[opensuse-packaging] Automatically verifying files using SHA checksums
Dear all, is it possible to auto-verify those files using OBS? It's dowumented with PGP signaures but does it work with simple SHA signatures, too? Here is what I download and what I like to be checked: Source0: https://getcomposer.org/download/%{version}/composer.phar Source1: https://getcomposer.org/download/%{version}/composer.phar.sha256sum Best regards -- Johannes Weberhofer Weberhofer GmbH, Austria, Vienna -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
On Mon, Apr 16, 2018 at 08:43:46AM +0200, Johannes Weberhofer wrote:
Dear all,
is it possible to auto-verify those files using OBS? It's dowumented with PGP signaures but does it work with simple SHA signatures, too? Here is what I download and what I like to be checked:
Source0: https://getcomposer.org/download/%{version}/composer.phar Source1: https://getcomposer.org/download/%{version}/composer.phar.sha256sum
Currently this is not possible. https://github.com/openSUSE/obs-service-source_validator/ has the code in 20-files-present-and-referenced and could be added there. I am not sure this makes much sense though, as its easier to modify than a GPG signature. Ciao, Marcus -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
participants (2)
-
Johannes Weberhofer
-
Marcus Meissner