Re: Reasons for having SHA512?

To: tech-pkg%netbsd.org@localhost
Subject: Re: Reasons for having SHA512?
From: Aleksey Cheusov <cheusov%tut.by@localhost>
Date: Tue, 6 Sep 2011 16:09:25 +0300

On Tue, Sep 6, 2011 at 3:29 PM, Joerg Sonnenberger
<joerg%britannica.bec.de@localhost> wrote:
> On Tue, Sep 06, 2011 at 11:25:31AM +0300, Aleksey Cheusov wrote:
>> I'd like to commit the ttached patch. Objections?
>
> I don't exactly see the point and this adds a highly
> volatile item that
> is pretty much irrelevant most of the time.

After building an update plan
"nih install" does the following:
1) Checks if binaries to be installed/updated are
   present in $CACHEDIR directory
2) For present binaries it checks their checksums and compare
   them with SHA512.txt downloaded from ftp:// together
   with pkg_summary(5) by "nih refresh" in order to (re)download
   broken binaries (e.g. partially downloaded).
3) If checksums for all packages from update plan
   match SHA512, nih starts an installation.

This is why I need checks.

As I said earlier SHA512 file is useless. pkg_summary(5)
has good enough format for keeping checksums for packages.
If we add CKSUM to pkg_summary(5),
all required information about all packages in
the repository can be stored in *single* file.
This is the goal.

References:
- Reasons for having SHA512?
  - From: Aleksey Cheusov
- Re: Reasons for having SHA512?
  - From: Jean-Yves Migeon
- Re: Reasons for having SHA512?
  - From: Aleksey Cheusov
- Re: Reasons for having SHA512?
  - From: Joerg Sonnenberger

Prev by Date: Re: Reasons for having SHA512?
Next by Date: daily pkgsrc CVS update output
Previous by Thread: Re: Reasons for having SHA512?
Next by Thread: daily pkgsrc CVS update output
Indexes:

Home | Main Index | Thread Index | Old Index