[Rpm-maint] [rpm-software-management/rpm] RFE: read sources checksums from the SPEC file and verify them (#463)

Dirk Mueller notifications at github.com
Fri Jul 14 11:21:01 UTC 2023


@kloczek I am fully aware of the autonumbering functionality for sources/patches, but SourceCSum is not backward compatible with older rpm versions, so you would have to do something like

```spec

%if %{with somecondition}
Source: file1
%if %rpm_is_new_enough
SourceCSum: sha256(checksum)
%endif
%else
Source: file1
%if %rpm_is_new_enough
SourceCSum: sha256(checksum)
%endif
%endif

```

I feel like this looks super ugly. in suse spec files all conditionalized statements are ordered near the end, so there could be dozens to hundreds of lines between the first block and the second block. it is very confusing. having it in one line avoids all of that. 

Regarding the `<csum_alg>` and also using something like `github:/` you can totally do both in both my suggestions as well, so it would look like

```spec
Source sha256(<themagicchecksum>)github(signinkeyweexpect): http://someurl
```

This is an orthogonal discussion. you can have multiple variants in both suggestions of mine (also in the fragmet suffix)

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/463#issuecomment-1635717192
You are receiving this because you are subscribed to this thread.

Message ID: <rpm-software-management/rpm/issues/463/1635717192 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20230714/3ac1256b/attachment.html>


More information about the Rpm-maint mailing list