curdling icon indicating copy to clipboard operation
curdling copied to clipboard
verified publisher icon clarete

Implement Hash Verification in Downloader

Open clarete opened this issue 12 years ago • 0 comments

Curdling should parse the fragment of any downloaded URL and check for hashes. Each available hash (specified in the format algorithm=hash) should be compared against the hash of the content after the download. The exception HashVerificationFailed should be raised in any mismatch.

Just like in pip, the following hashes should be supported: sha1, sha224, sha384, sha256, sha512, md5.

Example of URL with hash fragment

https://pypi.python.org/packages/source/c/curdling/curdling-0.3.6.tar.gz#md5=4caac1cee5c5c629a0d3b40496382b13

Questions

  • Not sure if the hash the only argument in the fragment. The implementation will consider that it is true for now;
  • Not sure if the user should be allowed to specify more than one hash. The implementation will get only the first one for now;

clarete avatar Nov 03 '13 15:11 clarete