mirror of
https://github.com/opentofu/opentofu.git
synced 2024-12-30 10:47:14 -06:00
b2c0ccdf96
The "acceptable hashes" for a package is a set of hashes that the upstream source considers to be good hashes for checking whether future installs of the same provider version are considered to match this one. Because the acceptable hashes are a package authentication concern and they already need to be known (at least in part) to implement the authenticators, here we add AcceptableHashes as an optional extra method that an authenticator can implement. Because these are hashes chosen by the upstream system, the caller must make its own determination about their trustworthiness. The result of authentication is likely to be an input to that, for example by distrusting hashes produced by an authenticator that succeeds but doesn't report having validated anything. |
||
---|---|---|
.. | ||
testdata | ||
doc.go | ||
errors.go | ||
filesystem_mirror_source_test.go | ||
filesystem_mirror_source.go | ||
filesystem_search_test.go | ||
filesystem_search.go | ||
hash.go | ||
http_mirror_source_test.go | ||
http_mirror_source.go | ||
legacy_lookup_test.go | ||
legacy_lookup.go | ||
memoize_source_test.go | ||
memoize_source.go | ||
mock_source.go | ||
multi_source_test.go | ||
multi_source.go | ||
package_authentication_test.go | ||
package_authentication.go | ||
public_keys.go | ||
registry_client_test.go | ||
registry_client.go | ||
registry_source_test.go | ||
registry_source.go | ||
source.go | ||
types.go |