[ECFT] pkgng 0.1-alpha1: a replacement for pkg_install
Super Bisquit
superbisquit at gmail.com
Tue Mar 29 15:18:51 UTC 2011
I'm just going to clarify a statement I made earlier on this thread in order
to remove some possible misconceptions. One can only boot 32bit PPC on a
32bit PPC machines and have it work properly. The same applies for 64bit ppc
machines.
On Tue, Mar 29, 2011 at 8:11 AM, Julien Laffaye <jlaffaye at freebsd.org>wrote:
> On Tue, Mar 29, 2011 at 5:15 AM, Tim Kientzle <kientzle at freebsd.org>
> wrote:
> >>>>> II. Package signing.
> >>>>
> >>>> That would be really nice.
> >>>
> >>> Right know we only planned to sign the repo database, so we can trust
> >>> the sah256 of the packages stored in the database. Then if the package
> >>> has the same sha256 as the one in the repo database it is considered
> >>> trusted.
> >>> If we want a per-package signing, we would have a tarball in a tarball.
> >>
> >> I really expected this to have been mentioned already, but this approach
> (tarball in a tarball) is taken by Debian packages, and I don't remember
> hearing of any issues related to it. I don't think it's worth discounting
> from the start without giving some considerationg, but I will defer to the
> people actually doing the work.
> >
> > If you use libarchive-style streaming, it's even
> > pretty straightforward to read and extract such
> > things without having to create a bunch of
> > temporary files.
> >
> > You just need to be careful about compression.
>
> Agreed, if we dont want to verify the signature, we can extract the
> tarball in the tarball efficiently.
>
> But to verify the signature, we have to read the tarball in the
> tarball twice: the first time to compute the digest and verify the
> signature, the second time to do the real extraction.
> So I guess that the tarball containing the real package archive and
> the signature should be uncompressed. The real package archive would
> be compressed, though.
> _______________________________________________
> freebsd-hackers at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe at freebsd.org"
>
More information about the freebsd-ports
mailing list