Skip to content

lib: update for which file we look for hashes

Karel Koci requested to merge sha256sum into master

The hashes of modified files are now stored in file *.files-sha256sum instead of *.files-sha256.

It turns out that we also were not reading the *.files-sha256 and thus move of modified files actually did not work.

Implements #320 (closed).

Note: we do not have to update updater to first to ensure security as this is hash file for files in package not the other way around. The change in file in package causes change of hash of package and thus in index (that is what we check) and thus there is no need for updating updater early to prevent some kind of injection. This only affects case when we read already installed packages on the system.

Edited by Miroslav Hanak

Merge request reports