On 10/22/07, Nils Bruin <[EMAIL PROTECTED]> wrote: > > I think you can easily make tar-archives that contain a checksum, if > you agree on some extremely mild file naming convention for such a > checksum (i.e., the archive is not allowed to contain a filename that > clashes with the file that stores the checksum). Of course, the key is > that when you add something to the archive, the file changes, so the > plain md5sum of the total archive changes. You have to md5sum > something that is easily extracted and independent of the later added > md5sum. The options -O (dump to stdout), -r (append file) and -- > exclude provide the necessary features for tar. > > Procedure for storing a checksum in a tar archive: > ---------------------------------- > (tar xf file.tar --exclude md5sum.check -O; \ > tar tvf file.tar --exclude md5sum.check ) | md5sum > md5sum.check > > tar -rf file.tar md5sum.check > ---------------------------------- > > Procedure for checking that the stored sum agrees with the computed > one: > ---------------------------------- > tar xf file.tar md5sum.check -O > storedcheck > (tar xf file.tar --exclude md5sum.check -O; \ > tar tvf file.tar --exclude md5sum.check ) | md5sum > computedcheck > > cmp storedcheck computedcheck > ---------------------------------- > > Note that we need to include the directory listing information as > well, because the output of -O does not include file names > (i.e., one could move files around and still have the same checksum) > > If it is ever decided that .spkgs should be signed, then you could > include a .gpg-file via the same procedure. >
I really like this idea a lot! It's vastly better -- I think -- from a usability point of view than having to constantly pass around .spkg's and .md5 files together. It will just work 100% automatically and transparently to users, once we modify some scripts in local/bin/sage-*. While we're at it, we should make the following work: 1) sage -unpkg packagename-version.spkg which just does tar jxvf and does the above consistency checks. I suggest sage -unpkg, since making a package is "sage -pkg". Another option would be "sage -extract blah.spkg", or even "sage -x blah.spkg". Please note, sage spkg's can be either bzip2'd or not, so that has to be taken account of. 2) sage -i packagename-version where packagename-version is the name of a *directory*, does sage -pkg on the directory, then installs it. -- William --~--~---------~--~----~------------~-------~--~----~ To post to this group, send email to sage-devel@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/sage-devel URLs: http://sage.scipy.org/sage/ and http://modular.math.washington.edu/sage/ -~----------~----~----~----~------~----~------~--~---