1 |
Hi Ulrich, |
2 |
|
3 |
Sorry, I don't know why the response I sent on September 13 didn't get |
4 |
forward by mailing list. So I write here again. |
5 |
|
6 |
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ |
7 |
|
8 |
On Thursday, September 23rd, 2021 at 06:30, Ulrich Mueller <ulm@g.o> wrote: |
9 |
|
10 |
> Since you haven't addressed my comments from the first round of review, |
11 |
> I repeat them here: |
12 |
> |
13 |
> | Given that the outer archive is uncompressed tar, every file will be |
14 |
> | zero-padded to a full block which adds some amount of bloat. So, could |
15 |
> | the signature be inlined in the Manifest file? That's also what GLEP 74 |
16 |
> | specifies. |
17 |
|
18 |
Using inline signature makes sense but leads to another problem: we allowed |
19 |
user-defined GPG commands, which gives us no control over exactly what |
20 |
format is generated, and how to verify it. And I do not feel hard coded |
21 |
"--clear-sign" and "--detach-sign" to the commands are good practices. |
22 |
|
23 |
Also this is a very limited space saver, probably only max 1kb per package. |
24 |
|
25 |
This specification only using the Manifest DATA tag format in GLEP 74: |
26 |
DATA <path> <size> <checksums>... |
27 |
and their definition. So the inlined signature is not applied here. |
28 |
|
29 |
|
30 |
> | |
31 |
> | Also, IIRC one of the goals of the format was to allow partial download |
32 |
> | of metadata. That will only work if the Manifest file will be the first |
33 |
> | file in the archive (or at least appear before the image archive). |
34 |
|
35 |
The metadata signature is strictly requested to be the next file after the |
36 |
metadata archive, so it can be used to verify metadata without need Manifest. |
37 |
Although the specification said that non-standard order should be supported, |
38 |
but this does not apply to remote fetches. |
39 |
|
40 |
The biggest problem with moving the Manifest to the head is how to write it. |
41 |
Since this file can only be created after all other operations have been |
42 |
completed. |
43 |
|
44 |
To do this, we either have to store other files in the temporary area and |
45 |
copy them into binary package when the Manifest is created, and double the |
46 |
free space requirement. (especially for those who use tmpfs to get faster IO). |
47 |
Or reserve space in the binary package container and overwriting it later. |
48 |
But since both Manifest and signature size are variable, how much space to |
49 |
reserve becomes an issue. Too small, the package manager needs to copy the |
50 |
whole package, too big will require adding a padding file. |
51 |
|
52 |
|
53 |
Thanks, |
54 |
Sheng Yu |