[pacman-dev] #10530: checksum verification does not work on BSD

[Dan McGee]

On Mon, Jun 2, 2008 at 6:12 AM, Sebastian Nowicki <sebnow at gmail.com> wrote:
>
> On 02/06/2008, at 6:58 PM, Xavier wrote:
>
>> On Mon, Jun 2, 2008 at 12:32 PM, Antonio Huete Jimeenz
>> <ahuete.devel at gmail.com> wrote:
>>> For the checksum verification it might be ok to use openssl since
>>> it's in
>>> base for almost all BSD system. But what about linux? You'll have
>>> to install
>>> it before using makepkg, and this means a dependency.
>>>
>>> In the case of CHOST usage, I haven't explained it fine. It's not
>>> related to
>>> this checksum issue. I'll try to explain it better in another
>>> thread :)
>>>
>>
>> openssl is in the base group of archlinux, so it is supposed to be
>> installed on every system.
>> But when you look at the number and the importance of the packages
>> requiring it, it is fully justified :
>> http://archlinux.org/packages/122/
>> I can even hardly imagine a linux distro without it. Or am I mistaken?
>
> It is an issue, but openssl is only 7mb, which should be an issue on
> almost all systems, and on embedded systems where disk space may be
> scarce, Archlinux probably wouldn't run anyway (afaik there's a
> project for that purpose). As Xavier mentioned it's in core, so with a
> typical install (installing everything in base), it should be
> installed on the system.

2 points:
1. openssl as we've no found out does not have a loss in
functionality, it can do all of the algorithms we need.
2. It doesn't even need to be installed on every system, just every
system used *to build packages*. However, I would highly doubt you can
find a system in the wild that doesn't have openssl installed.

Since we have no loss in portability or functionality with openssl, I
say lets go for it. Be sure to adjust the comments at the top of
makepkg where it lists programs needed to run so we can keep that up
to date.

-Dan