On Fri, 1 Apr 2011 15:10:36 -0500, Dan McGee wrote:
On Fri, Apr 1, 2011 at 2:58 PM, Pierre Schmitz <pierre@archlinux.de> wrote:
On Fri, 1 Apr 2011 21:54:30 +0200, Rémy Oudompheng wrote:
In my current understanding: * package pool holds packages and their signature files, and serves as the basis for generating databases * repo directories ($repo/os/$arch) contain symlinks to packages, databases which are generated by repo-add, and the signature file for the database.
The package's signatures are kept within the db file. The only separate .sig file that will be visible in the repos is the one for the db file itself.
No, that is not the intention. We put them in the database as well so you do not have to download each and every .sig file individually, but they have always been intended to be freely available and sitting there as well. It would be quite silly to hide these files away if we have them.
For that matter, repo-add doesn't add them *unless* they are sitting next to the package.
Thanks for clarifying. Back to the patch: I'll need to have more check for the .sig files and at least a simple test case will be needed. -- Pierre Schmitz, https://users.archlinux.de/~pierre