On 20 Feb 2001, at 22:38, Mark Seiden wrote:
> i'm about to switch to oxygen, which i've built on 2.2.18 (i
> hope...) for our beta test.
Thanks for using Oxygen!
> when (not if) you run out of room on a single floppy, which
> contains "trustworthy" software, how to download additional .lrps
> in a trustworthy way?
I'm not sure what you mean.... but read on.
Are you aware that you can download *.LRP files during the boot
process from an HTTP (web) server, from an FTP server, from a TFTP
server, or even from a GOPHER server? This is Oxygen specific,
however.
> so we're thinking of including on the floppy a public key
> corresponding with the private key used to sign each package (some
> sort of certificate), and checking each package as it's
> downloaded.
This requires something to handle the keys - presumably, pgp - which
doesn't yet exist in a package.
> this means using md5 or sha1 hashes with the signatures kept on
> the floppy won't work (as we'll have to update the signatures each
> time we update a package).
> does the apkg format allow for signed content?
Really, it's not a "apkg" format but the *.lrp format - and it's just
a *.tar.gz file.
Having said that, one of the things on my list of "ToDos" is to
change apkg to generate *.md5 for every file in the package for
checking purposes. This would mean:
* When loading, the files would be checked using a list of files and
md5sums in <pkg>.md5
* When saving, this <pkg>.md5 file would be created on the fly and
saved.
The main problem to date has been that not all things put in a *.lrp
are files - often they are directories, which cannot have a *.md5 sum
taken.
As a matter of record, I might note that Oxygen now comes with md5sum
loaded. The challenge is this:
Given an input of:
/some/dir
/some/wild*
/some/file2
/some/dir2/file*
/some/dir2/dir*
Generate an output containing an md5sum of all files....
I've taken a quick stab at it - once I get busybox updated, it should
be nicer - the newest version contains support for find -type and
find -mtime ...and even find -perm ...
Should be easier (easy?) to do using find -type f ...
--
David Douthitt
UNIX Systems Administrator
HP-UX, Linux, Unixware
[EMAIL PROTECTED]
_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-devel
