feat: support platform-specific SHA256 verification #766
+267
−14
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
albertocavalcante
force-pushed
the
feat/platform-specific-sha256-verification
branch
9 times, most recently
from
658831a to
76873b5
Compare
albertocavalcante
force-pushed
the
feat/platform-specific-sha256-verification
branch
from
76873b5 to
f78653c
Compare
Adds support for platform-specific BAZELISK_VERIFY_SHA256 variables, enabling SHA256 verification in multiplatform projects. Bazelisk now checks for configuration in the following order: 1. BAZELISK_VERIFY_SHA256_NOJDK_<OS>_<ARCH> (when BAZELISK_NOJDK is enabled) 2. BAZELISK_VERIFY_SHA256_<OS>_<ARCH> 3. BAZELISK_VERIFY_SHA256 (existing behavior, fallback) Implementation notes: - Refactored downloadBazelIfNecessary to compute platform info once upfront - Added FormatBazelFilename helper to avoid redundant OS/arch computation - Hash values normalized to lowercase for case-insensitive comparison - Full backward compatibility maintained Fixes bazelbuild#522
albertocavalcante
force-pushed
the
feat/platform-specific-sha256-verification
branch
from
f78653c to
81f96d5
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Adds support for platform-specific
BAZELISK_VERIFY_SHA256variables, enabling SHA256 verification in multiplatform projects.Fixes #522
Problem
The current
BAZELISK_VERIFY_SHA256only accepts a single hash value, but Bazel binaries have different SHA256 hashes per platform. Projects building on multiple platforms cannot use SHA256 verification.Solution
Since each platform has a different binary with a different hash, Bazelisk now supports platform-specific hash variables:
BAZELISK_VERIFY_SHA256_<OS>_<ARCH>- hash for a specific platform (e.g.,BAZELISK_VERIFY_SHA256_LINUX_X86_64)BAZELISK_VERIFY_SHA256_NOJDK_<OS>_<ARCH>- hash for nojdk builds (whenBAZELISK_NOJDKis enabled)BAZELISK_VERIFY_SHA256- fallback used when no platform-specific hash is setSupported Platforms
DARWINARM64,X86_64LINUXARM64,X86_64WINDOWSARM64,X86_64Example
.bazeliskrcImplementation Notes
downloadBazelIfNecessaryto compute platform info once upfrontFormatBazelFilenamehelper inplatformspackageBAZELISK_VERIFY_SHA256Test Plan
getExpectedSHA256(7 focused tests)FormatBazelFilename(2 tests)