actions/gosec
1
0
Fork 0
mirror of https://github.com/securego/gosec.git synced 2024-11-05 19:45:51 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add checksum clarification in README

Browse source 
Currently, if you download the gosec binary using the commands
suggested in the README and you decide to check the checksum
of the binary, you just downloaded then your checksum check will fail.
As a result, the user can think that your binary is corrupted.

The reason for that failure is that the checksums are for the
tar.gz files provided in the release notes.
This should be documented to avoid future unclarities.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
This commit is contained in:
Martin Vrachev 2019-06-06 11:49:58 +03:00 committed by Grant Murphy
parent 0ebfa2f8b7
commit 196edd34b6
1 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
README.md
View file

@ -36,6 +36,14 @@ curl -sfL https://raw.githubusercontent.com/securego/gosec/master/install.sh | s
# In alpine linux (as it does not come with curl by default) # In alpine linux (as it does not come with curl by default)
wget -O - -q https://raw.githubusercontent.com/securego/gosec/master/install.sh | sh -s vX.Y.Z wget -O - -q https://raw.githubusercontent.com/securego/gosec/master/install.sh | sh -s vX.Y.Z
# If you want to use the checksums provided on the "Releases" page
# then you will have to download a tar.gz file for your operating system instead of a binary file
wget https://github.com/securego/gosec/releases/download/vX.Y.Z/gosec_vX.Y.Z_OS.tar.gz
# The file will be in the current folder where you run the command
# and you can check the checksum like this
echo "<check sum from the check sum file> gosec_vX.Y.Z_OS.tar.gz" | sha256sum -c -
gosec --help gosec --help
``` ```