Le jeudi, 5 juillet 2012 09.04:48, Didier Raboud a écrit : > Le jeudi, 5 juillet 2012 03.27:36, vous avez écrit : > > On Wed, Jul 4, 2012 at 18:46:54 -0600, Didier Raboud wrote: > > > b) Then, discussing this over the lunch with Philipp Kern, we agreed > > > that instead of downloading netboot.tar.gz's from mirrors (without > > > checking them) to create those debian-installer-$version-netboot-$arch > > > packages, it would actually be saner to build them within the d-i > > > build process. > > > > Might be something to discuss post wheezy but very much not something we > > should change now IMO. > > Would an implementation of {SHA1,MD5}SUM checking in src:debian-installer- > netboot-images be considered then ?
This has now happenned [0]: 1) gpgv checks Release{,.gpg} files against debian-archive-keyring 2) sha256sum checks SHA256SUMS against the Release file 3) sha256sum checks the downloaded files against SHA256SUMS [0] http://anonscm.debian.org/gitweb/?p=d-i/debian-installer-netboot- images.git;a=commitdiff;h=0c3ed95410dbfdf5be5dfd93f5f486565c8cfaa7 sha1sum and md5sum support is implemented but commented for reference; it's probably useless to run more than one hash check so I left the stronger ones where possible. I haven't uploaded as no debian-installer upload happenned in the meantime (so the version would be identical). Ah, another question though: the installation paths are not version-specific: /usr/lib/debian-installer/images/amd64/… so I was about to add Replaces and Breaks against the -6.0- versions. But does this make sense? Would we not rather version-specify the paths (like /usr/lib/debian-installer/7.0/amd64/) to ensure co-installability ? a) Add replaces+breaks ? b) Version-specify the paths ? … Which one is preferred ? Cheers, OdyX
signature.asc
Description: This is a digitally signed message part.