• Karel Koci's avatar
    Make missing package hashes in repository index fatal · e7f1fdac
    Karel Koci authored
    This changes default behavior for security reasons. The idea is to fail
    if package can't be verified from repository index as there is no hash
    supported to use for that. This prevents issue that packages can be
    potentially even falsified if index contains hashes unsupported by
    updater or even no hash at all.
    
    New extra argument was added to Repository command `pkg_hash_required`.
    This is considered in default as set to `true` but it can be
    overwritten and set to `false` to disable new behavior.
    
    This new behavior is reported by new feature in updater language:
    fatal_missing_pkg_hash
    e7f1fdac