[Rpm-maint] [rpm-software-management/rpm] RFE: read sources checksums from the SPEC file and verify them (#463)

Michal Novotný notifications at github.com
Mon Mar 23 19:29:55 UTC 2020


Anyway, what about something like `%_verify_fetched_source_checksums` macro with values `0/1/2` where
```
0: do not check source checksums even if present
1: check source checksums if present as `#(<hashtype>)<checksum>` url suffix by invoking `<hashtype>sum` command from coreutils to do the check
2: check source checksums and return false when some fetched source does not have a checksum attached
```
I imagine the verification would only apply to files that were fetched by rpmbuild. Those that were already present before the build started wouldn't be checked with assumption that user gave to rpmbuild valid sources. What do you think?

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/463#issuecomment-602809707
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20200323/01b556f9/attachment.html>


More information about the Rpm-maint mailing list