[PATCH] makepkg: Implement the verify function
Allan McRae
allan at archlinux.org
Sat Jun 25 23:51:27 UTC 2022
On 26/6/22 00:59, Morten Linderud wrote:
> On Sun, Jun 26, 2022 at 12:55:22AM +1000, Allan McRae wrote:
>> On 29/5/22 00:18, Morten Linderud wrote:
>>> From: Morten Linderud <morten at linderud.pw>
>>>
>>> This patch implements a new verify function in makepkg. It allows us to
>>> do arbitrary authentication on sources before extraction.
>>>
>>> There are several new signing and validation methods being implemented
>>> and it would be hard to have `makepkg` implement support for things such
>>> as sequoia, cosign or minisign. This would allow us to distribute
>>> generic validation functions.
>>>
>>> This also implements a new `copy_` routine for our protocols as we need
>>> to have a separation between extracting sources and copying sources.
>>
>> I have looked at this patch and I have no idea what the copy_... is supposed
>> to do here at all. Why would anything need copied into $srcdir before
>> verification? This does not appear necessary for and of sequoia, cosign or
>> minisign.
>>
>> Allan
>
> Currently makepkg does copying and extraction as one routine. Nothing is
> currently available in `$srcdir` and there is no way to have files available in
> `$srcdir` without actually extracting them as well.
>
> How could sequioa/cosign/minisign verify files if there is no files in `$srcdir`?
All other verification happens in $startdir. I don't see why a verify()
function needs $srcdir.
Allan
More information about the pacman-dev
mailing list