[Reproduce-devel] [task #15347] Store and check tarball hash before usin

reproduce-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Reproduce-devel] [task #15347] Store and check tarball hash before usin

From:	Mohammad Akhlaghi
Subject:	[Reproduce-devel] [task #15347] Store and check tarball hash before using it
Date:	Mon, 29 Jul 2019 09:20:13 -0400 (EDT)
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0

URL:
  <https://savannah.nongnu.org/task/?15347>

                 Summary: Store and check tarball hash before using it
                 Project: Reproducible paper template
            Submitted by: makhlaghi
            Submitted on: Mon 29 Jul 2019 02:20:12 PM BST
         Should Start On: Mon 29 Jul 2019 12:00:00 AM BST
   Should be Finished on: Mon 29 Jul 2019 12:00:00 AM BST
                Category: Software
                Priority: 5 - Normal
                  Status: Postponed
                 Privacy: Public
        Percent Complete: 0%
             Assigned to: None
             Open/Closed: Open
         Discussion Lock: Any
                  Effort: 0.00

    _______________________________________________________

Details:

Currently the pipeline just downloads the tarballs and starts using them,
without any integrity checks on their content. 

We are currently doing/encouraging integrity checks on input datasets (for
example in INPUTS.mk
<http://git.savannah.nongnu.org/cgit/reproduce.git/tree/reproduce/analysis/config/INPUTS.mk>).
But not on software tarballs (which are equally important). 

It is not too hard to to do this: we can add an option to the download script
<http://git.savannah.nongnu.org/cgit/reproduce.git/tree/reproduce/analysis/bash/download-multi-try>
to also accept hash values and check them before returning control back to the
Makefiles. Once that is done, we just have to define the hash for every
tarball in the same place we define its URL.

This follows a discussion on task #15345.

This also slightly relates with task #15286 (Template's package manger). Once
that task is done, for every package, we'll have a unique file with the build
instructions and that file will also contain the has of the tarball. 




    _______________________________________________________

Reply to this item at:

  <https://savannah.nongnu.org/task/?15347>

_______________________________________________
  Message sent via Savannah
  https://savannah.nongnu.org/

[Prev in Thread]

Current Thread

[Next in Thread]

[Reproduce-devel] [task #15347] Store and check tarball hash before using it, Mohammad Akhlaghi <=
- [Reproduce-devel] [task #15347] Store and check tarball hash before using it, Mohammad Akhlaghi, 2019/07/29
  - [Reproduce-devel] [task #15347] Tarball integrity checks with md5 checksums, Mohammad Akhlaghi, 2019/07/29
    - [Reproduce-devel] [task #15347] Tarball integrity checks with md5 checksums, Boud Roukema, 2019/07/29
    - [Reproduce-devel] [task #15347] Tarball integrity checks with SHA512 checksums, Mohammad Akhlaghi, 2019/07/29

Prev by Date: [Reproduce-devel] [task #15345] Automatically using backup tarball repository
Next by Date: [Reproduce-devel] [task #15347] Store and check tarball hash before using it
Previous by thread: [Reproduce-devel] [task #15286] Template's package manger
Next by thread: [Reproduce-devel] [task #15347] Store and check tarball hash before using it
Index(es):
- Date
- Thread