Skip to content

gh attestation download on windows os writes a alternative data stream file #10029

New issue
New issue
Closed
#10051
Closed
gh attestation download on windows os writes a alternative data stream file#10029
#10051
Assignees
malancas
Labels
bugSomething isn't workinggh-attestationrelated to the gh attestation command
@bigswede74

Description

@bigswede74
bigswede74
opened on Dec 6, 2024

Describe the bug

gh attestation download command on windows os creates an alternative data stream file.

gh version 2.60.1 (2024-10-25)
https://github.com/cli/cli/releases/tag/v2.60.1

Steps to reproduce the behavior

  1. Attest a file in your repo
  2. run gh atestation download MY_FILE --repo myorg/myrepo
  3. See the below output
  4. A file named sha256 is saved to disk with hidden alternative data stream data (ADS)
Fetching attestations for artifact digest sha256:XYZ
Wrote attestations to file sha256:XYZ.jsonl.
Any previous content has been overwritten
The trusted metadata is now available at sha256:XYZ.jsonl

Expected vs actual behavior

Expected

I would expect to see a .jsonl file written to the file system on a windows os.

Actual

An NTFS Alternate Data Stream file is written to the file system on windows os because of the : in the file name.

Logs

GitHub CLI

$ GH_DEBUG=true gh attestation download MY_FILE --repo myorg/myrepo
Downloading trusted metadata for artifact MY_FILE

Fetching attestations for artifact digest sha256:XYZ

* Request at 2024-12-06 10:47:31.0459537 -0800 PST m=+0.098551801
* Request to https://api.github.com/repos/myorg/myrepo/attestations/sha256:XYZ?per_page=30
* Request took 446.9907ms
Wrote attestations to file sha256:XYZ.jsonl.
Any previous content has been overwritten

The trusted metadata is now available at sha256:XYZ.jsonl

Powershell Examine ADS data

PS C:\> Get-Item sha256 -stream *

PSPath        : Microsoft.PowerShell.Core\FileSystem::C:\sha256::$DATA
PSParentPath  : Microsoft.PowerShell.Core\FileSystem::C:\
PSChildName   : sha256::$DATA
PSDrive       : C
PSProvider    : Microsoft.PowerShell.Core\FileSystem
PSIsContainer : False
FileName      : C:\sha256
Stream        : :$DATA
Length        : 0

PSPath        : Microsoft.PowerShell.Core\FileSystem::C:\sha256:XYZ.jsonl
PSParentPath  : Microsoft.PowerShell.Core\FileSystem::C:\
PSChildName   : sha256:XYZ.jsonl
PSDrive       : C
PSProvider    : Microsoft.PowerShell.Core\FileSystem
PSIsContainer : False
FileName      : C:\sha256
Stream        : XYZ.jsonl
Length        : 5309

Metadata

Metadata

Assignees

Labels

bugSomething isn't workinggh-attestationrelated to the gh attestation command

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions