash was generated by Helm v2
but need to do a dependency build with Helm v3.
Signed-off-by: Martin Hickey <martin.hickey@ie.ibm.com>
* Add unit test
Signed-off-by: Martin Hickey <martin.hickey@ie.ibm.com>
* Refactor unit test
Refactor unit test to use an existing chart as dependency
Signed-off-by: Martin Hickey <martin.hickey@ie.ibm.com>
* Update after review
Comments:
- https://github.com/helm/helm/pull/7261#discussion_r373827088
- https://github.com/helm/helm/pull/7261#discussion_r373827250
Signed-off-by: Martin Hickey <martin.hickey@ie.ibm.com>
* Allow template output to use release name
helm template output command uses the chart name only when writing
templates to disk. This changes will also use the release name
to avoid colloiding the path when output nore than one release
of smae chart.
Signed-off-by: Martin Hickey <martin.hickey@ie.ibm.com>
* Update after review
Comment:
- https://github.com/helm/helm/pull/7503/files#r374130090
Signed-off-by: Martin Hickey <martin.hickey@ie.ibm.com>
This newly added tests was failing on MacOS because /proc does not
exist. This commit replaces /proc with /tmp to achieve the same result.
Signed-off-by: Marc Khouzam <marc.khouzam@montreal.ca>
Matthew Fisher
Martin Hickey
Benn Linger
Matt Farina
Marc Khouzam
Daniel Cheng
Matt Butcher
Taylor Thomas
Jon Huhn
Thilak Somasundaram
Mike Tougeron
Josh Dolitsky
Karuppiah Natarajan
Yaakov Selkowitz
Nick Lee