1 |
On 11/13/18 11:11 AM, Michał Górny wrote: |
2 |
> On Tue, 2018-11-13 at 10:50 -0800, Zac Medico wrote: |
3 |
>> On 11/11/18 12:53 PM, Michał Górny wrote: |
4 |
>>> Hi, |
5 |
>>> |
6 |
>>> Ok, here's the second version integrating the feedback received. |
7 |
>>> The format is much simpler, based on nested tarballs inspired by Debian. |
8 |
>>> |
9 |
>>> The outer tarball is uncompressed and uses '.gpkg.tar' suffix. It |
10 |
>>> contains (preferably in order but PM should also handle packages with |
11 |
>>> mismatched order): |
12 |
>>> |
13 |
>>> 1. Optional (but recommended) "gpkg: ${PF}" package label that can be |
14 |
>>> used to quickly distinguish Gentoo binpkgs from regular tarballs |
15 |
>>> (for file(1)). |
16 |
>>> |
17 |
>>> 2. "metadata.tar${comp}" tarball containing binary package metadata |
18 |
>>> as files. |
19 |
>>> |
20 |
>>> 3. Optional "metadata.tar${comp}.sig" containing detached signature |
21 |
>>> for the metadata archive. |
22 |
>>> |
23 |
>>> 4. "contents.tar${comp}" tarball containing files to be installed. |
24 |
>>> |
25 |
>>> 5. Optional "contents.tar${comp}.sig" containing detached signature for |
26 |
>>> the contents archive. |
27 |
>> |
28 |
>> We need to establish the procedure for signature verification of the |
29 |
>> files in "contents.tar${comp}" at any point in the future *after* they |
30 |
>> have been installed. In order to identify corruption of a particular |
31 |
>> installed file, we'll need separate digests for each of the installed |
32 |
>> files, and a signature covering the separate digests. |
33 |
> |
34 |
> I should note that package contents are strongly mutable in Gentoo -- |
35 |
> preinst/postinst, instprep, custom hooks... |
36 |
|
37 |
It should be limited to a small subset of files. Maybe at some point we |
38 |
can introduce a helper that installation processes can use to sign |
39 |
modified files. |
40 |
-- |
41 |
Thanks, |
42 |
Zac |