Re: Bug#540215: Introduce dh_checksums

To: debian-devel@lists.debian.org
Subject: Re: Bug#540215: Introduce dh_checksums
From: Russ Allbery <rra@debian.org>
Date: Sat, 20 Mar 2010 06:13:14 -0700
Message-id: <[🔎] 878w9ncf11.fsf@windlord.stanford.edu>
In-reply-to: <[🔎] 20100320122752.GD1000@nn.nn> (Harald Braumann's message of "Sat, 20 Mar 2010 13:27:52 +0100")
References: <[🔎] 20100310143214.GE10578@celtic.nixsys.be> <[🔎] 20100311173710.GC25679@nn.nn> <[🔎] 87aaue898o.fsf@frosties.localdomain> <[🔎] 20100312221356.GJ3902@celtic.nixsys.be> <[🔎] 87eijj7523.fsf@frosties.localdomain> <[🔎] 20100317103100.GA18915@celtic.nixsys.be> <[🔎] 1268956013.11872.58.camel@solid.paris.klabs.be> <[🔎] 871vfhchnc.fsf@windlord.stanford.edu> <[🔎] 20100320004007.GC1000@nn.nn> <[🔎] 87eijfstdj.fsf@windlord.stanford.edu> <[🔎] 20100320122752.GD1000@nn.nn>

Harald Braumann <harry@unheit.net> writes:
> On Fri, Mar 19, 2010 at 05:56:40PM -0700, Russ Allbery wrote:

>> I think it would replace dh_*sums during package build time and make
>> obsolete including md5sums in the control.tar.gz.  You don't really
>> want the signature and checksums to be inside one of the other data
>> members since that breaks, as Wouter points out, the ability to remove
>> the signature and checksums and verify against the original *.changes
>> file.  And there's no need to include two copies of the checksums.

> There would only be one additional file, containing a detached
> signature for the checksum file. No duplication of checksums and it
> can easily be removed from the ar. But doing everything in one step,
> like you proposed, is better anyway.

Oh, I see what you're saying.  Yeah, that could work too.

> To include checksums for control.tar.gz, just add them to the same
> checksum file, but with the paths, the files will have after package
> installation (/var/lib/dpkg/...).

Yeah, that would be one such convention.  I don't know if that's better or
if adding a prefix of data: and control: to the path names would be
better.  My guess is that the latter may be a bit more flexible for
possible long-term changes, like adding other deb members later for some
reason that we want to sign.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to:

Follow-Ups:
- Re: Bug#540215: Introduce dh_checksums
  - From: Harald Braumann <harry@unheit.net>

References:
- Re: Bug#540215: Introduce dh_checksums
  - From: Wouter Verhelst <wouter@debian.org>
- Re: Bug#540215: Introduce dh_checksums
  - From: Harald Braumann <harry@unheit.net>
- Re: Bug#540215: Introduce dh_checksums
  - From: Goswin von Brederlow <goswin-v-b@web.de>
- Re: Bug#540215: Introduce dh_checksums
  - From: Wouter Verhelst <wouter@debian.org>
- Re: Bug#540215: Introduce dh_checksums
  - From: Goswin von Brederlow <goswin-v-b@web.de>
- Re: Bug#540215: Introduce dh_checksums
  - From: Wouter Verhelst <w@uter.be>
- Re: Bug#540215: Introduce dh_checksums
  - From: Frank Lin PIAT <fpiat@klabs.be>
- Re: Bug#540215: Introduce dh_checksums
  - From: Russ Allbery <rra@debian.org>
- Re: Bug#540215: Introduce dh_checksums
  - From: Harald Braumann <harry@unheit.net>
- Re: Bug#540215: Introduce dh_checksums
  - From: Russ Allbery <rra@debian.org>
- Re: Bug#540215: Introduce dh_checksums
  - From: Harald Braumann <harry@unheit.net>

Prev by Date: Re: Bug#540215: Introduce dh_checksums
Next by Date: Re: Bug#540215: Introduce dh_checksums
Previous by thread: Re: Bug#540215: Introduce dh_checksums
Next by thread: Re: Bug#540215: Introduce dh_checksums
Index(es):
- Date
- Thread