[Rpm-maint] [rpm-software-management/rpm] RFE: read sources checksums from the SPEC file and verify them (#463)
Dirk Mueller
notifications at github.com
Fri Jul 14 10:35:12 UTC 2023
> > Unfortunately the suggested format of `Source(sha256): format` is not backward compatible with older rpm releases, and having the checksum as an extra tag (with autonumbering) and if conditions could be error prone and tricky.
> Is backward compatibility really an issue if we're talking about a new feature?
Yes, because it breaks parsing of spec files with older releases, and thats a common/supported scenario in openSUSE (where packages are maintained in tumbleweed, but are also built for older releases). it would be really nasty having to %if that out all the time.
> This wasn't an okay reason when we added weak dependencies (which also broke on old rpm too).
Sure, but that was a much more fundamental change, breaking it there is a desirable behavior.
> The alternative proposal relies on RPM having broken syntax parsing, because I don't see a reason that it shouldn't choke on `Source sha256(<checksum>): URL`.
Well, it doesn't, and I don't think we'll change the behavior of old releases. and new releases can parse this then with a patch.
> And the "alternative syntax" breaks the ability to use SourceURL downloading (which most distributions actually do rely on).
no, absolutely not. it works just fine (except for in the open build service, but that has been fixed today).
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/463#issuecomment-1635663830
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/issues/463/1635663830 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20230714/c2e692b3/attachment.html>
More information about the Rpm-maint
mailing list