Snapcraft should allow the user to verify downloaded files with a checksum
Bug #1585913 reported by
Simon Fels
This bug affects 4 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Snapcraft |
Fix Released
|
Wishlist
|
Marc Peña |
Bug Description
Right now we can't verify that the downloaded tarball is exactly what we expect. Snapcraft should a simple field
source-checksum: <sha256/sha512>
and verify the that the checksum of the downloaded file matches.
Changed in snapcraft: | |
status: | New → Triaged |
milestone: | none → 2.11 |
Changed in snapcraft: | |
milestone: | 2.12 → 2.13 |
Changed in snapcraft: | |
status: | Triaged → In Progress |
assignee: | nobody → Simon Quigley (tsimonq2) |
Changed in snapcraft: | |
importance: | Undecided → Wishlist |
summary: |
- Snapcraft should allow to verify downloaded files with a sha checksum + Snapcraft should allow the user to verify downloaded files with a + checksum |
Changed in snapcraft: | |
milestone: | 2.13 → 2.14 |
Changed in snapcraft: | |
milestone: | 2.13 → 2.14 |
Changed in snapcraft: | |
milestone: | 2.14 → 2.15 |
Changed in snapcraft: | |
milestone: | 2.15 → none |
Changed in snapcraft: | |
status: | In Progress → Fix Committed |
Changed in snapcraft: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Good catch, with the checksum in the part definition :)
SHA3-384 only please, but make it alg/digest so we have future flex.
source: http:// path.to/ foo.tgz dXPffNKalMcZq8O 7t0At0z/ sAscPPRMfUS2s3R PvFqrNwqY5ihZQW LH577C2TdZf
digest:
sha3-384/
Mark