[tor-bugs] #1348 [Tor bundles/installation]: check downloaded files known-good crypto checksum

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Mon Jan 3 17:27:02 UTC 2011


#1348: check downloaded files known-good crypto checksum
---------------------------------------+------------------------------------
  Reporter:  erinn                     |       Owner:  erinn       
      Type:  enhancement               |      Status:  needs_review
  Priority:  minor                     |   Milestone:              
 Component:  Tor bundles/installation  |     Version:              
Resolution:  None                      |    Keywords:  easy        
    Parent:                            |  
---------------------------------------+------------------------------------

Comment(by nickm):

 Looks okay to me except for one issue: I think we wan the build to fail if
 the digests are incorrect.

 So the logic should not be
 {{{
    pushd && sha1sum; popd
 }}}
 but instead it should IMO be
 {{{
    pushd && sha1sum && popd
 }}}

 And we should probably arrange stuff so that fetch-source does not
 actually put the source into FETCH_DIR unless the sum is correct.
 Otherwise, "make fetch-source; make unpack-source" could seem to have
 succeed even if the digests were incorrect.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/1348#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list