[Bug 797177] Require tarball checksum verification for all recipes
GStreamer (GNOME Bugzilla)
bugzilla at gnome.org
Wed Sep 19 15:45:59 UTC 2018
https://bugzilla.gnome.org/show_bug.cgi?id=797177
Nicolas Dufresne (ndufresne) <nicolas at ndufresne.ca> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #373706|none |reviewed
status| |
--- Comment #6 from Nicolas Dufresne (ndufresne) <nicolas at ndufresne.ca> ---
Review of attachment 373706:
--> (https://bugzilla.gnome.org/review?bug=797177&attachment=373706)
::: cerbero/build/source.py
@@ +128,3 @@
cached_file = os.path.join(self.config.cached_sources,
self.package_name, self.tarball_name)
+ if not redownload and os.path.isfile(cached_file) and
self.verify(cached_file, fatal=False):
I'm wondering if checking the cache won't be quite an overhead for the safety.
What we could do instead is download to <filename>.unchecked, and if it succeed
validate, move it back to it's real name. And then just trust the cache.
@@ +174,3 @@
+ if checksum != self.tarball_checksum:
+ movedto = fname + '.failed-checksum'
+ os.replace(fname, movedto)
I'm not familiar with replace, does it override if there is already a
.failed-checksum file ? Just asking if we need to remove ancient failed
download first.
--
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
More information about the gstreamer-bugs
mailing list