Add service to verify package files on secondaries

Problem to solve

#13981 (closed) is too big so this breaks out the first chunk of work for it.

Intended users

• Systems administrators

Proposal

• Add to package_file_registry table similar to project_registry:
  • last_verification_failure string
  • verification_checksum_sha binary
  • checksum_mismatch boolean
  • verification_checksum_mismatched binary
  • last_verification_ran_at datetime_with_timezone
  • verification_retry_count integer
  • verification_retry_at datetime_with_timezone
• Add e.g. a Geo::PackageFileVerificationSecondaryService which takes a Geo::PackageFileRegistry, similar to Geo::RepositoryVerificationSecondaryService
  • Calculate checksum
  • Compare it with stored checksum
  • Update PackageFileRegistry

Permissions and Security

N/A

Documentation

N/A

Testing

TBD

What does success look like, and how can we measure that?

There is a Geo::PackageVerificationSecondaryService which verifies a Package on a secondary, given a Geo::FileRegistry, and saves success/failure data.

What is the type of buyer?

• Premium
• Ultimate

Links / references