Re: Bug#540215: Introduce dh_checksums
On Fri, 2010-03-19 at 17:40 +0100, Wouter Verhelst wrote:
> On Thu, Mar 18, 2010 at 04:52:07PM -0700, Russ Allbery wrote:
> > You add an additional ar member that contains the signed checksums of all
> > of the files in data.tar.gz, possibly another additional member that
> > contains the signed checksums for control.tar.gz, or you document some
> > convention so that you can combine both into the same signed checksum
> > document.
> That'd work pretty well, indeed. It would also have the advantage of
> making it theoretically possible to reverse the addition of the
> signatures again, should one want to re-verify against the original
> .changes file for some reason. That's of course assuming that the
> combination of "ar a" and "ar d" in whatever way dpkg does that is
> idempotent, but I don't see why it couldn't be.
> And as you say, this can be implemented in dak. That would have the
> advantage of not requiring keys on the buildds.
> So now that it's been reduced to a technical problem, who's going to do
> the implementation?
Yes, this solution is elegant. It shouldn't break anything, it is
self-contained in the package.
> I'm prepared to look at a dpkg patch, but Python
> just does not work for me.
My priority is the md5sum replacement, but I'll be happy to help if/when