|
* signatures no longer deal with zcat. Instead, we sign the gzip file
itself (stripped of the signature part of the header, of course). Thanks
Angelos. Niels seems to think passing the header itself to sign is not
a problem, even though no-one cares about checking it ?
* gzip header handling revamped: can write to memory. Will eliminate some
pipes later on. Can stack signatures.
* taken out specific signature schemes (e.g., pgp and sha1). Code is now
signature scheme independent, mostly, and writes with client data from
memory, e.g., check.c can invoke several checks in parallel without needing
to fork.
* need the full set of popen-like functionalities (keep track of opened
file descriptors to avoid passing them down to children)
* remove simple_check.c, functionality absorbed elsewhere.
To do:
* re-check message output and what to do with unsigned/unchecked/verified
packages,
* check pkg_add implementation and remove extra-pipe in asynchronous
checking,
* control over what to do when several signatures are stacked... Simple
way would be to disable that for now (possibility for release)
* get the code through a linter again.
|
