| 1 |
On 11/13/18 10:50 AM, Zac Medico wrote: |
| 2 |
> On 11/11/18 12:53 PM, Michał Górny wrote: |
| 3 |
>> Hi, |
| 4 |
>> |
| 5 |
>> Ok, here's the second version integrating the feedback received. |
| 6 |
>> The format is much simpler, based on nested tarballs inspired by Debian. |
| 7 |
>> |
| 8 |
>> The outer tarball is uncompressed and uses '.gpkg.tar' suffix. It |
| 9 |
>> contains (preferably in order but PM should also handle packages with |
| 10 |
>> mismatched order): |
| 11 |
>> |
| 12 |
>> 1. Optional (but recommended) "gpkg: ${PF}" package label that can be |
| 13 |
>> used to quickly distinguish Gentoo binpkgs from regular tarballs |
| 14 |
>> (for file(1)). |
| 15 |
>> |
| 16 |
>> 2. "metadata.tar${comp}" tarball containing binary package metadata |
| 17 |
>> as files. |
| 18 |
>> |
| 19 |
>> 3. Optional "metadata.tar${comp}.sig" containing detached signature |
| 20 |
>> for the metadata archive. |
| 21 |
>> |
| 22 |
>> 4. "contents.tar${comp}" tarball containing files to be installed. |
| 23 |
>> |
| 24 |
>> 5. Optional "contents.tar${comp}.sig" containing detached signature for |
| 25 |
>> the contents archive. |
| 26 |
> |
| 27 |
> We need to establish the procedure for signature verification of the |
| 28 |
> files in "contents.tar${comp}" at any point in the future *after* they |
| 29 |
> have been installed. In order to identify corruption of a particular |
| 30 |
> installed file, we'll need separate digests for each of the installed |
| 31 |
> files, and a signature covering the separate digests. |
| 32 |
|
| 33 |
We need separate digests for the files in "metadata.tar${comp}" too, for |
| 34 |
the same reason. Note the environment.bz2 is mutable because it is |
| 35 |
deserialized/reserialized for each pkg_* phase. If the installation |
| 36 |
process has access to a trusted signing key, it can sign environment.bz2 |
| 37 |
after each mutation. |
| 38 |
-- |
| 39 |
Thanks, |
| 40 |
Zac |
Archives