[Feature]: Provide SHA256 of release objects #156
Description
Feature Overview
Currently, I have an extension that can read a repo, and update the release tag for a dependency on that repo, this is mainly targeted at the mu tiano platforms repository.
for example,
given the github release object link of https://github.com/microsoft/secureboot_objects/releases/download/v1.1.3/edk2-x64-secureboot-binaries.tar.gz, the extension can pull the available releases from the secureboot_objects repo, and update it to the latest on user command. however, the dependency also requires a sha256 checksum of the release object, and short of having the extension download and compute the hash, this is not currently possible.
I would like some method of retrieving the hash of the compiled objects in a release.
Solution Overview
Potentially a manifest file included in the release with the objects, that has a list of the files included and their corresponding sha256 checksums. that way the extension could read that manifest and update the mu tiano core dependency version and sha256
Alternatives Considered
downloading the file to a temporary directory and computing the hash locally. This would work, however, if the dependency is large this would cause the extension and in turn visual studio to appear to hang for the user, which would not be a good experience. Additionally, downloading the file through the extension could potentially introduce a situation where the wrong hash is computed (incorrect or incomplete download, user file corruption, memory errors, etc). However rare those may be, those errors would cause errors further in the development chain.
Urgency
Low
Are you going to implement the feature request?
Someone else needs to implement the feature
Do you need maintainer feedback?
No maintainer feedback needed
Anything else?
No response