Subject: Re: Verifying signatures for downloaded files [PATCH]
To: Todd Willey <xtoddx@gmail.com>
From: Hubert Feyrer <hubert@feyrer.de>
List: tech-pkg
Date: 02/12/2005 19:44:42
On Sat, 12 Feb 2005, Todd Willey wrote:
> I'm looking for feedback / testing. I've been using this patch for a
> few days now with no problems, verifying the binary packages I host on
> GoBSD.com.
* Please adjust your coding style to the rest of the code,
/usr/share/misc/style will give you enough examples
* Some comments on what's going on may be nice
* To keep your patch small & readable don't change whitespace
unnecessarily (start of add/verify.c)
* Why not use /usr/pkgsrc/packages/All or similar as cache dir?
Or /usr/pkgsrc/packages/`uname -r`/`uname -p`, to match
pkgsrc/doc/netbsd.txt Appendix C.
* in add/perform.c, you do the verifying for pkgs loaded from URLs,
but not from localfiles (the /* local */ case). I think it should
be done for pkgs e.g. on CD or so too.
* I'm not sure interactively asking on bad checksum is wise.
Think of someone doing a bulk install of many pkgs.
I'd rather say fail, and make it overridable with -f (force) as
most errors are handed in pkg_* (Just because the code already there
does so is a bad excuse :)
* Please write commands like
if ((pidftp = fork()) == -1) {
as two commands for better readability.
* I wonder why you call _exit(2) over exit(3)?
Looks ok otherwise, but I haven't tested it.
- Hubert
--
NetBSD - Free AND Open! (And of course secure, portable, yadda yadda)