From owner-freebsd-ports@FreeBSD.ORG Tue Mar 29 12:11:39 2011 Return-Path: Delivered-To: ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9045B1065674; Tue, 29 Mar 2011 12:11:39 +0000 (UTC) (envelope-from julien.laffaye@gmail.com) Received: from mail-yx0-f182.google.com (mail-yx0-f182.google.com [209.85.213.182]) by mx1.freebsd.org (Postfix) with ESMTP id 1D2288FC0A; Tue, 29 Mar 2011 12:11:38 +0000 (UTC) Received: by yxl31 with SMTP id 31so36009yxl.13 for ; Tue, 29 Mar 2011 05:11:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=Ci8ODG+VI3291wJnvVCkslY7qvQQVJFj4vO4xHOZLRc=; b=hq+WRSveAK7rLcfkk4OQ07nZWd4+EqDw88tws0dnAUGHKu9vuJOZ+fqsS4xKha3PLe sfdeyXyY0lR/Sbwn3MQyL3XBhB4dOyCDhk9qGGWF2Gm1oeObwNRT99zyIai0hKl5kZtH ssvDTI2eBBILUJCzeic82+fUSlQrb+PQ9O9/8= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; b=eStgeJpCfwoyJQvF/E4570dC0GlXzSAlQOAJJmjlH0Vgicu7nUzRw+Y5vvFvEmgk6c AsaiAEYpXJR9E24RWEIlimKuYqJTxrVyMp9wzviFzBbNlpfQtu4LeGEWqzRVoRYSd3+n NcQJknqNnND+u9J9PNMi0S5fZWJSFTtu9eW+s= MIME-Version: 1.0 Received: by 10.236.185.200 with SMTP id u48mr1105575yhm.135.1301400698232; Tue, 29 Mar 2011 05:11:38 -0700 (PDT) Sender: julien.laffaye@gmail.com Received: by 10.236.109.33 with HTTP; Tue, 29 Mar 2011 05:11:38 -0700 (PDT) In-Reply-To: References: <20110325101111.GA36840__48943.3474642739$1301049771$gmane$org@azathoth.lan> <4D90C8EA.2000901@freebsd.org> Date: Tue, 29 Mar 2011 13:11:38 +0100 X-Google-Sender-Auth: 9vA5VRb-Wglgx-SuCz1A5xFXA9I Message-ID: From: Julien Laffaye To: Tim Kientzle Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: ports@freebsd.org, Baptiste Daroussin , hackers@freebsd.org, Benjamin Kaduk Subject: Re: [ECFT] pkgng 0.1-alpha1: a replacement for pkg_install X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Mar 2011 12:11:39 -0000 On Tue, Mar 29, 2011 at 5:15 AM, Tim Kientzle wrote: >>>>> II. Package signing. >>>> >>>> That would be really nice. >>> >>> Right know we only planned to sign the repo database, so we can trust >>> the sah256 of the packages stored in the database. Then if the package >>> has the same sha256 as the one in the repo database it is considered >>> trusted. >>> If we want a per-package signing, we would have a tarball in a tarball. >> >> I really expected this to have been mentioned already, but this approach= (tarball in a tarball) is taken by Debian packages, and I don't remember h= earing of any issues related to it. =A0I don't think it's worth discounting= from the start without giving some considerationg, but I will defer to the= people actually doing the work. > > If you use libarchive-style streaming, it's even > pretty straightforward to read and extract such > things without having to create a bunch of > temporary files. > > You just need to be careful about compression. Agreed, if we dont want to verify the signature, we can extract the tarball in the tarball efficiently. But to verify the signature, we have to read the tarball in the tarball twice: the first time to compute the digest and verify the signature, the second time to do the real extraction. So I guess that the tarball containing the real package archive and the signature should be uncompressed. The real package archive would be compressed, though.