[Rpm-maint] [rpm-software-management/rpm] RFE: read sources checksums from the SPEC file and verify them (#463)
Vít Ondruch
notifications at github.com
Tue Mar 24 08:48:22 UTC 2020
Thinking further about this, do we actually need something really fancy as special tag?
For example, it is quite easy to check if the checksums in the dist-git sources file are correct during `rpmbuild -bs`. It is enough to put `%(sha512sum -c sources)` somewhere into specfile preamble. If the checksums are not correct then the `rpmbuild -bs` fails.
Looking at [Verifying Signatures](https://docs.fedoraproject.org/en-US/packaging-guidelines/#_verifying_signatures) Fedora guidelines, I actually wonder, why the check is done in `%prep`. Maybe something like this macro should be placed right bellow the sources in preamble.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/463#issuecomment-603108934
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20200324/2f2a57fa/attachment.html>
More information about the Rpm-maint
mailing list