REAPI: The `hashes` field isn't checked for build_rule()

[Tatskaari]

This is tricky to implement. Currently Please will try and number of different algorithms to calculate the output hash of a rule, and compare these against the list of hashes on the build rule.

The REAPI fetch endpoints support providing sri validation with the fetch requires. This can be used to validate hashes for remote_file() however no such feature exists for execution requests.

To calculate the hash as it would be locally, Please would need access to the output files of the build action, which would require downloading them. This is an option though it's rather inefficient. The other option is to require that the output hashes passed to build_rule() must match the algorithm used by the REAPI server. This way we can just sum the digests of the output files provided in the action result.

[stale[bot]]

This issue has been automatically marked as stale because it has not had any recent activity in the past 90 days. It will be closed if no further activity occurs. If you require additional support, please reply to this message. Thank you for your contributions.