Re: Binary packages - checksums behavior ?

To: vom513 <vom513%gmail.com@localhost>
Subject: Re: Binary packages - checksums behavior ?
From: Greg Troxel <gdt%lexort.com@localhost>
Date: Sun, 23 Jun 2024 18:33:38 -0400

vom513 <vom513%gmail.com@localhost> writes:

> I’d like to know how checksums are used with binary packages.  Looking at the man page for pkg_admin I see the section for “check” that compares the files in a package against the CONTENTS file ?
>
> My question is more about at the time of installation.  Does pkg_add do anything before committing/completing the install WRT checksums ?
>
> The scenario that makes me curious is:
>
> - PKG_PATH is an http/ftp/etc network path
> - The system pulls over the package, but it’s corrupted in flight
> - Will it still get installed at this point ?
> - Or does it get installed and looking at it after the fact would reveal some checksum problems ?

There are two mechanisms.

Once is the file having a checksum and pkg_admin checks the installed
file against the package metadata.  Look at
/usr/pkg/pkgbb/foo-N.Y/+CONTENTS.

The other is the binary package getting modified in transit.   
For that there is a way to have a signature, OpenPGP or PKIX/X.509.
Some binary package sets have these and some do not.   Look at the MNX
ones, which I think do.  See pkg_admin(1).

References:
- Binary packages - checksums behavior ?
  - From: vom513

Prev by Date: Binary packages - checksums behavior ?
Next by Date: Where is the port/package maintainer listed?
Previous by Thread: Binary packages - checksums behavior ?
Next by Thread: Where is the port/package maintainer listed?
Indexes:

Home | Main Index | Thread Index | Old Index