Hello,
since updating to 3.4.2 I can't download rules from unofficial channels.
The problem is that in version 3.4.1 sa-update checks the hash of the
downloaded file using file.sha1 , while version 3.4.2 uses file.sha256
or file.sha512. See the relevant differences in the following sa-update
--help:
3.4.1:
sa-update --help
...
--install filename Install updates directly from this file.
Signature verification will use "file.asc" and "file.sha1"
...
3.4.2
sa-update --help
...
--install filename Install updates directly from this file.
Signature verification will use "file.asc", "file.sha256", and
"file.sha512".
...
Using the --nogpg option doesn't help, sa-update still hardfails if it
doesn't find one of the .sha(256|512) files.
Reading the code in sa-update I found that even if --nogpg is specified,
the signature file is still tried to be downloaded even if it's not used
afterwards, and that is what basically causes the update procedure to fail.
For the moment I brutally hacked sa-update to don't care about
signatures when using unofficial channels, but I'd like to understand if
I'm missing something obvious that doesn't require code mangling to use
"old" update channels.
Thanks
Daniele Duca
