[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#161593: apt-utils: apt-ftparchive fumbles on signed debs

On Mon, 23 Sep 2002 11:29:46 -0500
Branden Robinson <branden@debian.org> wrote:

> On Sun, Sep 22, 2002 at 10:08:26PM -0700, Randolph Chung wrote:

> > 
> We should be liberal in what we accept and conservative in what we
> generate.  For years we've said .debs are "just ar files", but we
> committed ourselves to a SysV-style ar(1) on the system a long time ago.
> Something's got to give.
> 
> > it seems to be reasonable that "standard" Debian deb creation tools 
> > should create debs in the same format.... debsigs shouldn't be
> > silently converting debs to different ar formats....
> 
> It only did so because I shared the completely ridiculous assumption
> that you could create a Debian package ("which is just an ar file")
> using the ar(1) command.
> 
> I don't mind changing debsigs to generate a more politically-correct
> Debian package file format.  What I mind is the pretense that the
> actual behavior of the ar(1) command doesn't matter, and can be safely
> ignored; that is, we don't have to actually fess up to the fact that
> we've been deceiving people about the practicality of being able to use
> "standard tools" to "manipulate Debian packages".
> 

As far as i aware there is no standard ar command in that not standards
body accepts any specific implementation of it as being the one true
format that should be used.

Do you have a url handy for the SysV ar definition ?

> At the very least, Debian should provide a BSD-style ar command that
> will operate on .deb files in a politically correct fashion.  I'm open
> to suggestions for what it should be called, and (I'm going to regret
> this), I'm even prepared to package it.
> 
> However, I think a *better* solution is:
> 
> 1) Make dpkg and apt understand SysV/GNU ar files; *and*
> 2) Patch ar from GNU binutils to be able to generate BSD-style ar files;
> and 3) Prominently document the requirements we make of .deb files in
> deb(5).
> 

I think patching GNU ar from binutils is playing with fire, and its pretty
hard to follow.

The biggest problem with portability of ar is long filenames, if we
restrict filenames to less then (i think) 15 characters then we should be
ok.


Glenn
Reply to: