On Sun, Jun 26, 2022 at 12:55:22AM +1000, Allan McRae wrote: > On 29/5/22 00:18, Morten Linderud wrote: > > From: Morten Linderud <[email protected]> > > > > This patch implements a new verify function in makepkg. It allows us to > > do arbitrary authentication on sources before extraction. > > > > There are several new signing and validation methods being implemented > > and it would be hard to have `makepkg` implement support for things such > > as sequoia, cosign or minisign. This would allow us to distribute > > generic validation functions. > > > > This also implements a new `copy_` routine for our protocols as we need > > to have a separation between extracting sources and copying sources. > > I have looked at this patch and I have no idea what the copy_... is supposed > to do here at all. Why would anything need copied into $srcdir before > verification? This does not appear necessary for and of sequoia, cosign or > minisign. > > Allan
Currently makepkg does copying and extraction as one routine. Nothing is currently available in `$srcdir` and there is no way to have files available in `$srcdir` without actually extracting them as well. How could sequioa/cosign/minisign verify files if there is no files in `$srcdir`? -- Morten Linderud PGP: 9C02FF419FECBE16
signature.asc
Description: PGP signature
