Open einsteinsfool opened 6 years ago
How many packages provide SHA256? I would like to have at least 100 packages before something like this is implemented.
That taked some time but I have 100 packages. I did not check all packages. Started with packages with names I recognized or ones that might have checksums because of their usage and then when I was reaching last packages I checked almost all of them. https://ideone.com/WcqVMb
great work! Thank you.
qBittorrent
qBittorrent 64 bit
Gimp
KeePass Pro
KeePass Classic
KeePassXC
LibreOffice
LibreOffice 64 bit
VeraCrypt
VLC
VLC 64 bit
WinSCP
Putty
Wireshark
Wireshark 64 bit
Audacity
Git
Git 64 bit
Zenmap
Anaconda
Anaconda 64 bit
Android Studio
Ant
Apache HTTP Server
Apache OpenOffice
Arduino
Bitcomet
Bitcomet 64 bit
Blender
Blender 64 bit
Boost
Calibre
Calibre 64 bit
Cyberfox
Cyberfox 64 bit
DBeaver
DBeaver 64 bit
FileZilla Client
FileZilla Client 64 bit
Gparted
Ghostscript
Ghostscript 64 bit
GnuPG
Go
Go 64 bit
Handbrake
Handbrake 64 bit
HexChat
HexChat 64 bit
ImageMagick
ImageMagick 64 bit
IrFanView
JDK
JDK 64 bit
JRE
JRE 64 bit
JMeter
Julia Language
Julia Language 64 bit
MSYS2
MSYS2 64 bit
NetBeans
Node.js
Node.js 64 bit
Open Connect
Pale Moon
Pale Moon 64 bit
PeaZip
PeaZip 64 bit
PhantomJS
Programmer's Notepad
PyGObject
PyGTK
Qt Creator
Qt Linguist
Qt for MinGW installer
Qt for MinGW-w64
Qt for MinGW-w64 64 bit
Qt source
QupZilla
Ruby
Ruby 64 bit
SMPlayer
SMPlayer 64 bit
SWI-Prolog
SWI-Prolog 64 bit
Sigil
Sigil 64 bit
SyncTrayzor
SyncTrayzor 64 bit
Synfig Studio
Synfig Studio 64 bit
SysGauge
SysGauge 64 bit
Tomcat
Tomcat 64 bit
Vagrant
Vagrant 64 bit
Virtualbox
Virtualbox 64 bit
It's awesome that Npackd calculates SHA256 sum of each downloaded package and compares it to the one a maintainer provided. It increases the probability that the package was not intercepted and swapped. But it would be better if SHA256 sums provided by package developers were used.
Npackd could have additional fields for each package that would detect a SHA256 sum. E.g. for 64bit qBitTorrent the discovery page would be
https://www.qbittorrent.org/download.php
and the discovery regular expression would be64-bit\sinstaller</td>\s*<td\sclass="wordBreak">\s*<code>([a-f\d]+)
. For other packages (like KeePassXC) it would have to download a .txt file and get SHA256 from it.I wanted to try to code it myself but wasn't able to build Npackd by following BUILD.txt.