Re: Bug #340306: Specification draft for signed debs
Hi,
On 06/11/2012 11:26 AM, Niels Thykier wrote:
> Archive support
> ---------------
>
> The FTP masters have requested that all signatures are stored in a
> single ar member of the deb. That "member should then contain a flat
> directory (ie no sub-directories) of signature files, [...]"
> (#340306#33).
> They suggested that the member should be named "signatures.tar.gz"
> (or so), but as it exceeds the name limits I will use "sigs.tar.gz"
> for now.
Do you want dak to eventually sign the packages? Note that this would
make them no longer match the hashes from the .changes.
Why is signatures.tar.gz too long? Is that a limitation of the ar format?
> deb format changes
> ------------------
>
> deb files can optionally have a member called "sigs.tar.gz" used for
> verifying the authenticity and integrity of contents of the deb file.
> The member should be the last, but may appear anytime after the
> data.tar member.
> Implementations should (still) ignore any member after the data.tar
> member except for the "sigs.tar.gz" if it is present.
>
> The "sigs.tar.gz" may be used to sign any member preceeding it in the
> deb file. Implementations are not required to check for signatures
> for any member occuring after the "sigs.tar.gz".
Do you plan to support partially-signed packages where only some members
are signed? I would suggest to treat such packages as having an invalid
signature as it is likely you will have bugs otherwise (where tools
treat unsigned members after the sigs.tar.gz as signed).
Ansgar
Reply to: