On Sat, Oct 04, 2003 at 04:39:49AM +1000, Kim Lester wrote:
Some of the ideas I have implemented include a pkg info file in each
package
containing the
pathname
uid, gid (numeric)
md5sum,
size (useful to humans)
mode
symlink target (for symlinks)
a
Matthew Palmer [EMAIL PROTECTED] wrote:
On Wed, Oct 08, 2003 at 12:24:37AM +1000, Kim Lester wrote:
There is no way to verify/correct the MODE, USER, GROUP, TYPE
of any files installed in a pkg.
If I am wrong please point out where, with an installed pkg
(and preferably without having a copy
On Wednesday 08 October 2003 09:04, Andreas Metzler wrote:
'chown -R ...' accidentally excuted in the wrong directory comes to
my mind. Or filesystem corruption after a hard crash.
But then not only files from packages, but also user files are subject of
corruption. Using a tool like
-Original Message-
From: Brian May [mailto:[EMAIL PROTECTED]
Sent: Sunday, October 05, 2003 9:39 AM
To: Fabien Ninoles
Cc: Kim Lester; debian-devel@lists.debian.org
Subject: Re: Package verification and /usr/bin/install tool
replacements
On Sat, Oct 04, 2003 at 01:42:36PM -0400, Fabien
On Wed, Oct 08, 2003 at 12:24:37AM +1000, Kim Lester wrote:
There is no way to verify/correct the MODE, USER, GROUP, TYPE
of any files installed in a pkg.
That appears to be the case, partly because permissions may be changed
from those files which are contained withing the .deb file via
On Wed, Oct 08, 2003 at 12:24:37AM +1000, Kim Lester wrote:
There is no way to verify/correct the MODE, USER, GROUP, TYPE
of any files installed in a pkg.
If I am wrong please point out where, with an installed pkg
(and preferably without having a copy of the .dpkg around)
once can tell if a
Hmmm...
On Sun, Oct 05, 2003 at 09:38:30AM +1000, Brian May wrote:
On Sat, Oct 04, 2003 at 01:42:36PM -0400, Fabien Ninoles wrote:
Although your proposition seems more complete, have you try
debsums and checksecurity? debsums with the following
feature in /etc/apt/apt.conf
solution does.
regards
kim
-Original Message-
From: Rene Engelhard [mailto:[EMAIL PROTECTED]
Sent: Saturday, October 04, 2003 5:45 AM
To: debian-devel@lists.debian.org
Subject: Re: Package verification and /usr/bin/install tool
replacements
Kim Lester wrote:
Although
Kim Lester wrote:
Although debian packages may contain md5sums it seems package
verification is
not available (unless I have missed something).
Although your proposition seems more complete, have you try
debsums and checksecurity? debsums with the following
feature in /etc/apt/apt.conf
DPkg
On Sat, Oct 04, 2003 at 01:42:36PM -0400, Fabien Ninoles wrote:
Although your proposition seems more complete, have you try
debsums and checksecurity? debsums with the following
feature in /etc/apt/apt.conf
DPkg::Post-Invoke {
debsums --generate=nocheck -sp /var/cache/apt/archives;
Although debian packages may contain md5sums it seems package
verification is
not available (unless I have missed something).
Also I find the traditional /usr/bin/install type tools rather
primitive.
As I understand it a debian pkg relies on information in the tar
archive itself
to store
Hi,
Kim Lester wrote:
Although debian packages may contain md5sums it seems package
verification is
not available (unless I have missed something).
Probably you missed debsums...
Grüße/Regards,
René
--
.''`. René Engelhard -- Debian GNU/Linux Developer
: :' : http://www.debian.org
In article [EMAIL PROTECTED] you wrote:
: BTW: Do you know anybody who really needs to put all the tools needed
: to build source packages onto floppies? :-)
Yes, I do. A friend has an older laptop that has a floppy drive, and that's
his only current path of getting bits in and out. He may
[EMAIL PROTECTED] (Manoj Srivastava) wrote on 13.05.97 in [EMAIL PROTECTED]:
Or, thirdly, we use pristine sources iff they are in supported
formats, or else the upstream source is massaged into a supported
format, and BIG signs are posted pointing to the real sources and the
steps
, but not in the source tree.
None of the mechanisms recently discussed are going to change that, so
far as I can tell.
* [5.1] Binary package verification (the issues here are substantially
similar to those of source package verification).
We should use the same package format for binary and source
Please clarify - unpacking a Debian source package is different
than unpacking an upstream source package (which may require tar,
unzip, zoo, lha, jar, etc.). Right?
Andy Mortimer wrote:
Personally, I'd be inclined to disagree here, especially given [1.5]
below. If I've gone to all the
[EMAIL PROTECTED] (Andy Mortimer) wrote on 13.05.97 in [EMAIL PROTECTED]:
On May 12, Jim Pick wrote
Excellent write-up, Klee. Thanks for doing it.
I second this; a lot of thought has obviously gone into this, and it
shows!
aol Me too! /aol
* [1.1] It must be possible to
How about where part of the upstream archive could go into the main
distribution, but part needs to go into non-free or non-US, even for the
sources?
That's a case where you _must_ repack the original archive.
MfG Kai
No. I'd just say upload the upstream sources to the non-US
Hi,
Jim == Jim Pick [EMAIL PROTECTED] writes:
Might it be possible to, say, have a list of `supported formats' --
.tar.gz, .zip, others? -- and at least give the option of
downloading upstream sources which were originally in other formats
as a tarball? This is far from ideal, for any number
brian white writes (Re: Package Verification ):
This is fine, but it doesn't help with verifying packages on
non-Debian systems as is required by people who must do an actual FTP
from another machine. As for the format, feel free to alter it. I
figured I would be parsing this line out
From: Ian Jackson [EMAIL PROTECTED]
I suppose we could put the file size in the Packages file; it just
might get a bit cluttered with all of this information. What do
people feel about this ?
I think a field with the size _and_ MD5 checksum on the same line would
be helpful. We don't collect
Bruce said, regarding Packages file info:
I think a field with the size _and_ MD5 checksum on the same line would
be helpful. We don't collect this information anywhere else, to my knowledge.
The sum(1) checksum might also be useful. I know that sum(1) has been
characterized here as totally
I'd rather avoid the sum(1) checksum, because there are two implementations
of sum(1), the BSD and SYSV, that output different checksums for the same
data. Too many people will get confused when they see the wrong sum.
Bruce
--
Bruce Perens [EMAIL PROTECTED] Pixar Animation Studios
brian white writes (Package Verification ):
I'd like to suggest another field to be automatically added to the
Packages files that exist at the top of each hierarchy in the
distribution. I'd like to see a Checksum: field that can be used to
verify the correct download of these packages. I
I'd like to suggest another field to be automatically added to the
Packages files that exist at the top of each hierarchy in the
distribution. I'd like to see a Checksum: field that can be used to
verify the correct download of these packages. I think including both
an 'md5sum' and a (filesize)
25 matches
Mail list logo