[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug #340306: Specification draft for signed debs

On Mon, 2012-06-11 at 13:24:12 +0200, Niels Thykier wrote:
> On Jun 11, 2012 12:21 "Ansgar Burchardt" <ansgar@debian.org> wrote:
> > Why is signatures.tar.gz too long? Is that a limitation of the ar
> > format?
> According to ar(1), it depends on the "implementation" of ar.
> """
> GNU ar can maintain archives whose members have names of any length; [...]
> If it exists, the limit is often 15 characters (typical of formats related to a.out) or 16 characters (typical of formats related to coff).
> """
> To be honest, I am not sure if deb is subject to these limits, but I assumed
> it was better to err on the side of backwards compatibility here  (deb(5)
> does not seem to document a limit or lack thereof).

There are the BSD and GNU extensions to the common ar format to store
long names in ar archives. dpkg only supports the common format and
supports neither of those extensions, because there's really no need.
I'll add the filename limits in the deb(5) man page too.

> In particular, debsig-verify currently assumes ar members to be at most 15
> characters... though that may a flawed assumption in debsign-verify.

ar filenames in the common format can be up to 16 characters, but
depending on the variant used they might contain a trailing ‘/’,
dpkg supports both variants (w/ and w/o the ‘/’) so that limits the
filenames to 15 characters. Also some implementations might ignore the
16th character if it's no ‘/’ (GNU binutils appears to do that for


Reply to: