Subject: Re: Verifying signatures for downloaded files [PATCH]
To: Todd Willey <>
From: Hubert Feyrer <>
List: tech-pkg
Date: 02/12/2005 19:44:42
On Sat, 12 Feb 2005, Todd Willey wrote:
> I'm looking for feedback / testing.  I've been using this patch for a
> few days now with no problems, verifying the binary packages I host on

  * Please adjust your coding style to the rest of the code,
    /usr/share/misc/style will give you enough examples
  * Some comments on what's going on may be nice
  * To keep your patch small & readable don't change whitespace
    unnecessarily (start of add/verify.c)
  * Why not use /usr/pkgsrc/packages/All or similar as cache dir?
    Or /usr/pkgsrc/packages/`uname -r`/`uname -p`, to match
    pkgsrc/doc/netbsd.txt Appendix C.
  * in add/perform.c, you do the verifying for pkgs loaded from URLs,
    but not from localfiles (the /* local */ case). I think it should
    be done for pkgs e.g. on CD or so too.
  * I'm not sure interactively asking on bad checksum is wise.
    Think of someone doing a bulk install of many pkgs.
    I'd rather say fail, and make it overridable with -f (force) as
    most errors are handed in pkg_* (Just because the code already there
    does so is a bad excuse :)
  * Please write commands like
 	  if ((pidftp = fork()) == -1) {
    as two commands for better readability.
  * I wonder why you call _exit(2) over exit(3)?

Looks ok otherwise, but I haven't tested it.

  - Hubert

NetBSD - Free AND Open!      (And of course secure, portable, yadda yadda)