> > Why can't we do both in pkg_preinst? I am thinking it would be best > > if > > we drop the current compression implementation and rework your old > > code > > to handle both compression and signing since the signing code is more > > or > > less already complete. > > i'm not sure if sign-file can sign compressed modules.
sign-file will not error when signing a compressed module, but the kernel will not be able to load it. > if we let kernel build handle compression - we have to sign prior to > compression. > if we compress modules ourselves then yes, we could sign first indeed. > > but preinst has it's own issues, you've already seen floppym's remark. >
signature.asc
Description: PGP signature