plakar icon indicating copy to clipboard operation
plakar copied to clipboard
verified publisher icon poolpOrg

Fix pkg build checksum

Open pata27 opened this issue 3 months ago • 0 comments

Implement checksum verification for pkg build clone

  • After cloning the git repo, if recipe.Checksum is provided, verify the HEAD commit hash matches
  • Use 'git rev-parse HEAD' to get the commit hash
  • Fail the build if checksum doesn't match to prevent using tampered code
  • Remove TODO comment as checksum verification is now implemented

This ensures the cloned repository matches the expected commit for security.

pata27 avatar Oct 06 '25 13:10 pata27