On 04/ 1/11 05:53 PM, Shawn Walker wrote:
On 03/21/11 06:05 PM, Brock Pytlik wrote:
Greetings all,

webrev:
http://cr.opensolaris.org/~bpytlik/ips-18047-v1/

Bugs:
16867 pkgsign should handle existing signatures better
17982 pkgsign should cleanly handle the aborted transaction case
18021 all information needed to verify a signature action should be
included in the action
18047 need support for pathlen basic constraint
18052 manifest.get_size should reflect true signature size

src/modules/client/publisher.py:
  lines 1739-1741: this can simply be:
     return hashlib.sha1(s).hexdigest()
Ok.

  line 2133: s/ca_dict.extend/ca_dict[k].extend/ ?
Thanks, I've added a test to make sure this is exercised.

src/modules/client/transport/transport.py:
  lines 2826-2828: why is this not done in MultiFile too?
    because you want to rely on the sigpolicy module indirectly
    triggering cert retrieval?  it seems like having it go through
    the normal download path would be better since it would be included
    in progress output.
The short answer was that it didn't seem to need to be. I'm happy to add it to MultiFile.

src/modules/p5p:
   old lines 664-677: by removing these lines, approved and revoke certs
     will not be recorded (as a side effect); you really only needed to
     remove old lines 675-677
Huh. Ok.

   new lines 676-678, 1176-1179: lots of comments in here are no longer
     valid or need tweaking
Ok, comments have been removed or updated

src/modules/server/repository.py:
  line 1953: trans_id should never be None, why this change?

Because it can be None, I hit it in testing. If I remember right if you abort/ctrl-c during an open or perhaps an append in JUST the right spot, then you can get here with trans_id being None. Specifically, if you ctrl-c after transaction.open has make its directories, but before it completes, I think you get into this situation. I encountered it while trying to reproduce bug 17982.
src/sign.py:
  line 261: s/exisitng/existing/

Fixed
src/tests/cli/t_pkgrepo.py:
  line 1074: s/test_08/test_07/
Done

Overall, this seems much nicer.

Thanks for taking a look!
Brock
BTW, are we ever going to add 'signature' actions to pkg(5)?

-Shawn

_______________________________________________
pkg-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/pkg-discuss

Reply via email to