Re: debsums for maintainer scripts
On Thu, 4 Dec 2003 13:02:57 +0100, Bernhard R Link <email@example.com> said:
> * Goswin von Brederlow <firstname.lastname@example.org>
> [031204 02:46]:
>> "Bernhard R. Link" <email@example.com> writes:
>> > I don't think so. md5-calculation it not the fastest thing
>> > (especially on non-i386 it often feels like downloading and
>> > installing together needs less time than the md5sum-verification.
>> > So this should be switched off, but then it will be missing when
>> > one needs them.
>> The md5sum file should be generated at build time, signed and only
>> the signature kept. The signature is small enough not to cause
>> bloat, it can be included in the Package file or a Signatures.gz
>> file containing all signatures could be maintained in the archive.
> That still adds the burden of calculating them all after installing.
> I also think it is hardly possible to regenerate the .md5sums file
> in a way the signature will be kept. It would need to never change
> which files are included and how they are sorted. It could also
> cause problems with more sophisticated Replaces and may bite with
> other things I cannot even think about.
Simple: we already store the lists of files in a package; use
that to regenerate the file. I mean, you are assuming thet
/var/lib/dpkg/info has been uncorrupted, after all.
> Only if there is a reliable way to regenerate them at instalation
Sure there is. (Just tested -- I regenerated a file several
times in a row like so: cat /var/lib/dpkg/info/mailagent.list | while
read i; do test -f $i && do j=$(md5sum $i); done).
> And if one decided to save the time to calculate them or save the
> space by freeing the generated .md5sums file, bringing the system
> back in a state where such integrity can be checked is almost
> equivalent to a reinstall, while extracting the classical .md5sums
> file from an package pool (local mirror, set of CDs ...) and putting
> them back in place is very simple and needs far less processing
If you have the .debs available, is it not simpler to just do:
__> ar p \
data.tar.gz | tar zfd - | grep 'Contents differ'
No, that'd be silly. Larry Wall in <199710221710.KAA24242@wall.org>
Manoj Srivastava <firstname.lastname@example.org> <http://www.debian.org/%7Esrivasta/>
1024R/C7261095 print CB D9 F4 12 68 07 E4 05 CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C