On Fri, Aug 17, 2007 at 11:58:14AM +0000, Marc 'HE' Brockschmidt wrote: > Lars Wirzenius <liw@iki.fi> writes: > > pe, 2007-08-17 kello 10:07 +0200, Romain Francoise kirjoitti: > >> It seems to me that the time spent to generate it on the buildds is > >> probably insignificant compared to the total time needed to build > >> the package... And since generating it can be done with a trivial > >> shell command, it's not a complexity issue either. > > It strikes me that if we want to make it policy, having dpkg generate > > the checksums upon creating the .deb would be the simplest and best way > > to do it. This way we wouldn't have to change packages to do it, and if > > we ever want to change the format (sha1 as well as md5?) there's only > > one place to change it. > > Yes, that sounds like a good idea. It might also be interesting to not > put those into the control.tar.gz, but directly into the deb, so that it > can easily be extracted. OTOH that sucks because it would mean that we have to rebuild the whole archive that uses currently dh_md5sums, whereas we could just be backward compatible. Other issue, md5sums files are used in /var/lib/dpkg/info/ where dpkg puts the control.tar.gz's, and packages like debsums use it there. So we would have to patch dpkg to also extract files that are in the .deb into that directory as well, whereas it's already done for files in control.tar.gz automatically. All in all, I'd say it's a pretty bad idea for a minimal gain (control.tar.gz content is very small after all). But I agree that dpkg(-deb) is the place to plug this. -- ·O· Pierre Habouzit ··O madcoder@debian.org OOO http://www.madism.org
Attachment:
pgpk9DHGof2zP.pgp
Description: PGP signature