GithubActions icon indicating copy to clipboard operation
GithubActions copied to clipboard
verified publisher icon ScoopInstaller

[Bug] Manifest consistency not checked before/after autoupdate

Open z-Fng opened this issue 2 months ago • 0 comments

Description

Manifest consistency check is not performed after a real force update (running checkver.ps1).

It only ensures that the update runs successfully, but does not guarantee that the manifest remains the same before and after execution.

This can lead to situations where incorrect manifests go unnoticed, potentially causing installation or autoupdate issues.

Steps to Reproduce

For instance, create a PR which incorrectly modify autoupdate.hash without running checkver:

  • https://github.com/z-Fng/Scoop-Extras/pull/12

Related PRs

  • https://github.com/ScoopInstaller/Extras/pull/16054 See: https://github.com/ScoopInstaller/Extras/pull/16054#issuecomment-3407674010
  • https://github.com/ScoopInstaller/Extras/pull/15575 https://github.com/ScoopInstaller/Extras/pull/15767
  • https://github.com/ScoopInstaller/Extras/pull/16533

z-Fng avatar Oct 15 '25 18:10 z-Fng