tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Reasons for having SHA512?



Several years ago Joerg introduced SHA512 file in pbulk.  It contains
cksums for all binary packages in repository and cksum for
pkg_summary(5) file and uploaded to ftp:// together with
pkg_summary(5). In pkgtools/nih, my pkgsrc package manager, I use these
cksums for checking downloaded binaries against SHA512.txt to make sure
that downloaded packages are exactly the same as they are in the
repository.

While cksums from SHA512 is definitely useful I'm thinking about is
SHA512.gz file itself is really necessary. We can store cksums inside
pkg_summary(5), for example, like the following.

   PKGNAME=abcde-2.3.99.7
   COMMENT=Command-line utility to rip and encode an audio CD
   SIZE_PKG=175220
   CKSUM=<cksum_type> <cksum>
   ...

where <cksum_type> is sha512, rmd160, md5 or anything else supported by 
digest(1).

My idea is to provide _single_ file (signed!) containing everything
needed for package management.

Ideas?

-- 
Best regards, Aleksey Cheusov.


Home | Main Index | Thread Index | Old Index