Opened 4 months ago
Last modified 4 months ago
#19002 new enhancement
package_repo command should generate repo.sha256
Reported by: | kallisti5 | Owned by: | nobody |
---|---|---|---|
Priority: | low | Milestone: | Unscheduled |
Component: | Kits/Package Kit | Version: | R1/beta5 |
Keywords: | Cc: | ||
Blocked By: | Blocking: | ||
Platform: | All |
Description
The package_repo command currently accepts a repo.info as input as well as a series of packages to create the repo file.
However, external tooling is expected to generate the repo.sha256 file.
As Haiku's package manager reads in the repo.sha256 file to determine if an updated repo is available (differing from the locally cached one), we should probably have package_repo generate the repo.sha256 file as well.
The reasoning is as repo.sha256 is part of Haiku's core package management logic, the tooling should manage the fundamentals.
example usage of package_repo:
$ ls packages repo.info
package_repo create repo.info packages/*.hpkg
$ ls packages repo.info repo
$ sha256sum repo | sed 's/\s*repo//g' > repo.sha256
Change History (2)
comment:1 by , 4 months ago
Note:
See TracTickets
for help on using tickets.
We also do the repo.minisig for the signature validation... however I think there is a strong case to draw the line in functionality at the creation of the repo.sha256 file.
Minisign is "extra" beyond the basic fundamental repo creation and even in the future would be an optional check (while repo.sha256 is required for base functionality)