Hi Christoph,
> > STRONGSWAN_URL :=
> > http://download.strongswan.org/$(STRONGSWAN).$(STRONGSWAN_SUFFIX)
>
> Changing here to https to get this security related package would be nice.
Yes, I just tested https and it works flawlessly.
I will send it as a new patch so it's highlighted in ptxdist short log, that
packages should preferably be downloaded from https/ftps urls.
> By the way, is there any work in the pipe to get PGP-Signature verification
> into ptxdist instead of "md5summing"?
Yes, PGP-signature verification could be nice. Would you bundle all public keys
in ptxdist git repo?
An easy step stone could be to add SHA256 hash support in ptxdist.
Pseudo code:
if STRONGSWAN_SHA256 exist:
hash = sha256sum STRONGSWAN_SOURCE
return (hash == STRONGSWAN_SHA256)
else
hash = md5sum STRONGSWAN_SOURCE
return (hash == STRONGSWAN_MD5)
After looking at how the md5 hash check is performed, I think it's easier to
add sha256 hashes to all rules and then change hash function.
/Bruno
--
ptxdist mailing list
ptxdist@pengutronix.de
