On 01/13/10 05:52 PM, [email protected] wrote:
On Wed, Jan 13, 2010 at 11:35:48PM +0000, Chris Gerhard wrote:
Thanks. Are there plans to allow users to use the sha1 check. I
can see all sorts of confusion when audits find files on systems
that are supposed to be identical are different yet the pkg system
does not report it.
The pkg system doesn't report an error, because the ELF sections of the
binary that it cares about haven't changed. Different has multiple
meanings. The pkg client uses the digest of the entire file, when the
file is not in ELF format. The hash algorithms may change over time, so
reading the action data by hand and making assumptions about its content
aren't a good idea. If you need a programatic interface to pkg verify,
we might be able to add that to the API.
I think it would be a nice feature for users that track changes to their
system using external tools that use standard digests.
--
Shawn Walker
_______________________________________________
pkg-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
