On 25 August 2015 at 21:52, Richard Purdie < [email protected]> wrote: > Some random thoughts. We could add the signature into the tarball using > something like the --use-compress-program option (see > https://www.gnu.org/software/tar/manual/html_chapter/tar_8.html and the > gpg references). That would mean we have one less separate file to worry > about. > > Not sure which approach I prefer, just putting the idea out there...
Or alternatively stash the signature in the siginfo as another field in the data store. Still not sure what I prefer either! > I'd also probably make these callable functions, then others can > override them and use them as hooks if they want to. FWIW, initially they were functions in the pre-extract and post-create functions, but error handling disappears that way and instead of shouting "signature verification failed" it just says that "an error occured". I can still factor them out but call them directly. Ross
-- _______________________________________________ Openembedded-core mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-core
