Re: Bug#540215: Introduce dh_checksums
Harald Braumann <firstname.lastname@example.org> writes:
> On Fri, Mar 19, 2010 at 05:56:40PM -0700, Russ Allbery wrote:
>> I think it would replace dh_*sums during package build time and make
>> obsolete including md5sums in the control.tar.gz. You don't really
>> want the signature and checksums to be inside one of the other data
>> members since that breaks, as Wouter points out, the ability to remove
>> the signature and checksums and verify against the original *.changes
>> file. And there's no need to include two copies of the checksums.
> There would only be one additional file, containing a detached
> signature for the checksum file. No duplication of checksums and it
> can easily be removed from the ar. But doing everything in one step,
> like you proposed, is better anyway.
Oh, I see what you're saying. Yeah, that could work too.
> To include checksums for control.tar.gz, just add them to the same
> checksum file, but with the paths, the files will have after package
> installation (/var/lib/dpkg/...).
Yeah, that would be one such convention. I don't know if that's better or
if adding a prefix of data: and control: to the path names would be
better. My guess is that the latter may be a bit more flexible for
possible long-term changes, like adding other deb members later for some
reason that we want to sign.
Russ Allbery (email@example.com) <http://www.eyrie.org/~eagle/>