apt-cmd validate does not properly validate tag manifests if the BagIt profile says tag manifests are optional #3
Description
What Happens
The APTrust BagIt profile allows tag manifests with md5 and sha256 algorithms, but it does not require any tag manifests. If a bag includes a tag manifest with invalid checksums, the apt-cmd validator will say the bag is valid.
What Should Happen
The validator should compare the checksums in the tag manifest to the actual checksums of the tag files.
Steps To Reproduce
- Change into the directory testbags/aptrust.
- Run this command to validate bad-tag-manifests.tar with the APTrust profile:
apt-cmd bag validate -p aptrust bad-tag-manifests.tar
Expected: The bag fails validation with messages about tag files not matching checksums in tagmanifest-md5.txt.
Actual: The validator says Bag is valid according to aptrust profile.
The validator in preservation services does catch these errors, so let's use that as a reference when fixing this.