[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Reproduce-devel] [task #15347] Store and check tarball hash before usin

From: Mohammad Akhlaghi
Subject: [Reproduce-devel] [task #15347] Store and check tarball hash before using it
Date: Mon, 29 Jul 2019 09:20:13 -0400 (EDT)
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0


                 Summary: Store and check tarball hash before using it
                 Project: Reproducible paper template
            Submitted by: makhlaghi
            Submitted on: Mon 29 Jul 2019 02:20:12 PM BST
         Should Start On: Mon 29 Jul 2019 12:00:00 AM BST
   Should be Finished on: Mon 29 Jul 2019 12:00:00 AM BST
                Category: Software
                Priority: 5 - Normal
                  Status: Postponed
                 Privacy: Public
        Percent Complete: 0%
             Assigned to: None
             Open/Closed: Open
         Discussion Lock: Any
                  Effort: 0.00



Currently the pipeline just downloads the tarballs and starts using them,
without any integrity checks on their content. 

We are currently doing/encouraging integrity checks on input datasets (for
example in
But not on software tarballs (which are equally important). 

It is not too hard to to do this: we can add an option to the download script
to also accept hash values and check them before returning control back to the
Makefiles. Once that is done, we just have to define the hash for every
tarball in the same place we define its URL.

This follows a discussion on task #15345.

This also slightly relates with task #15286 (Template's package manger). Once
that task is done, for every package, we'll have a unique file with the build
instructions and that file will also contain the has of the tarball. 


Reply to this item at:


  Message sent via Savannah

reply via email to

[Prev in Thread] Current Thread [Next in Thread]