[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#540215: Introduce dh_checksums

Harald Braumann <harry@unheit.net> writes:
> On Fri, Mar 19, 2010 at 05:56:40PM -0700, Russ Allbery wrote:

>> I think it would replace dh_*sums during package build time and make
>> obsolete including md5sums in the control.tar.gz.  You don't really
>> want the signature and checksums to be inside one of the other data
>> members since that breaks, as Wouter points out, the ability to remove
>> the signature and checksums and verify against the original *.changes
>> file.  And there's no need to include two copies of the checksums.

> There would only be one additional file, containing a detached
> signature for the checksum file. No duplication of checksums and it
> can easily be removed from the ar. But doing everything in one step,
> like you proposed, is better anyway.

Oh, I see what you're saying.  Yeah, that could work too.

> To include checksums for control.tar.gz, just add them to the same
> checksum file, but with the paths, the files will have after package
> installation (/var/lib/dpkg/...).

Yeah, that would be one such convention.  I don't know if that's better or
if adding a prefix of data: and control: to the path names would be
better.  My guess is that the latter may be a bit more flexible for
possible long-term changes, like adding other deb members later for some
reason that we want to sign.

Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to: