Re: [pkg-discuss] Code review for 18047 et al

Mon, 04 Apr 2011 13:25:08 -0700 

Webrev:
http://cr.opensolaris.org/~bpytlik/ips-18047-v2/
The changes to transport ended up being more extensive than I had thought they would be so here's a second webrev for it. 

Thanks for taking a look,
Brock

On 03/21/11 06:05 PM, Brock Pytlik wrote:

Greetings all,

webrev:
http://cr.opensolaris.org/~bpytlik/ips-18047-v1/

Bugs:
16867 pkgsign should handle existing signatures better
17982 pkgsign should cleanly handle the aborted transaction case
18021 all information needed to verify a signature action should be included in the action 
18047 need support for pathlen basic constraint
18052 manifest.get_size should reflect true signature size
This webrev contains a substantanial change in how signing packages work. In particular, certificates are no longer associated with publishers or repositories. An action now contains all the certificates (except for the trust anchor/root of the certificate chain) needed to validate the signature. The putback of this will constitute a flag day however as packages which previously were considered to have valid signatures will no longer be valid. 

The following commands have been removed:

pkgrepo add-signing-ca-cert
pkgrepo add-signing-intermediate-cert
pkgrepo remove-signing-ca-cert
pkgrepo remove-signing-intermediate-cert
pkgsign has also been improved so that running it multiple times with the same arguments on a package will result in a package which is valid/installable.
In terms of review, please ignore the generated certificates which account for most of the delta in this webrev (everything in src/tests/ro_data/signing_certs/produced/*). I would especially appreciate anyone who can give the transport, pkgrecv, and p5* changes a close look as those were the areas where I felt weakest while making these changes. 

Thanks for taking a look,
Brock
_______________________________________________
pkg-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/pkg-discuss


_______________________________________________
pkg-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/pkg-discuss

Reply via email to