[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Revival of the signed debs discussion


Goswin von Brederlow wrote:
> PS: I favour method C and would esspecially like some feedback on the
> technical aspect.  Can a "_deb_signature" file be savely added to the
> end of a deb without breaking existing tools (apt/dpkg/dinstall)?

I'd favor C, too. (And with be I'd prefer "cat *.changes" over "tar" if
it's gonna be B...)

However: As "md5sum my.deb ; ar q my.deb _deb_signature ; ar d my.deb
_deb_signature ; md5sum my.deb"  gives two different lines, I'd think
signing the individual members of the deb, not the deb in itself is
preferable (or sign a list of md5sum's or whatever). (Even if there is
some way to restore the old deb, I'd think something like the above
should be possible.)

Lets have some experiments:
For me (i386), slink "dpkg -i" breaks, potato "dpkg -i" (version 1.6.14)
works with an appended _deb_signature.

BTW: This is offtopic, but it seems that potato is neither in debian/
nor in debian-archive/?



Attachment: pgpUQ9HMU5ksa.pgp
Description: PGP signature

Reply to: