-
Notifications
You must be signed in to change notification settings - Fork 103
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add msquic to OpenSUSE #690
Conversation
unzip && \ | ||
\ | ||
zypper clean -a | ||
|
||
ENV LANG=en_US.utf8 | ||
|
||
RUN wget https://github.com/microsoft/msquic/releases/download/v2.1.1/libmsquic-2.1.1-1.x86_64.rpm && \ | ||
rpm -i libmsquic-2.1.1-1.x86_64.rpm && \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This seems to bypass signature checking.
rpm -i libmsquic-2.1.1-1.x86_64.rpm
warning: libmsquic-2.1.1-1.x86_64.rpm: Header V4 RSA/SHA256 Signature, key ID be1229cf: NOKEY
zypper
can install packages directly via http without wget.
zypper install -y https://github.com/microsoft/msquic/releases/download/v2.1.1/libmsquic-2.1.1-1.x86_64.rpm
it fails on signature verification ... that is probably correct. My recommendation would be to add signing key
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I will probably need some hint about the signing key, I have never done that sort of thing before
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
bde607ad2ca8:/ # rpm --import https://packages.microsoft.com/keys/microsoft.asc
bde607ad2ca8:/ # zypper install -y https://github.com/microsoft/msquic/releases/download/v2.1.1/libmsquic-2.1.1-1.x86_64.rpm
Loading repository data...
Warning: Repository 'Main Update Repository' appears to be outdated. Consider using a different mirror or server.
Warning: Repository 'Update Repository (Non-Oss)' appears to be outdated. Consider using a different mirror or server.
Reading installed packages...
Resolving package dependencies...
The following NEW package is going to be installed:
libmsquic
1 new package to install.
Overall download size: 6.1 MiB. Already cached: 0 B. After the operation, additional 22.0 MiB will be used.
Continue? [y/n/v/...? shows all options] (y): y
Retrieving package libmsquic-2.1.1-1.x86_64 (1/1), 6.1 MiB ( 22.0 MiB unpacked)
Checking for file conflicts: ...................................................................................................................................................................................................................[done]
(1/1) Installing: libmsquic-2.1.1-1.x86_64 .....................................................................................................................................................................................................[done]
I would add same download + verify checksum + import logic we have elsewhere.
This may be paranoid but prevents cases when somebody sneaks evil bits on the server.
8e20c33
to
548b3d2
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Co-authored-by: Matt Thalman <mthalman@microsoft.com>
This PR installs MsQuic 2.1.1 from official rpm from github (I did not find a way to add packages.microsoft.com feed to zypper). Tests run, except that IPv6 is apparently disabled on the image. That is going to be mitigated by dotnet/runtime#75341.