From owner-cvs-all  Wed Feb  7  0:54:10 2001
Delivered-To: cvs-all@freebsd.org
Received: from homer.softweyr.com (bsdconspiracy.net [208.187.122.220])
	by hub.freebsd.org (Postfix) with ESMTP
	id 6D51E37B698; Wed,  7 Feb 2001 00:53:17 -0800 (PST)
Received: from [127.0.0.1] (helo=softweyr.com ident=Fools trust ident!)
	by homer.softweyr.com with esmtp (Exim 3.16 #1)
	id 14QQUZ-0000Hv-00; Wed, 07 Feb 2001 02:02:23 -0700
Message-ID: <3A810F1F.5C067310@softweyr.com>
Date: Wed, 07 Feb 2001 02:02:23 -0700
From: Wes Peters <wes@softweyr.com>
Organization: Softweyr LLC
X-Mailer: Mozilla 4.75 [en] (X11; U; Linux 2.2.12 i386)
X-Accept-Language: en
MIME-Version: 1.0
To: Kris Kennaway <kris@obsecurity.org>
Cc: Maxim Sobolev <sobomax@FreeBSD.org>, cvs-committers@FreeBSD.org,
	cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/usr.sbin/pkg_install/sign Makefile 
 READMEcheck.ccommon.c extern.h gzip.c gzip.h main.c pgp.h 
 pgp_check.cpgp_sign.cpkg_sign.1 sha1.c sign.c stand.c stand.h x509.c
References: <200102060646.f166kgf65013@freefall.freebsd.org>
	 <3A7FB338.57B1EE07@FreeBSD.org> <3A80324E.8F170DDF@softweyr.com> <20010206193030.A17973@mollari.cthul.hu>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Kris Kennaway wrote:
> 
> On Tue, Feb 06, 2001 at 10:20:14AM -0700, Wes Peters wrote:
> >
> > I'll be looking at ways to extend it to sign bzipped archives also, but the
> > intent is to provide a way to verify that packages have been correctly
> > transmitted across some distribution mechanism, and may mutate into something
> > that has nothing to do with the gzip header used now.
> 
> The long-talked about plan to use .zip for packageNG is also relevant
> here. The code which does the signing is independent of how it
> attaches the signatures to the archive.

See immediately previous conversation with Jeremy Lea in this forum.  The
gzip header wasn't an ideal location, it was just what the code inherited
from OpenBSD.  Adding an @sign {type} {data} directive to the packing list
was next on my list of things to do with this code, but it got shelved
last summer because this was working well enough for what it needed to do.
For FreeBSD, I'm perfectly willing to take the next (several, if necessary)
steps.

	(This week was spent dreaming up ways to make packages that 
	can be installed on a running system, or into a chroot image 
	on disk being prepared for duplication.  Augh!)

-- 
            "Where am I, and what am I doing in this handbasket?"

Wes Peters                                                         Softweyr LLC
wes@softweyr.com                                           http://softweyr.com/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message