Currently repoman is happy with the following Manifest: DIST roman-1.4.0.tar.gz 3033 SHA256 f7bf0304e2a79279cc06d245b2b7f5a3872cddbaa2932db0cbacc12a77e477ec SHA512 e42f1b9e5b979773dfacc67af89bee470391e9eff2bb2eba78f0fe890fa3b6571536986bad0cef28029d9c65261fa199a1cfe4533d0552934b871a33e74a1b2b WHIRLPOOL 23454968d7d19557e63e74df6f689dfae5d878ce08162b47532694566695375aaacbaf0ee494fc73d4f3a750e4ec334fca7982eb58fa0f7eeab0dfe4c94db67c Issuing repoman manifest doesn't add required sha1 and rmd160 shakuras /cvs/gentoo-x86/dev-python/roman $ pcheck dev-python/roman UnstableOnly: for arch amd64, all versions are unstable: [ 1.4.0 ] UnstableOnly: for arch x86, all versions are unstable: [ 1.4.0 ] MissingChksum: version 1.4.0: file roman-1.4.0.tar.gz is missing required chksums: rmd160, sha1; has chksums: sha256, sha512, size, whirlpool I'd superb if repoman could also be aware of that ^^
(In reply to comment #0) > Issuing repoman manifest doesn't add required sha1 and rmd160 Is that with roman-1.4.0.tar.gz in $DISTDIR or not? We don't want it fetching files too aggressively, because that will be annoying for developers when we change the hashes for GLEP 59. For an outline of the changes in hashes that are planned, it's useful to refer to the following comments from http://git.overlays.gentoo.org/gitweb/?p=proj/portage.git;a=blob;f=pym/portage/const.py: After WHIRLPOOL is supported in stable portage: - Add SHA256 and WHIRLPOOL to MANIFEST2_HASH_DEFAULTS. - Remove SHA1 and RMD160 from MANIFEST2_HASH_*. - Set manifest-hashes in gentoo-x86/metadata/layout.conf as follows: manifest-hashes = SHA256 SHA512 WHIRLPOOL After WHIRLPOOL is supported in stable portage for at least 1 year: - Change MANIFEST2_REQUIRED_HASH to WHIRLPOOL. - Remove SHA256 from MANIFEST2_HASH_*. - Set manifest-hashes in gentoo-x86/metadata/layout.conf as follows: manifest-hashes = SHA512 WHIRLPOOL After SHA-3 is approved: - Add new hashes to MANIFEST2_HASH_*. After SHA-3 is supported in stable portage: - Set manifest-hashes in gentoo-x86/metadata/layout.conf as follows: manifest-hashes = SHA3 SHA512 WHIRLPOOL After layout.conf settings correspond to defaults in stable portage: - Remove redundant settings from gentoo-x86/metadata/layout.conf.
(In reply to comment #1) > (In reply to comment #0) > > Issuing repoman manifest doesn't add required sha1 and rmd160 > > Is that with roman-1.4.0.tar.gz in $DISTDIR or not? We don't want it > fetching files too aggressively, because that will be annoying for > developers when we change the hashes for GLEP 59. distfile was not present in $DISTDIR. Repoman doesn't need to download the file if you want to avoid it, but IMO repoman full should warn that chksums from MANIFEST2_HASH_DEFAULTS are missing.
Okay, a warning is easy enough to do. The digestgen function only forces fetch if portage.const.MANIFEST2_REQUIRED_HASH (currently SHA256) is missing.
repoman support has been removed per bug 835013. Please file a new bug (or, I suppose, reopen this one) if you feel this check is still applicable to pkgcheck and doesn't already exist.
