[Exherbo-dev] Integrity checking

David Leverton dleverton at exherbo.org
Fri Feb 20 00:04:43 UTC 2015


Alex Elsayed wrote:
>> We could have a tool that automatically fetches the files in the exheres
>> and that adds / updates the  checksum annotations.
>
> This makes it slightly better, but
> a.) We still have churn in the diffs (a SHA256 isn't tiny)
> b.) Exlibs can no longer declare DOWNLOADS based on exparams (since the url
> takes input from the exheres, but is actually formatted in the explib)
> without taking a checksum exparam for _each_ generated URL
> c.) We now have a tool making modifications to a file that should be written
> by humans, and is in a notoriously difficult format to parse correctly (Bash
> scripts). If it's just a sed, then we're going to have /problems/. See the
> discussions way back when about why making EAPI a variable in ebuilds is
> *insane*.

My crazy idea for that from a while ago was that the tool would generate 
a local checksums.exlib, that would be required at the end of the 
exheres, and would contain code¹ that walks through DOWNLOADS and adds 
the annotations based on the checksums that the tool calculated.  But 
like I said, crazy.

[1] that is, a call to a function defined elsewhere, not a separate copy 
of the logic for each package




More information about the Exherbo-dev mailing list