| 1 |
Hi Ulrich, |
| 2 |
|
| 3 |
Sorry, I don't know why the response I sent on September 13 didn't get |
| 4 |
forward by mailing list. So I write here again. |
| 5 |
|
| 6 |
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ |
| 7 |
|
| 8 |
On Thursday, September 23rd, 2021 at 06:30, Ulrich Mueller <ulm@g.o> wrote: |
| 9 |
|
| 10 |
> Since you haven't addressed my comments from the first round of review, |
| 11 |
> I repeat them here: |
| 12 |
> |
| 13 |
> | Given that the outer archive is uncompressed tar, every file will be |
| 14 |
> | zero-padded to a full block which adds some amount of bloat. So, could |
| 15 |
> | the signature be inlined in the Manifest file? That's also what GLEP 74 |
| 16 |
> | specifies. |
| 17 |
|
| 18 |
Using inline signature makes sense but leads to another problem: we allowed |
| 19 |
user-defined GPG commands, which gives us no control over exactly what |
| 20 |
format is generated, and how to verify it. And I do not feel hard coded |
| 21 |
"--clear-sign" and "--detach-sign" to the commands are good practices. |
| 22 |
|
| 23 |
Also this is a very limited space saver, probably only max 1kb per package. |
| 24 |
|
| 25 |
This specification only using the Manifest DATA tag format in GLEP 74: |
| 26 |
DATA <path> <size> <checksums>... |
| 27 |
and their definition. So the inlined signature is not applied here. |
| 28 |
|
| 29 |
|
| 30 |
> | |
| 31 |
> | Also, IIRC one of the goals of the format was to allow partial download |
| 32 |
> | of metadata. That will only work if the Manifest file will be the first |
| 33 |
> | file in the archive (or at least appear before the image archive). |
| 34 |
|
| 35 |
The metadata signature is strictly requested to be the next file after the |
| 36 |
metadata archive, so it can be used to verify metadata without need Manifest. |
| 37 |
Although the specification said that non-standard order should be supported, |
| 38 |
but this does not apply to remote fetches. |
| 39 |
|
| 40 |
The biggest problem with moving the Manifest to the head is how to write it. |
| 41 |
Since this file can only be created after all other operations have been |
| 42 |
completed. |
| 43 |
|
| 44 |
To do this, we either have to store other files in the temporary area and |
| 45 |
copy them into binary package when the Manifest is created, and double the |
| 46 |
free space requirement. (especially for those who use tmpfs to get faster IO). |
| 47 |
Or reserve space in the binary package container and overwriting it later. |
| 48 |
But since both Manifest and signature size are variable, how much space to |
| 49 |
reserve becomes an issue. Too small, the package manager needs to copy the |
| 50 |
whole package, too big will require adding a padding file. |
| 51 |
|
| 52 |
|
| 53 |
Thanks, |
| 54 |
Sheng Yu |
Archives