Describe the bug
gh attestation download command on windows os creates an alternative data stream file.
gh version 2.60.1 (2024-10-25)
https://github.com/cli/cli/releases/tag/v2.60.1
Steps to reproduce the behavior
- Attest a file in your repo
- run
gh atestation download MY_FILE --repo myorg/myrepo
- See the below output
- A file named
sha256 is saved to disk with hidden alternative data stream data (ADS)
Fetching attestations for artifact digest sha256:XYZ
Wrote attestations to file sha256:XYZ.jsonl.
Any previous content has been overwritten
The trusted metadata is now available at sha256:XYZ.jsonl
Expected vs actual behavior
Expected
I would expect to see a .jsonl file written to the file system on a windows os.
Actual
An NTFS Alternate Data Stream file is written to the file system on windows os because of the : in the file name.
Logs
GitHub CLI
$ GH_DEBUG=true gh attestation download MY_FILE --repo myorg/myrepo
Downloading trusted metadata for artifact MY_FILE
Fetching attestations for artifact digest sha256:XYZ
* Request at 2024-12-06 10:47:31.0459537 -0800 PST m=+0.098551801
* Request to https://api.github.com/repos/myorg/myrepo/attestations/sha256:XYZ?per_page=30
* Request took 446.9907ms
Wrote attestations to file sha256:XYZ.jsonl.
Any previous content has been overwritten
The trusted metadata is now available at sha256:XYZ.jsonl
Powershell Examine ADS data
PS C:\> Get-Item sha256 -stream *
PSPath : Microsoft.PowerShell.Core\FileSystem::C:\sha256::$DATA
PSParentPath : Microsoft.PowerShell.Core\FileSystem::C:\
PSChildName : sha256::$DATA
PSDrive : C
PSProvider : Microsoft.PowerShell.Core\FileSystem
PSIsContainer : False
FileName : C:\sha256
Stream : :$DATA
Length : 0
PSPath : Microsoft.PowerShell.Core\FileSystem::C:\sha256:XYZ.jsonl
PSParentPath : Microsoft.PowerShell.Core\FileSystem::C:\
PSChildName : sha256:XYZ.jsonl
PSDrive : C
PSProvider : Microsoft.PowerShell.Core\FileSystem
PSIsContainer : False
FileName : C:\sha256
Stream : XYZ.jsonl
Length : 5309
Describe the bug
gh attestation downloadcommand on windows os creates an alternative data stream file.Steps to reproduce the behavior
gh atestation download MY_FILE --repo myorg/myreposha256is saved to disk with hidden alternative data stream data (ADS)Expected vs actual behavior
Expected
I would expect to see a
.jsonlfile written to the file system on a windows os.Actual
An NTFS Alternate Data Stream file is written to the file system on windows os because of the
:in the file name.Logs
GitHub CLI
Powershell Examine ADS data