1 |
On Mon, Jun 27, 2022 at 2:35 PM Kenton Groombridge <concord@g.o> wrote: |
2 |
> > so looks like we need to combine both methods and do the following: |
3 |
> > - if signing requested without compression - sign in pkg_preinst. |
4 |
> > - if signing requested with compression - sign in src_install |
5 |
> > |
6 |
> |
7 |
> Why can't we do both in pkg_preinst? I am thinking it would be best if |
8 |
> we drop the current compression implementation and rework your old code |
9 |
> to handle both compression and signing since the signing code is more or |
10 |
> less already complete. |
11 |
|
12 |
Signing modules in pkg_preinst seems like a bad idea to me. That means |
13 |
you need to copy your private keys around to every host where the |
14 |
package might be installed. |
15 |
|
16 |
If you sign in src_compile or src_install, you only need private keys |
17 |
on the system building your binpkg. |