Binary diffs for deb files
James Hall
rio at x5g.com
Fri May 5 17:20:20 BST 2006
On Fri, 2006-05-05 at 16:43 +0200, John Nilsson wrote:
> On Fri, 2006-05-05 at 12:05 +0100, James Hall wrote:
> > On Thu, 2006-05-04 at 21:01 +0200, John Nilsson wrote:
> > > In any case, checksums and deltas should be based on the actual
> > > content,
> > > not the compressed representation of it.
> >
> > I can see where you're coming from. My thinking is to have the deltas
> > based on the uncompressed content, but maintain the checksum of the
> > compressed representation (which I have achieved). This allows us to use
> > the existing code for checking signatures.
>
> I don't know very much about how debs are supposed to be, or what kinds
> of checksums we are talking about. One thing I do know though is that
> I'd like md5sums for each file in the package, and whatever it installs,
> so that I can verify the integrity of the installed files at any time.
>
> Would a signed md5sum file be suitable for the purposes you are talking
> about?
>
> Regards,
> John
>
Hi John,
The deb format already contains md5sums of each individual file, and
since the entire package is signed, this is also signed. You can find it
by extracting a deb file and looking in control for the file named
'md5sums'.
Regards,
James
More information about the ubuntu-devel
mailing list