Gentoo Archives: gentoo-portage-dev

From: "Michał Górny" <mgorny@g.o>
To: gentoo-portage-dev@l.g.o
Subject: Re: [RFC] gpkg format proposal v2 (was: Re: [gentoo-portage-dev] [RFC] Improving Gentoo package format)
Date: Tue, 13 Nov 2018 19:11:50
Message-Id: 1542136302.960.5.camel@gentoo.org
In Reply to: Re: [RFC] gpkg format proposal v2 (was: Re: [gentoo-portage-dev] [RFC] Improving Gentoo package format) by Zac Medico
1 On Tue, 2018-11-13 at 10:50 -0800, Zac Medico wrote:
2 > On 11/11/18 12:53 PM, Michał Górny wrote:
3 > > Hi,
4 > >
5 > > Ok, here's the second version integrating the feedback received.
6 > > The format is much simpler, based on nested tarballs inspired by Debian.
7 > >
8 > > The outer tarball is uncompressed and uses '.gpkg.tar' suffix. It
9 > > contains (preferably in order but PM should also handle packages with
10 > > mismatched order):
11 > >
12 > > 1. Optional (but recommended) "gpkg: ${PF}" package label that can be
13 > > used to quickly distinguish Gentoo binpkgs from regular tarballs
14 > > (for file(1)).
15 > >
16 > > 2. "metadata.tar${comp}" tarball containing binary package metadata
17 > > as files.
18 > >
19 > > 3. Optional "metadata.tar${comp}.sig" containing detached signature
20 > > for the metadata archive.
21 > >
22 > > 4. "contents.tar${comp}" tarball containing files to be installed.
23 > >
24 > > 5. Optional "contents.tar${comp}.sig" containing detached signature for
25 > > the contents archive.
26 >
27 > We need to establish the procedure for signature verification of the
28 > files in "contents.tar${comp}" at any point in the future *after* they
29 > have been installed. In order to identify corruption of a particular
30 > installed file, we'll need separate digests for each of the installed
31 > files, and a signature covering the separate digests.
32
33 I should note that package contents are strongly mutable in Gentoo --
34 preinst/postinst, instprep, custom hooks...
35
36 --
37 Best regards,
38 Michał Górny

Attachments

File name MIME type
signature.asc application/pgp-signature

Replies