1 |
On Mon, 2022-06-27 at 16:02 -0400, Kenton Groombridge wrote: |
2 |
> > > Why can't we do both in pkg_preinst? I am thinking it would be |
3 |
> > > best |
4 |
> > > if |
5 |
> > > we drop the current compression implementation and rework your |
6 |
> > > old |
7 |
> > > code |
8 |
> > > to handle both compression and signing since the signing code is |
9 |
> > > more |
10 |
> > > or |
11 |
> > > less already complete. |
12 |
> > |
13 |
> > i'm not sure if sign-file can sign compressed modules. |
14 |
> |
15 |
> sign-file will not error when signing a compressed module, but the |
16 |
> kernel will not be able to load it. |
17 |
|
18 |
so we pretty much HAVE to strip->sign->compress, strictly in this |
19 |
order. nothing else will work. |
20 |
|
21 |
> |
22 |
> > if we let kernel build handle compression - we have to sign prior |
23 |
> > to |
24 |
> > compression. |
25 |
> > if we compress modules ourselves then yes, we could sign first |
26 |
> > indeed. |
27 |
> > |
28 |
> > but preinst has it's own issues, you've already seen floppym's |
29 |
> > remark. |
30 |
> > |