Update libmongocrypt URLs for 1.18.0+

XMLWordPrintableJSON

    • Type: Spec Change
    • Resolution: Unresolved
    • Priority: Unknown
    • None
    • Component/s: Client Side Encryption
    • None
    • Needed
    • Hide

      libmongocrypt 1.18.0 adds signed tarballs to the GitHub release. Previously tarballs were only available on S3 URLs. These tarballs are smaller (only library and headers), include  signatures, and have self-descriptive names.

      Which drivers package libmongocrypt? notes C#, Java, Node, and Python have scripts referring to libmongocrypt binaries. Other drivers may not need any changes.

      Summary of necessary driver changes

      • Update release scripts to use libmongocrypt tarballs attached to GitHub releases.
      • Verify signature of downloaded libmongocrypt tarballs.
        • Example: 
          set -o errexit

# Download libmongocrypt tarball:
curl -LO https://github.com/mongodb/libmongocrypt/releases/download/1.18.0/libmongocrypt-windows-x86_64-1.18.0.tar.gz
curl -LO https://github.com/mongodb/libmongocrypt/releases/download/1.18.0/libmongocrypt-windows-x86_64-1.18.0.asc

# Download the public key, import it, and verify the signature
curl -LO https://pgp.mongodb.com/libmongocrypt.pub
gpg --import libmongocrypt.pub
gpg --verify libmongocrypt-windows-x86_64-1.18.0.asc libmongocrypt-windows-x86_64-1.18.0.tar.gz
      Show
      libmongocrypt 1.18.0 adds signed tarballs to the GitHub release. Previously tarballs were only available on S3 URLs. These tarballs are smaller (only library and headers), include  signatures, and have self-descriptive names. Which drivers package libmongocrypt? notes C#, Java, Node, and Python have scripts referring to libmongocrypt binaries. Other drivers may not need any changes. Summary of necessary driver changes Update release scripts to use libmongocrypt tarballs attached to GitHub releases. Verify signature of downloaded libmongocrypt tarballs. Example: set -o errexit # Download libmongocrypt tarball: curl -LO https://github.com/mongodb/libmongocrypt/releases/download/1.18.0/libmongocrypt-windows-x86_64-1.18.0.tar.gz curl -LO https://github.com/mongodb/libmongocrypt/releases/download/1.18.0/libmongocrypt-windows-x86_64-1.18.0.asc # Download the public key, import it, and verify the signature curl -LO https://pgp.mongodb.com/libmongocrypt.pub gpg --import libmongocrypt.pub gpg --verify libmongocrypt-windows-x86_64-1.18.0.asc libmongocrypt-windows-x86_64-1.18.0.tar.gz Remove documented references to direct libmongocrypt S3 links. Refer users to the mongodb.com install steps to download packages. If needed, refer users to the GitHub release page ( https://github.com/mongodb/libmongocrypt/releases ) to download pre-built binaries.
    • $i18n.getText("admin.common.words.hide")
      Key Status/Resolution FixVersion
      CDRIVER-6311 Works as Designed
      CXX-3484 Works as Designed
      CSHARP-6023 Needs Triage
      GODRIVER-3884 Needs Triage
      JAVA-6187 Needs Triage
      NODE-7569 Needs Triage
      PYTHON-5816 Ready for Work pymongocrypt-1.18.0
      PHPLIB-1842 Needs Triage
      RUBY-3829 Needs Triage
      RUST-2417 Needs Triage
      $i18n.getText("admin.common.words.show")
      #scriptField, #scriptField *{ border: 1px solid black; } #scriptField{ border-collapse: collapse; } #scriptField td { text-align: center; /* Center-align text in table cells */ } #scriptField td.key { text-align: left; /* Left-align text in the Key column */ } #scriptField a { text-decoration: none; /* Remove underlines from links */ border: none; /* Remove border from links */ } /* Add green background color to cells with FixVersion */ #scriptField td.hasFixVersion { background-color: #00FF00; /* Green color code */ } #scriptField td.willNotDo { background-color: #FF0000; /* Red color code */ } /* Center-align the first row headers */ #scriptField th { text-align: center; } Key Status/Resolution FixVersion CDRIVER-6311 Works as Designed CXX-3484 Works as Designed CSHARP-6023 Needs Triage GODRIVER-3884 Needs Triage JAVA-6187 Needs Triage NODE-7569 Needs Triage PYTHON-5816 Ready for Work pymongocrypt-1.18.0 PHPLIB-1842 Needs Triage RUBY-3829 Needs Triage RUST-2417 Needs Triage

      Summary

      Update packaging scripts and documentation to refer to new libmongocrypt binary locations.

      Motivation

      MONGOCRYPT-841 changes download URLs for libmongocrypt 1.18.0+ to more restrictive S3 buckets. At a minimum, driver packaging libmongocrypt would need to update release scripts to refer to the new URLs.

      MONGOCRYPT-841 also adds signed tarballs to the GitHub release page of libmongocrypt. These tarballs are smaller (only include the library file and headers), include per-tarball signatures, and have a self-descriptive naming scheme.

      The survey Which drivers package libmongocrypt? notes C#, Java, Node, and Python have scripts referring to libmongocrypt binaries.

      pymongocrypt documentation links to the unsigned libmongocrypt-all.tar.gz. This can now instead refer to the GitHub releases page: https://github.com/mongodb/libmongocrypt/releases.

      Who is the affected end user?

      DBX devs.

      How does this affect the end user?

      Unable to update packaged libmongocrypt to 1.18.0+.

      How likely is it that this problem or use case will occur?

      Certain.

      If the problem does occur, what are the consequences and how severe are they?

      Will prevent obtaining features of libmongocrypt 1.18.0 (currently QE keyAltName support).

      Is this issue urgent?

      No? Will be needed to upgrade to libmongocrypt 1.18.0.

      Is this ticket required by a downstream team?

      No.

      Is this ticket only for tests?

      No.

      Acceptance Criteria

      • Update release scripts to use libmongocrypt tarballs attached to GitHub releases.
      • Verify signature of downloaded libmongocrypt tarballs.
        • Example: 
          set -o errexit

# Download libmongocrypt tarball:
curl -LO https://github.com/mongodb/libmongocrypt/releases/download/1.18.0/libmongocrypt-windows-x86_64-1.18.0.tar.gz
curl -LO https://github.com/mongodb/libmongocrypt/releases/download/1.18.0/libmongocrypt-windows-x86_64-1.18.0.asc

# Download the public key, import it, and verify the signature
curl -LO https://pgp.mongodb.com/libmongocrypt.pub
gpg --import libmongocrypt.pub
gpg --verify libmongocrypt-windows-x86_64-1.18.0.asc libmongocrypt-windows-x86_64-1.18.0.tar.gz

            Assignee:
            Unassigned
            Reporter:
            Kevin Albertson
            Kevin Albertson Kevin Albertson
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: