Improve SHA* marking

[tschmidtb51]

We need to improve the error message for requirement 18, if only one hash is found: Currently, it reports the other one as missing and labels that as an error. This applies only, if the missing hash wasn't listed in the ROLIE feed.

[h4b4n3r0]

I can confirm this issue. It is still appearing.

[tschmidtb51]

This is in the current version (v2.2.1-95-ga65fead) even worse as SHA-512 or SHA-256 that are missing result in failing of requirement 18.

[tschmidtb51]

At least the following cases must be covered:

1. Just SHA256 present and listed in ROLIE => INFO: SHA512 not present
2. Just SHA512 present and listed in ROLIE => INFO: SHA256 not present
3. Just SHA256 present and folder based distribution used => INFO: SHA512 not present
4. Just SHA512 present and folder based distribution used => INFO: SHA256 not present
5. Just SHA256 present, but both listed in ROLIE => WARN: SHA512 not present
6. Just SHA512 present, but both listed in ROLIE => WARN: SHA256 not present
7. No SHA listed in only ROLIE-based distribution => ERROR (in 18)
8. No SHA listed in ROLIE-based distribution, but SHAs present => ERROR (in 15)

For the first 4 cases, it would be nice to collapse the message to one summary, if it is true for all tested advisories.

[bernhardreiter]

Shall this done as part of service+dev? Just add the label.

[tschmidtb51]

Looking at the issue again, I think an additional option would be nice, where I could explicitly point out which hash should be looked for.