On 26/6/22 00:59, Morten Linderud wrote:
On Sun, Jun 26, 2022 at 12:55:22AM +1000, Allan McRae wrote:
On 29/5/22 00:18, Morten Linderud wrote:
From: Morten Linderud <morten@linderud.pw>
This patch implements a new verify function in makepkg. It allows us to do arbitrary authentication on sources before extraction.
There are several new signing and validation methods being implemented and it would be hard to have `makepkg` implement support for things such as sequoia, cosign or minisign. This would allow us to distribute generic validation functions.
This also implements a new `copy_` routine for our protocols as we need to have a separation between extracting sources and copying sources.
I have looked at this patch and I have no idea what the copy_... is supposed to do here at all. Why would anything need copied into $srcdir before verification? This does not appear necessary for and of sequoia, cosign or minisign.
Allan
Currently makepkg does copying and extraction as one routine. Nothing is currently available in `$srcdir` and there is no way to have files available in `$srcdir` without actually extracting them as well.
How could sequioa/cosign/minisign verify files if there is no files in `$srcdir`?
All other verification happens in $startdir. I don't see why a verify() function needs $srcdir. Allan