actions/cargo-binstall
1
0
Fork 0
mirror of https://github.com/cargo-bins/cargo-binstall.git synced 2025-04-24 14:28:42 +00:00
Code Issues Projects Releases Packages Wiki Activity

feat: Verify cksum of crate tarball from cargo registry (#1260)

Browse source 
Fixed #1183

Since the crate tarball could be downloaded from a different set of
servers than where the cargo registry is hosted, verifying the checksum
is necessary to verify its integrity.

Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
This commit is contained in:
Jiahao XU 2023-08-09 20:57:47 +10:00 committed by GitHub
parent 1c886d8897
commit 3e80b12748
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
10 changed files with 112 additions and 45 deletions
Download patch file Download diff file Expand all files Collapse all files

2
crates/binstalk/Cargo.toml
View file

@ -11,6 +11,7 @@ license = "GPL-3.0-only"
[dependencies]
async-trait = "0.1.68"
base16 = "0.2.1"
binstalk-downloader = { version = "0.6.1", path = "../binstalk-downloader", default-features = false, features = ["gh-api-client"] }
binstalk-types = { version = "0.5.0", path = "../binstalk-types" }
cargo_toml = "0.15.3"
@ -33,6 +34,7 @@ reflink-copy = "0.1.5"
semver = { version = "1.0.17", features = ["serde"] }
serde = { version = "1.0.163", features = ["derive"] }
serde_json = "1.0.99"
sha2 = "0.10.7"
strum = "0.25.0"
target-lexicon = { version = "0.12.11", features = ["std"] }
tempfile = "3.5.0"