| 1 |
This entire issue changes direction based on how hard and from |
| 2 |
where the pushes come. There are 3 general directions, as I see |
| 3 |
it. |
| 4 |
|
| 5 |
1. Unify Manifest & digests. |
| 6 |
2. Create a new digest file. |
| 7 |
3. Break backwards compatibility. |
| 8 |
|
| 9 |
I'd prefer 3. I'm pretty sure it's the first time I've |
| 10 |
ever suggested that or had it happen since I started |
| 11 |
maintaining portage. :-/ |
| 12 |
|
| 13 |
> SRC_URI portage-2.0.51_rc7.tar.bz2 274572 MD5 1234 SHA1 abcd RMD160 9876 |
| 14 |
> EBUILD portage-2.0.51_rc7.ebuild 11806 MD5 xyz SHA1 fifteen |
| 15 |
> |
| 16 |
> (using fake checksums for readability). |
| 17 |
|
| 18 |
My suggestion involves a break in compatibility after a expedited |
| 19 |
transition period. Kind of a bummer really. |
| 20 |
|
| 21 |
A primary issue with unified digest/Manifest is that you force |
| 22 |
Maintainers to verify tarballs and be liable for them. With the |
| 23 |
seperated digest/Manifest we can begin signing both the Manifest |
| 24 |
and the digests allowing the introducer of the package to be |
| 25 |
liable for the tarballs and leave the Manifest, Ebuilds, and |
| 26 |
supporting files to be verified by the {arch,package} Maintainer. |
| 27 |
|
| 28 |
With signatures moving along slowly, we have the capability |
| 29 |
to revoke a signature and all potentially infected packages. |
| 30 |
If Arch maintainers are constantly removing/changing the |
| 31 |
signatures on a digest, you will have no obvious knowledge |
| 32 |
of which files they have touched a particular file. |
| 33 |
|
| 34 |
> Maybe the system can also be extended to incorporate |
| 35 |
> GLEP 25 without adding a ton of new files, I'd need some |
| 36 |
> input from Brian on that issue. |
| 37 |
|
| 38 |
I'd rather this be an external sync tool than have portage |
| 39 |
need to deal with it. Supporting it via an uncompressed MD5 |
| 40 |
is easily done though. We're breaking compat with my suggestion |
| 41 |
anyway. |
| 42 |
|
| 43 |
> And finally a summarizing list of reasons for the format: |
| 44 |
> - keep all checksums of a package in one place |
| 45 |
> - removes one level of indirection for signing |
| 46 |
|
| 47 |
These are good and bad depending on how you look at it. |
| 48 |
|
| 49 |
> - digest generation currently recreates the Manifest anyway |
| 50 |
> - removing files from the tree |
| 51 |
|
| 52 |
You lose direct info on who originally verified the tarballs. |
| 53 |
|
| 54 |
> - allows for easy addition of new digest algorithms |
| 55 |
> - any syntax modification to the current digest files brings |
| 56 |
> compability problems with all currently existing portage |
| 57 |
> versions while Manifest changes do not |
| 58 |
|
| 59 |
Sadly, I missed fixing digests when I did the Manifest code. |
| 60 |
|
| 61 |
The fix is simply a matter of time. But for all realistic, |
| 62 |
time-constrained, viewpoints, it is accurate. It's a one-time |
| 63 |
adjustment of the digest format. |
| 64 |
|
| 65 |
SHA1 and many others can be added to the digests after 2.0.51 |
| 66 |
comes out. It supports digests of varying forms but there |
| 67 |
should be a reasonable delay before implementation as the |
| 68 |
impact on the slow-to-update user will be manual. A script |
| 69 |
could be provided, I imagine. The rescue documentation still |
| 70 |
applies. |
| 71 |
|
| 72 |
> - potential to discover file collisions easier (currently |
| 73 |
> you can have the same file in two digests with different |
| 74 |
> checksums, not a real problem yet though) |
| 75 |
|
| 76 |
Tools exist for detecting this. md5_check in bin/. |
| 77 |
They should probably be integrated into repoman. |
| 78 |
|
| 79 |
|
| 80 |
So... |
| 81 |
The overall scheme: |
| 82 |
|
| 83 |
1. Transition quickly into 2.0.51. |
| 84 |
2. Announce the strong-recommendation/need to update. |
| 85 |
3. Post new rescue tarballs. |
| 86 |
4. Wait 2-4 weeks. |
| 87 |
5. Announce again... ? |
| 88 |
6. Enable portage's SHA1 creation. |
| 89 |
7. Break compat in the tree. |
| 90 |
8. Hopefully never do that again. |
| 91 |
|
| 92 |
--NJ |
Archives