Synch with current development:

* signatures no longer deal with zcat. Instead, we sign the gzip file
itself (stripped of the signature part of the header, of course). Thanks
Angelos.  Niels seems to think passing the header itself to sign is not
a problem, even though no-one cares about checking it ?
* gzip header handling revamped: can write to memory. Will eliminate some
pipes later on. Can stack signatures.
* taken out specific signature schemes (e.g., pgp and sha1).  Code is now
signature scheme independent, mostly, and writes with client data from
memory, e.g., check.c can invoke several checks in parallel without needing
to fork.
* need the full set of popen-like functionalities (keep track of opened
file descriptors to avoid passing them down to children)
* remove simple_check.c, functionality absorbed elsewhere.

To do:
* re-check message output and what to do with unsigned/unchecked/verified
packages,
* check pkg_add implementation and remove extra-pipe in asynchronous
checking,
* control over what to do when several signatures are stacked... Simple
way would be to disable that for now (possibility for release)
* get the code through a linter again.

1 files changed, 0 insertions, 1 deletions

diff --git a/usr.sbin/pkg_install/sign/Makefile b/usr.sbin/pkg_install/sign/Makefile
index b3adf4d287d..72b2e5c506c 100644
--- a/usr.sbin/pkg_install/sign/Makefile
+++ b/usr.sbin/pkg_install/sign/Makefile
@@ -1,5 +1,4 @@
 # define PGP to be the path to pgp (default: /usr/local/bin/pgp)
-# and GZCAT to be the path to gzcat (default: /usr/bin/gzcat)
 
 # Use the check_sign target if your system can't handle pipes or getpass
 all: pkg_sign