[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: dpkg-sig support wanted?

On Mon, Nov 28, 2005 at 12:09:33PM -0600, Peter Samuelson wrote:
> I still think two-byte prefixes for non-md5-non-sha1 hashes makes some
> sense, like s- for sha-256.  Avoids the filename encoding issue you
> mentioned later (unless we want to encode newlines).

The encoding issues are only for doing base64 (or similar compression)
or filename encoding, so you can't avoid them :)

> > OTOH, it would be far more convenient for *us* if it supported the
> > .changes style we use, ie:
> >   MD5Sum:
> >     hash size filename
> This might be generally reasonable, 

Doesn't matter if it's generally reasonable, it's needed by *us*. That's
the format we use in .changes, in .dscs and Sources, and in Release.
It's silly to have a useful format, then not have tools that
conveniently check it, particularly if we're writing our own.

> >   $ dsum -a sha1 foo; sha1sum foo
> >   f572d396fae9206628714fb2ce00f72e94f2258f  foo
> >   f572d396fae9206628714fb2ce00f72e94f2258f  foo
> > 
> >   $ dsum -d foo
> >   SHA1Sum:
> >    f572d396fae9206628714fb2ce00f72e94f2258f 6 foo
> > 
> >   $ dsum -b foo
> >   SHA1 (foo) = f572d396fae9206628714fb2ce00f72e94f2258f
> What's the " 6 " above?  

wc -c foo. foo was "hello\n" for reference. (And it probably should've
been SHA1: not SHA1Sum: too)

> > (Note that "dsum" would probably need to become Priority:required,
> > and possibly Essential:yes, with the complications that entails)
> Hmmm, promoting libgcrypt11 + libgpg-error0 to Required adds 516 kB on
> i386, plus a trivial amount for dsum itself.  I wonder if it'd be
> better to just copy / paste the algorithm code into dsum.

libssl0.9.8 is 860kB of .deb, 2MB installed. It's possible that libssl
would be too much of a nuisance wrt transitions to use, at least


Attachment: signature.asc
Description: Digital signature

Reply to: