Integrity & Hashes
It is possible to verify the integrity of a file by setting the ?hash query parameter to the hash of the file. If the hash does not match the actual hash of the file, an error will be returned instead.
The file info API will also include the hash of the file.
sha256 is used as the default hashing algorithm but can be changed to any of the supported algorithms.
Example
https://dir-demo.adriansoftware.de/Dockerfile?hash=foobar123
will return an access denied error.
Setting it to the correct hash will return the file as usual.
You can also use a POST request to verify the hash:
curl -X POST https://dir-demo.adriansoftware.de/Dockerfile -d "hash=8102c6372ce8afd35c87df8a78cbd63386538211f45c0042b1a9a7e73630a9bb"
Mandatory hashes
Set in the metadata config of the file to require the hash to be set. If the hash is not set, an error will be returned.
{
"hash_required": true
}
Or set it globally using the HASH_REQUIRED variable.
This feature should not be used to restrict access as the hash is publicly available through the API if enabled. It is only meant to make an integrity verification of the file mandatory for every request.
To protect the file use the password protection feature.
⚙️ Configuration
| Variable | Default | Values | Details |
|---|---|---|---|
| HASH | true | true false | added in v3.0 |
| HASH_REQUIRED | false | true false | Hash is always requiredadded in v3.3 |
| HASH_ALGO | sha256 | md2 md4 md5 sha1 sha224 sha256 sha384 sha512/224 sha512/256 sha512 sha3-224 sha3-256 sha3-384 sha3-512 ripemd128 ripemd160 ripemd256 ripemd320 whirlpool snefru snefru256 gost gost-crypto adler32 crc32 crc32b crc32c fnv132 fnv1a32 fnv164 fnv1a64 joaat murmur3a murmur3c murmur3f xxh32 xxh64 xxh3 xxh128 | added in v3.1 |
How to set configuration options
Use
docker run...- ...with
-e HASH=true - ...with
--env-file .envand placeHASH=truein the file