[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Reproduce-devel] [task #15347] Store and check tarball hash before usin
[Reproduce-devel] [task #15347] Store and check tarball hash before using it
Mon, 29 Jul 2019 09:20:13 -0400 (EDT)
Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
Summary: Store and check tarball hash before using it
Project: Reproducible paper template
Submitted by: makhlaghi
Submitted on: Mon 29 Jul 2019 02:20:12 PM BST
Should Start On: Mon 29 Jul 2019 12:00:00 AM BST
Should be Finished on: Mon 29 Jul 2019 12:00:00 AM BST
Priority: 5 - Normal
Percent Complete: 0%
Assigned to: None
Discussion Lock: Any
Currently the pipeline just downloads the tarballs and starts using them,
without any integrity checks on their content.
We are currently doing/encouraging integrity checks on input datasets (for
example in INPUTS.mk
But not on software tarballs (which are equally important).
It is not too hard to to do this: we can add an option to the download script
to also accept hash values and check them before returning control back to the
Makefiles. Once that is done, we just have to define the hash for every
tarball in the same place we define its URL.
This follows a discussion on task #15345.
This also slightly relates with task #15286 (Template's package manger). Once
that task is done, for every package, we'll have a unique file with the build
instructions and that file will also contain the has of the tarball.
Reply to this item at:
Message sent via Savannah
- [Reproduce-devel] [task #15347] Store and check tarball hash before using it,
Mohammad Akhlaghi <=