Opened 3 months ago

Last modified 3 months ago

#19002 new enhancement

package_repo command should generate repo.sha256

Reported by: kallisti5 Owned by: nobody
Priority: low Milestone: Unscheduled
Component: Kits/Package Kit Version: R1/beta5
Keywords: Cc:
Blocked By: Blocking:
Platform: All

Description

The package_repo command currently accepts a repo.info as input as well as a series of packages to create the repo file.

However, external tooling is expected to generate the repo.sha256 file.

As Haiku's package manager reads in the repo.sha256 file to determine if an updated repo is available (differing from the locally cached one), we should probably have package_repo generate the repo.sha256 file as well.

The reasoning is as repo.sha256 is part of Haiku's core package management logic, the tooling should manage the fundamentals.

example usage of package_repo:

$ ls
packages
repo.info
package_repo create repo.info packages/*.hpkg
$ ls
packages
repo.info
repo
$ sha256sum repo | sed 's/\s*repo//g' > repo.sha256

Change History (2)

comment:1 by kallisti5, 3 months ago

We also do the repo.minisig for the signature validation... however I think there is a strong case to draw the line in functionality at the creation of the repo.sha256 file.

Minisign is "extra" beyond the basic fundamental repo creation and even in the future would be an optional check (while repo.sha256 is required for base functionality)

Note: See TracTickets for help on using tickets.