[OE-core] [PATCH][RFC] sstate: implement basic signing/validation
Burton, Ross
ross.burton at intel.com
Tue Aug 25 20:55:36 UTC 2015
On 25 August 2015 at 21:52, Richard Purdie <
richard.purdie at linuxfoundation.org> wrote:
> Some random thoughts. We could add the signature into the tarball using
> something like the --use-compress-program option (see
> https://www.gnu.org/software/tar/manual/html_chapter/tar_8.html and the
> gpg references). That would mean we have one less separate file to worry
> about.
>
> Not sure which approach I prefer, just putting the idea out there...
Or alternatively stash the signature in the siginfo as another field in the
data store.
Still not sure what I prefer either!
> I'd also probably make these callable functions, then others can
> override them and use them as hooks if they want to.
FWIW, initially they were functions in the pre-extract and post-create
functions, but error handling disappears that way and instead of shouting
"signature verification failed" it just says that "an error occured". I
can still factor them out but call them directly.
Ross
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openembedded.org/pipermail/openembedded-core/attachments/20150825/5d2c5c6a/attachment-0002.html>
More information about the Openembedded-core
mailing list