tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Reasons for having SHA512?



> On 06.09.2011 10:25, Aleksey Cheusov wrote:
> > On Tue, Jun 14, 2011 at 12:16 AM, Jean-Yves Migeon
> > <jeanyves.migeon%free.fr@localhost> wrote:
> >> On 12.06.2011 22:16, Aleksey Cheusov wrote:
> >>> While cksums from SHA512 is definitely useful I'm thinking about is
> >>> SHA512.gz file itself is really necessary. We can store cksums inside
> >>> pkg_summary(5), for example, like the following.
> >>>
> >>>    PKGNAME=abcde-2.3.99.7
> >>>    COMMENT=Command-line utility to rip and encode an audio CD
> >>>    SIZE_PKG=175220
> >>>    CKSUM=<cksum_type> <cksum>
> >>>    ...
> >>>
> >>> where <cksum_type> is sha512, rmd160, md5 or anything else supported
> by digest(1).
> >>>
> >>> My idea is to provide _single_ file (signed!) containing everything
> >>> needed for package management.
> >>>
> >>> Ideas?
> >>
> >> Seems like a good idea to me;
> > 
> > I'd like to commit the ttached patch. Objections?
> 
> One question: will it support multivalue, like:
> 
> CKSUM=SHA1 2d7bb5572221afa7d7fb30c8d19d3f693bfeee14
> CKSUM=MD5 d9f7497c382d9ee2709f9d1b560aecaf
> ...

Yes. I'll add "Multiple CKSUM lines are allowed." to man page.
But cksum type is in lowercase just like in digest.

FYI: pkg_bin_summary -k'md5 rmd160' *.tgz > pkg_summary.txt

> I don't object this, but keep in mind that my reasoning still applies:
> signing only one file for package management does not make it easy when
> you move .tar.gz packages around.

I remember your point and I had no plan to discuss package signing.
I need checksums for making package download predictable
(in nih) and more efficient.

-- 
NEU: FreePhone - 0ct/min Handyspartarif mit Geld-zurück-Garantie!               
Jetzt informieren: http://www.gmx.net/de/go/freephone


Home | Main Index | Thread Index | Old Index