Re: debsums for maintainer scripts
On 04 Dec 2003 02:44:31 +0100, Goswin von Brederlow <email@example.com> said:
> "Bernhard R. Link" <firstname.lastname@example.org> writes:
>> * Manoj Srivastava <email@example.com> [031203 20:12]:
>> > Before we make such a push, we should at least ensure that it
>> > is something we really want to do. I think locally generated
>> > checksums are a better solution.
>> I don't think so. md5-calculation it not the fastest thing
>> (especially on non-i386 it often feels like downloading and
>> installing together needs less time than the md5sum-verification.
>> So this should be switched off, but then it will be missing when
>> one needs them.
> The md5sum file should be generated at build time, signed and only
> the signature kept. The signature is small enough not to cause
> bloat, it can be included in the Package file or a Signatures.gz
> file containing all signatures could be maintained in the archive.
Good, except that now we have no checksum checks for the most
critical files on my system -- the ones that tailor all software that
runs to my environment. Generating the md5sums on install for atleast
the conffiles should still be considered, since the checksums for the
conffiles on my system often bear little resemblance to the md5sums
for the conffiles shipped with the package.
> When one needs to verify the md5sum files can be generated
> (dpkg-repack and then generate them) and compared.
__> cat /var/lib/dpkg/info/mailagent.list | while read i; do test -f $i \
&&&& md5sum $i; done
> Or the files can be generated at install time and stored
> too. Intrusion detection systems could use those files then since
> the signature preventstampering. It would be the users choice.
Now she speaks rapidly. "Do you know *why* you want to program?" He
shakes his head. He hasn't the faintest idea. "For the sheer *joy* of
programming!" she cries triumphantly. "The joy of the parent, the
artist, the craftsman. "You take a program, born weak and impotent as
a dimly-realized solution. You nurture the program and guide it down
the right path, building, watching it grow ever stronger. Sometimes
you paint with tiny strokes, a keystroke added here, a keystroke
changed there." She sweeps her arm in a wide arc. "And other times
you savage whole *blocks* of code, ripping out the program's very
*essence*, then beginning anew. But always building, creating,
filling the program with your own personal stamp, your own quirks and
nuances. Watching the program grow stronger, patching it when it
crashes, until finally it can stand alone -- proud, powerful, and
perfect. This is the programmer's finest hour!" Softly at first,
then louder, he hears the strains of a Sousa march. "This ... this is
your canvas! your clay! Go forth and create a masterwork!"
Manoj Srivastava <firstname.lastname@example.org> <http://www.debian.org/%7Esrivasta/>
1024R/C7261095 print CB D9 F4 12 68 07 E4 05 CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C