On Thu, 13 May 2004, Alistair Crooks wrote:
> One of the drivers for this is that I would like 2.0 to ship with some
> digital signatures attached.  Another is that we have had digital
> signature enablement in pkg_add(1) for two and a half years, via a
> callout to pgp or gpg, and it would be nice to bring that into a
> library that pkg_install and other tools can use.

If you re-work the signature callouts in pkg_add, it would be nice if
it could get MD5 or SHA1 checksums from a file formatted like the "MD5"
files that get produced as part of a release.  I produce similar MD5
files for syspkgs, formatted like this:

MD5 (base-adosfs-root-1.6ZK.0.20030503.tgz) = fa01ee9279e07ee7059f500fc9e3c701
MD5 (base-amd-bin-1.6ZK.0.20030921.tgz) = 5bc050fa3252e1caf945a139543d4c36
MD5 (base-amd-examples-1.6ZK.0.20040216.tgz) = 01d33abbca74b2c45ea331e799fc6478
MD5 (base-amd-shlib-1.6ZK.0.20040217.tgz) = f54c145ff2e28ca894e0ab125a9fde00

but I haven't done the work required to make pkg_add verify the
checksums.

--apb (Alan Barrett)