https://bugs.llvm.org/show_bug.cgi?id=50231
Bug ID: 50231
Summary: apt repository metadata should use acquire-by-hash
Product: Packaging
Version: unspecified
Hardware: PC
OS: Linux
Status: NEW
Severity: enhancement
Priority: P
Component: deb packages
Assignee: [email protected]
Reporter: [email protected]
CC: [email protected]
To resolve Hash Sum mismatch errors, it is possible to publish all the metadata
files by their hash; and then indicate in the InRelease file to acquire things
by hash.
That way apt will download InRelease file, check the checksums of files it
wants to fetch inside there and then acquire things from
/by-hash/SHA256/9a27cff7af8578581d9b83485f85e366fff61a1f951c1dc4f33ce1892b50da72
This is very CDN friendly way, as normally /main/binary-amd64/Packages.gz can
be anything really, and served by CDN as the old one.
However, that does not appear to be implemented in reprepro =````((((((
So I guess this will be blocked until
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=820660 is implemented.
Although there is a patch to make it work
https://salsa.debian.org/bootc/reprepro/-/merge_requests/1/diffs
I guess I should salvage reprepro and make it work.
--
You are receiving this mail because:
You are on the CC list for the bug._______________________________________________
llvm-bugs mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
