[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Reproduce-devel] [task #15347] Store and check tarball hash before usin
From: |
Mohammad Akhlaghi |
Subject: |
[Reproduce-devel] [task #15347] Store and check tarball hash before using it |
Date: |
Mon, 29 Jul 2019 09:20:13 -0400 (EDT) |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 |
URL:
<https://savannah.nongnu.org/task/?15347>
Summary: Store and check tarball hash before using it
Project: Reproducible paper template
Submitted by: makhlaghi
Submitted on: Mon 29 Jul 2019 02:20:12 PM BST
Should Start On: Mon 29 Jul 2019 12:00:00 AM BST
Should be Finished on: Mon 29 Jul 2019 12:00:00 AM BST
Category: Software
Priority: 5 - Normal
Status: Postponed
Privacy: Public
Percent Complete: 0%
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
Effort: 0.00
_______________________________________________________
Details:
Currently the pipeline just downloads the tarballs and starts using them,
without any integrity checks on their content.
We are currently doing/encouraging integrity checks on input datasets (for
example in INPUTS.mk
<http://git.savannah.nongnu.org/cgit/reproduce.git/tree/reproduce/analysis/config/INPUTS.mk>).
But not on software tarballs (which are equally important).
It is not too hard to to do this: we can add an option to the download script
<http://git.savannah.nongnu.org/cgit/reproduce.git/tree/reproduce/analysis/bash/download-multi-try>
to also accept hash values and check them before returning control back to the
Makefiles. Once that is done, we just have to define the hash for every
tarball in the same place we define its URL.
This follows a discussion on task #15345.
This also slightly relates with task #15286 (Template's package manger). Once
that task is done, for every package, we'll have a unique file with the build
instructions and that file will also contain the has of the tarball.
_______________________________________________________
Reply to this item at:
<https://savannah.nongnu.org/task/?15347>
_______________________________________________
Message sent via Savannah
https://savannah.nongnu.org/
- [Reproduce-devel] [task #15347] Store and check tarball hash before using it,
Mohammad Akhlaghi <=