Subject: Re: [agc@netbsd.org: CVS commit: basesrc/usr.sbin/pkg_install/add]
To: Hubert Feyrer <hubert.feyrer@informatik.fh-regensburg.de>
From: Charles M. Hannum <abuse@spamalicious.com>
List: tech-pkg
Date: 10/03/2001 22:52:29
On Wed, 2001-10-03 at 22:14, Hubert Feyrer wrote:
> On Wed, 3 Oct 2001, Alistair Crooks wrote:
> > > gzip and pax should both deal fine with having the signature tacked on
> > > the end.
> 
> I wonder if it was possible to make the signature part of the +-files, and
> if present do the sigature checking?  Just like what we do for +MESSAGE
> files etc.

That would require some Magick, since the tar file itself would change,
and you have to be careful about exactly *what* you're checking the
signature of.  I suppose it might be amusing to always have it be the
first file -- i.e. be prefixed to the existing tar file -- and checksum
the decompressed image instead.