Re: packages size versus files under dpkg control
On Thursday 15 September 2005 22:52, Roberto C. Sanchez wrote:
> On Thu, Sep 15, 2005 at 01:37:27PM -0400, Justin Pryzby wrote:
> > On Thu, Sep 15, 2005 at 01:33:20PM -0400, Roberto C. Sanchez wrote:
> > > On Thu, Sep 15, 2005 at 05:30:30PM +0000, Thaddeus H. Black wrote:
> > > > W. Borgert wrote:
> > > > > Back to your question: I personally hate files that are not
> > > > > under dpkg control, because you cannot check using debsums,
> > > > > dpkg -L, dpkg -S, etc.
> > > >
> > > > This raises a topic I do not understand very well.
> > > > Since we are already on the topic, may I ask for further
> > > > advice?
> > >
> > > Would there be a problem with shipping the package with a file of the
> > > same name and size 0, then have the postinst generate the file and
> > > replace the empty file with the new file? That also helps keeps things
> > > consistent as dpkg will automatically remove the generated file on
> > > package removal or purge.
> >
> > MD5sum will be incorrect.
> > /var/lib/dpkg/info/*.md5sums
> > Justin
>
> An excellent point.
>
> Perhaps we can make use of some the recent research in the area of MD5
> collisions :-)
You dont even need that ;-) since /var/lib/dpkg/info/*.md5sums are not under
dpkg control (dpkg -L, -S) and the hash sums of the files found there can be
altered in postinst scripts after the local regeneration of the cheaty files
beeing under dpkg control as explaned above.
This of course is again *disgusting*, since at least tools like dpkg-repack
wont do what you expect (will use the regenerated files on repacking package
back together). So, nasty tricks sould be avoided, since they are always
nasty </recursion> ;-)
--
pub 4096R/0E4BD0AB 2003-03-18 <people.fccf.net/danchev/key pgp.mit.edu>
fingerprint 1AE7 7C66 0A26 5BFF DF22 5D55 1C57 0C89 0E4B D0AB
Reply to: