Module 1: Package Fetch and Verify
Project Leader: Available
If you are interested in volunteering for project leader for this module, please e-mail . You will need to feel confident designing the entire module by yourself.
Definition: Identifies and retrieves the source code required for the application to build. Once obtained, it runs integrity and security checks on it..
Leverage Points:
- Prepares a directory of source code at a defined place that the build tools expect to find it.
- The SRC location will either be a local dir, or a URL.
At present this still needs to be decoupled from the build tools. The build tools do not need to know how to fetch a src tarball, they just need to expect to find a prepared and verified directory ready for them to compile in.
This module needs to become compatible with:
- Local build projects
- Vanilla Src TarBalls
- Secure or Encrypted Src Tarballs
- Varying levels of security checks
- Various encryption and checksum types