|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
jar format reference (Re: adding gpg to src/gnu/dist)
From: Daniel Carosone (dan
geek.com.au)
Date: Tue May 18 2004 - 20:11:26 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Tue, May 18, 2004 at 12:00:41PM +1000, Daniel Carosone wrote:
> [.jar format]
>
> We could adopt that directly, or use the same kind of techniques in a
> tar container - either way, the mechanism used in that format to
> present file signatures is quite elegant and convenient for working
> with unixy scripty type tools. Certainly informative and worth a look.
For reference, a useful plain-english overview of the technique:
http://java.sun.com/docs/books/tutorial/jar/sign/intro.html
The essential point is that the signature is data within the archive,
rather than an encapsulation over it. There's a file that's similar
to our MD5SUMS file in the metadata directory, and a signature file
over that. Those can be added, and the file re-zipped, and the
contents will still validate.
If we established filename conventions that allowed multiple signature
files to be added to the archive independantly, we'd have something
very useful indeed. This is what I'd need, as a local administrator,
to "bless" specific 3rd-party packages for automated local
installation/distribution.
--
Dan.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (NetBSD)
iD8DBQFAqrQ+EAVxvV4N66cRAnZfAKD0+BQCBUDtULS7bc6zPsUeHJVrTQCfU84d
MDtHPRVH7IS8/WwM7D+jMds=
=9YKy
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]