Date: Tue, 29 Mar 2011 10:50:31 -0400 From: Super Bisquit <superbisquit@gmail.com> To: Julien Laffaye <jlaffaye@freebsd.org> Cc: ports@freebsd.org, Baptiste Daroussin <bapt@freebsd.org>, Tim Kientzle <kientzle@freebsd.org>, Benjamin Kaduk <kaduk@mit.edu>, hackers@freebsd.org Subject: Re: [ECFT] pkgng 0.1-alpha1: a replacement for pkg_install Message-ID: <AANLkTi=Uvhgp5m_Sk82-NMz_G5_c7Ra_bgVtDC%2B-iHxW@mail.gmail.com> In-Reply-To: <AANLkTimDdtkSa03KeO8RYHWVJAgUvQPQxwH4FpVypZhV@mail.gmail.com> References: <20110325101111.GA36840__48943.3474642739$1301049771$gmane$org@azathoth.lan> <4D90C8EA.2000901@freebsd.org> <AANLkTinaz9Y6kgjQvdS1Pu%2Bkay50DUs6FubcbCxcc3W2@mail.gmail.com> <AANLkTi=uPaaxUVUDL3CPWByOeOZ2TjziUbrY7pJLQyAa@mail.gmail.com> <alpine.GSO.1.10.1103282328340.19944@multics.mit.edu> <DF9D9589-56C3-40DF-992F-9F62A2FC1173@freebsd.org> <AANLkTimDdtkSa03KeO8RYHWVJAgUvQPQxwH4FpVypZhV@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I'm just going to clarify a statement I made earlier on this thread in order to remove some possible misconceptions. One can only boot 32bit PPC on a 32bit PPC machines and have it work properly. The same applies for 64bit ppc machines. On Tue, Mar 29, 2011 at 8:11 AM, Julien Laffaye <jlaffaye@freebsd.org>wrote: > On Tue, Mar 29, 2011 at 5:15 AM, Tim Kientzle <kientzle@freebsd.org> > wrote: > >>>>> II. Package signing. > >>>> > >>>> That would be really nice. > >>> > >>> Right know we only planned to sign the repo database, so we can trust > >>> the sah256 of the packages stored in the database. Then if the package > >>> has the same sha256 as the one in the repo database it is considered > >>> trusted. > >>> If we want a per-package signing, we would have a tarball in a tarball. > >> > >> I really expected this to have been mentioned already, but this approach > (tarball in a tarball) is taken by Debian packages, and I don't remember > hearing of any issues related to it. I don't think it's worth discounting > from the start without giving some considerationg, but I will defer to the > people actually doing the work. > > > > If you use libarchive-style streaming, it's even > > pretty straightforward to read and extract such > > things without having to create a bunch of > > temporary files. > > > > You just need to be careful about compression. > > Agreed, if we dont want to verify the signature, we can extract the > tarball in the tarball efficiently. > > But to verify the signature, we have to read the tarball in the > tarball twice: the first time to compute the digest and verify the > signature, the second time to do the real extraction. > So I guess that the tarball containing the real package archive and > the signature should be uncompressed. The real package archive would > be compressed, though. > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTi=Uvhgp5m_Sk82-NMz_G5_c7Ra_bgVtDC%2B-iHxW>