[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: dpkg-sig support wanted?

Scripsit Florian Weimer <fw@deneb.enyo.de>
> * Henning Makholm:

>>> I wouldn't use real base64, though, because it would mean that you can
>>> use its hashed output as a file name.

>> Good point. One might replace "/" with "_" and omit the final "=".
>> Having a "+" in the hash should be safe in most contexts.

> It should be replaced with "-".  Beyond alphanumerics, only ".", "_",
> "-" are in the POSIX portable filename character set[1], and some
> systems do not allow the character "+" in file names.

However there are already plenty of files with "+" in their names
involved in Debian (e.g. /usr/lib/libstdc++.so.6).

Having every 64th hash-based filename start with "-" or "." would lead
to failure modes for shell scripts (mistaking the filename for a
command line option, resp. missing it in globs) that are just
infrequent enough that they might not be observed before a
quick-and-dirty script is deployed.

I think the conclusion is that no simple substitution is at the same
time Posix friendly and friendly towards quick-and-dirty scripting.

(Yes: substitute /+ with _-, and then move the last character of the
base64 encoding to the front. Due to zero padding it must come from
the set [AEIMQUYcgkosw048].)

Henning Makholm                         "You want to know where my brain is,
                                    spetsnaz girl? Do you? Look behind you."

Reply to: