On 26/6/22 00:59, Morten Linderud wrote:
On Sun, Jun 26, 2022 at 12:55:22AM +1000, Allan McRae wrote:
On 29/5/22 00:18, Morten Linderud wrote:
From: Morten Linderud <[email protected]>
This patch implements a new verify function in makepkg. It allows us to
do arbitrary authentication on sources before extraction.
There are several new signing and validation methods being implemented
and it would be hard to have `makepkg` implement support for things such
as sequoia, cosign or minisign. This would allow us to distribute
generic validation functions.
This also implements a new `copy_` routine for our protocols as we need
to have a separation between extracting sources and copying sources.
I have looked at this patch and I have no idea what the copy_... is supposed
to do here at all. Why would anything need copied into $srcdir before
verification? This does not appear necessary for and of sequoia, cosign or
minisign.
Allan
Currently makepkg does copying and extraction as one routine. Nothing is
currently available in `$srcdir` and there is no way to have files available in
`$srcdir` without actually extracting them as well.
How could sequioa/cosign/minisign verify files if there is no files in
`$srcdir`?
All other verification happens in $startdir. I don't see why a verify()
function needs $srcdir.
Allan
