Ticket #30562 (new enhancement)
MacPorts should offer to sign archives
| Reported by: | arno+macports@… | Owned by: | macports-tickets@… |
|---|---|---|---|
| Priority: | Normal | Milestone: | |
| Component: | base | Version: | |
| Keywords: | archive, digest, pkg, mpkg, dmg, mdmg | Cc: | snc@… |
| Port: |
Description
Now that MacPorts is always generating archives and has support for fetching signed archives, it should also generate and clean up the signature files when possible.
A configuration item that specifies the path to the private key would be necessary to start signing packages.
Regardless, MacPorts should delete any .rmd160 files that are left over when uninstalling a port.
It would also be beneficial if an existing .rmd160 file were deleted if it exists when a new archive is created. In the event that an archive is signed before it is finished being written, or the user forces a reinstall of an existing port.
Change History
Note: See
TracTickets for help on using
tickets.
Similarly, MacPorts should offer to sign the [m]pkgs that it creates. In the case of mpkg, the child package need not be pre-signed since the metapackage will be signed.