Browse Source
The temporary S3 bucket is not perfectly secure, because credentials
can be obtained by outsiders by submitting a malicious pull request,
and then later they can be used to manipulate objects while a
privileged pipeline is running (during a release). Fix this by
submitting a checksum file using the standard Gitlab artifact
mechanism, and check that what we uploaded in one job, is what we get
in the next one.
Changelog: None
Signed-off-by: Kristian Amlie <kristian.amlie@northern.tech>
(cherry picked from commit 9d18a8717d
)
2.5.x
Kristian Amlie
3 years ago
1 changed files with 13 additions and 1 deletions
Loading…
Reference in new issue