Date: Tue, 29 Mar 2011 13:11:38 +0100 From: Julien Laffaye <jlaffaye@freebsd.org> To: Tim Kientzle <kientzle@freebsd.org> Cc: ports@freebsd.org, Baptiste Daroussin <bapt@freebsd.org>, hackers@freebsd.org, Benjamin Kaduk <kaduk@mit.edu> Subject: Re: [ECFT] pkgng 0.1-alpha1: a replacement for pkg_install Message-ID: <AANLkTimDdtkSa03KeO8RYHWVJAgUvQPQxwH4FpVypZhV@mail.gmail.com> In-Reply-To: <DF9D9589-56C3-40DF-992F-9F62A2FC1173@freebsd.org> References: <20110325101111.GA36840__48943.3474642739$1301049771$gmane$org@azathoth.lan> <4D90C8EA.2000901@freebsd.org> <AANLkTinaz9Y6kgjQvdS1Pu%2Bkay50DUs6FubcbCxcc3W2@mail.gmail.com> <AANLkTi=uPaaxUVUDL3CPWByOeOZ2TjziUbrY7pJLQyAa@mail.gmail.com> <alpine.GSO.1.10.1103282328340.19944@multics.mit.edu> <DF9D9589-56C3-40DF-992F-9F62A2FC1173@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Mar 29, 2011 at 5:15 AM, Tim Kientzle <kientzle@freebsd.org> wrote: >>>>> II. Package signing. >>>> >>>> That would be really nice. >>> >>> Right know we only planned to sign the repo database, so we can trust >>> the sah256 of the packages stored in the database. Then if the package >>> has the same sha256 as the one in the repo database it is considered >>> trusted. >>> If we want a per-package signing, we would have a tarball in a tarball. >> >> I really expected this to have been mentioned already, but this approach= (tarball in a tarball) is taken by Debian packages, and I don't remember h= earing of any issues related to it. =A0I don't think it's worth discounting= from the start without giving some considerationg, but I will defer to the= people actually doing the work. > > If you use libarchive-style streaming, it's even > pretty straightforward to read and extract such > things without having to create a bunch of > temporary files. > > You just need to be careful about compression. Agreed, if we dont want to verify the signature, we can extract the tarball in the tarball efficiently. But to verify the signature, we have to read the tarball in the tarball twice: the first time to compute the digest and verify the signature, the second time to do the real extraction. So I guess that the tarball containing the real package archive and the signature should be uncompressed. The real package archive would be compressed, though.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTimDdtkSa03KeO8RYHWVJAgUvQPQxwH4FpVypZhV>