| 1 |
On Saturday 19 November 2005 15:01, Robin H. Johnson wrote: |
| 2 |
> After my post to -core about how to move ahead with signing, I thought |
| 3 |
> the next best place to continue is in a discussion of how Portage |
| 4 |
> handles manifests and their signatures. |
| 5 |
> |
| 6 |
> First, the blatantly obvious, for the benefit of same developers, even |
| 7 |
> though it's not relevant to signing. It is still a weak-point and does |
| 8 |
> need to be addressed. Multiple-hashes! |
| 9 |
|
| 10 |
Yep, portages that don't break on multiple hashes being specified have been |
| 11 |
around long enough for this to now be feasible. |
| 12 |
|
| 13 |
<snip> |
| 14 |
|
| 15 |
> So now the new Manifest structure looks roughly like this (abbreviated): |
| 16 |
> -- PGP |
| 17 |
> MD5 ... |
| 18 |
> MD5 ... |
| 19 |
> -- SIG |
| 20 |
> -- SIG |
| 21 |
> -- PGP |
| 22 |
> MD5 ... |
| 23 |
> -- SIG |
| 24 |
> -- SIG |
| 25 |
> etc. |
| 26 |
> |
| 27 |
> This has one important implication for backwards compatibility in |
| 28 |
> checking of Manifests. |
| 29 |
> In the case that a filename appears more than once in the file, only |
| 30 |
> the last instance of it should be used, as that is the one that relates |
| 31 |
> to the current version of the file. It's 4 lines of code in the current |
| 32 |
> portage that need to be removed for this to work (see my -core post for |
| 33 |
> where exactly). |
| 34 |
|
| 35 |
Hence, if we fix it in the next version we still have to wait six months |
| 36 |
to a year for most everybody to be using it so we don't break lots and |
| 37 |
lots of systems... |
| 38 |
|
| 39 |
Wouldn't it be easier to just disallow unsigned commits on the server side? |
| 40 |
|
| 41 |
-- |
| 42 |
Jason Stubbs |
| 43 |
-- |
| 44 |
gentoo-portage-dev@g.o mailing list |
Archives