g-b-s patch: detached signature if package

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

g-b-s patch: detached signature if package

Lapo Luchini-2
If signatures are wanted, it seems sensible to me to also create ones
for source and binary package, not only inside the source package
itself: more useful for the security-savvy end-user, while the latter
are more useful for the advanced user that want to re-compile the
package itself.

These are, of course, NOT checked by "checksig" as the .sh file is not
even in the same context of the packages (but rather inside one of them).

    Lapo

diff -b -u -r1.45 generic-build-script
--- templates/generic-build-script      22 Jan 2006 04:35:42 -0000      1.45
+++ templates/generic-build-script      28 Jan 2006 15:21:57 -0000
@@ -323,7 +323,8 @@
 }
 pkg() {
   (cd ${instdir} && \
-  tar cvjf ${bin_pkg} * )
+  tar cvjf ${bin_pkg} * && \
+  name=${bin_pkg} text="BINARY PACKAGE" sigfile )
 }
 mkpatch() {
   (cd ${srcdir} && \
@@ -362,7 +363,8 @@
     rm -f \
       ${configurelogname} ${makelogname} ${checklogname}
${installlogname} ; \
   fi && \
-  tar cvjf ${src_pkg} * )
+  tar cvjf ${src_pkg} * && \
+  name=${src_pkg} text="SOURCE PACKAGE" sigfile )
 }
 finish() {
   rm -rf ${srcdir}

Reply | Threaded
Open this post in threaded view
|

Re: g-b-s patch: detached signature if package

Igor Peshansky
On Sat, 28 Jan 2006, Lapo Luchini wrote:

> If signatures are wanted, it seems sensible to me to also create ones
> for source and binary package, not only inside the source package
> itself: more useful for the security-savvy end-user, while the latter
> are more useful for the advanced user that want to re-compile the
> package itself.

First off, you're missing a ChangeLog.

I have a comment on the patch itself -- I know that sigfile() checks that
"$SIG eq 1" internally, but it would still be nice to wrap the calls to it
in another check.  This is so I can later add a flag for signing without
having to set environment variables.

Also, I'm in the process of testing a new logging setup in the g-b-s.  I
won't be able to apply your patch until that code stabilizes and is
checked in.
        Igor
--
                                http://cs.nyu.edu/~pechtcha/
      |\      _,,,---,,_    [hidden email] | [hidden email]
ZZZzz /,`.-'`'    -.  ;-;;,_ Igor Peshansky, Ph.D. (name changed!)
     |,4-  ) )-,_. ,\ (  `'-' old name: Igor Pechtchanski
    '---''(_/--'  `-'\_) fL a.k.a JaguaR-R-R-r-r-r-.-.-.  Meow!

"Las! je suis sot... -Mais non, tu ne l'es pas, puisque tu t'en rends compte."
"But no -- you are no fool; you call yourself a fool, there's proof enough in
that!" -- Rostand, "Cyrano de Bergerac"
Reply | Threaded
Open this post in threaded view
|

Re: g-b-s patch: detached signature if package

Igor Peshansky
On Sat, 28 Jan 2006, Igor Peshansky wrote:

> On Sat, 28 Jan 2006, Lapo Luchini wrote:
>
> > If signatures are wanted, it seems sensible to me to also create ones
> > for source and binary package, not only inside the source package
> > itself: more useful for the security-savvy end-user, while the latter
> > are more useful for the advanced user that want to re-compile the
> > package itself.
>
> First off, you're missing a ChangeLog.
>
> I have a comment on the patch itself -- I know that sigfile() checks that
> "$SIG eq 1" internally, but it would still be nice to wrap the calls to it
> in another check.  This is so I can later add a flag for signing without
> having to set environment variables.
>
> Also, I'm in the process of testing a new logging setup in the g-b-s.  I
> won't be able to apply your patch until that code stabilizes and is
> checked in.
> Igor

Oh, and thanks for the patch, of course!
        Igor
--
                                http://cs.nyu.edu/~pechtcha/
      |\      _,,,---,,_    [hidden email] | [hidden email]
ZZZzz /,`.-'`'    -.  ;-;;,_ Igor Peshansky, Ph.D. (name changed!)
     |,4-  ) )-,_. ,\ (  `'-' old name: Igor Pechtchanski
    '---''(_/--'  `-'\_) fL a.k.a JaguaR-R-R-r-r-r-.-.-.  Meow!

"Las! je suis sot... -Mais non, tu ne l'es pas, puisque tu t'en rends compte."
"But no -- you are no fool; you call yourself a fool, there's proof enough in
that!" -- Rostand, "Cyrano de Bergerac"
Reply | Threaded
Open this post in threaded view
|

Re: g-b-s patch: detached signature if package

Lapo Luchini-2
In reply to this post by Igor Peshansky
Igor Peshansky wrote:
> Also, I'm in the process of testing a new logging setup in the g-b-s.  I
> won't be able to apply your patch until that code stabilizes and is
> checked in.
>  
OK, warn me when it stabilizes and I re-submit (both) and with ChangeLog. =)

   Lapo