Update libmongocrypt URLs for 1.18.0+

XMLWordPrintableJSON

    • Type: Spec Change
    • Resolution: Unresolved
    • Priority: Unknown
    • None
    • Component/s: Client Side Encryption
    • None
    • Needed

      Summary

      Update packaging scripts and documentation to refer to new libmongocrypt binary locations.

      Motivation

      MONGOCRYPT-841 changes download URLs for libmongocrypt 1.18.0+ to more restrictive S3 buckets. At a minimum, driver packaging libmongocrypt would need to update release scripts to refer to the new URLs.

      MONGOCRYPT-841 also adds signed tarballs to the GitHub release page of libmongocrypt. These tarballs are smaller (only include the library file and headers), include per-tarball signatures, and have a self-descriptive naming scheme.

      The survey Which drivers package libmongocrypt? notes C#, Java, Node, and Python have scripts referring to libmongocrypt binaries.

      pymongocrypt documentation links to the unsigned libmongocrypt-all.tar.gz. This can now instead refer to the GitHub releases page: https://github.com/mongodb/libmongocrypt/releases/latest.

      Who is the affected end user?

      DBX devs.

      How does this affect the end user?

      Unable to update packaged libmongocrypt to 1.18.0+.

      How likely is it that this problem or use case will occur?

      Certain.

      If the problem does occur, what are the consequences and how severe are they?

      Will prevent obtaining features of libmongocrypt 1.18.0 (currently QE keyAltName support).

      Is this issue urgent?

      No? Will be needed to upgrade to libmongocrypt 1.18.0.

      Is this ticket required by a downstream team?

      No.

      Is this ticket only for tests?

      No.

      Acceptance Criteria

      • Update release scripts to use libmongocrypt tarballs attached to GitHub releases.
      • Verify signature of downloaded libmongocrypt tarballs.
        • Example: 
          set -o errexit

# Download libmongocrypt tarball:
curl -LO https://github.com/mongodb/libmongocrypt/releases/download/1.18.0/libmongocrypt-windows-x86_64-1.18.0.tar.gz
curl -LO https://github.com/mongodb/libmongocrypt/releases/download/1.18.0/libmongocrypt-windows-x86_64-1.18.0.asc

# Download the public key, import it, and verify the signature
curl -LO https://pgp.mongodb.com/libmongocrypt.pub
gpg --import libmongocrypt.pub
gpg --verify libmongocrypt-windows-x86_64-1.18.0.asc libmongocrypt-windows-x86_64-1.18.0.tar.gz

            Assignee:
            Unassigned
            Reporter:
            Kevin Albertson
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: