You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
Zarf packages can become quite large. Sometimes I want to download new packages (zarf package pull) and make sure that old packages haven't been corrupted. I can't see a way to check if the package that I pulled has been modified from what is in the package registry.
Describe the solution you'd like
I can run a sha256sum on a pulled package. It would be nice if I could check the hash for a package in the registry without downloading it first. It be something like:
zarf package pull --hash-only oci://...
# or
zarf package get-hash oci://...
# or
zarf package check oci://... <path-to-downloaded-file>
Describe alternatives you've considered
With docker images I can run docker manifest inspect and get the info that I'm looking for, but I'm not sure that I can get the same info with zarf. I have a harbor registry and I can look up the sha hash there, but it doesn't match that of the file.
It's possible that there is already an easy way to do this and I'm just not aware.
Additional context
Add any other context or screenshots about the feature request here.
The text was updated successfully, but these errors were encountered:
Sounds like what you are looking for is that we do a HEAD request to check the package digest and comparing it to what is stored locally. That way we could skip the pull if these already match.
Is this the type of feature you are looking for @jsallay ?
Is your feature request related to a problem? Please describe.
Zarf packages can become quite large. Sometimes I want to download new packages (
zarf package pull
) and make sure that old packages haven't been corrupted. I can't see a way to check if the package that I pulled has been modified from what is in the package registry.Describe the solution you'd like
I can run a
sha256sum
on a pulled package. It would be nice if I could check the hash for a package in the registry without downloading it first. It be something like:Describe alternatives you've considered
With docker images I can run
docker manifest inspect
and get the info that I'm looking for, but I'm not sure that I can get the same info with zarf. I have a harbor registry and I can look up the sha hash there, but it doesn't match that of the file.It's possible that there is already an easy way to do this and I'm just not aware.
Additional context
Add any other context or screenshots about the feature request here.
The text was updated successfully, but these errors were encountered: