On 29/5/22 00:18, Morten Linderud wrote:
From: Morten Linderud <[email protected]>
This patch implements a new verify function in makepkg. It allows us to
do arbitrary authentication on sources before extraction.
There are several new signing and validation methods being implemented
and it would be hard to have `makepkg` implement support for things such
as sequoia, cosign or minisign. This would allow us to distribute
generic validation functions.
This also implements a new `copy_` routine for our protocols as we need
to have a separation between extracting sources and copying sources.
I have looked at this patch and I have no idea what the copy_... is
supposed to do here at all. Why would anything need copied into $srcdir
before verification? This does not appear necessary for and of sequoia,
cosign or minisign.
Allan
