Download Intel SDE from Github Releases mirror to fix CI#241
Conversation
|
Ah, it's not that. I think Intel just always returns a zero-sized file for wget and curl downloads now. We'll need to find a way to store the binary on our CI instead. |
…56 to pin the exact file contents so they cannot be changed from under us to mount a supply chain attack.
Shnatsel
changed the title
|
Github Actions cache expires too quickly, so I've used Github Releases to store a mirror of Intel SDE. |
Shnatsel
changed the title
| - name: install Intel Software Development Emulator | ||
| run: curl "https://downloadmirror.intel.com/873619/${SDE_PKG}.tar.xz" | tar -Jx | ||
| run: | | ||
| curl -fsSL -o "${SDE_PKG}-lin.tar.xz" "https://github.com/Shnatsel/intel-sde-mirror/releases/download/sde-${SDE_PKG#sde-external-}/${SDE_PKG}-lin.tar.xz" |
There was a problem hiding this comment.
What does lin stand for?
|
Is there an easy way for us to validate that the checksum corresponds with a release from Intel? That's relatively low-priority for me, as the CI isn't very privileged (afaik), but it would be best practise. |
|
There is a .sig file so you could bring in a GPG verifier, store the public key in Github Actions job in base64 or something, and verify the signature. |
3 participants
The old version is no longer available so switch to this new version.