Ticket #30562 (new enhancement)
MacPorts should offer to sign archives
|Reported by:||arno+macports@…||Owned by:||macports-tickets@…|
|Keywords:||archive, digest, pkg, mpkg, dmg, mdmg||Cc:||snc@…|
Now that MacPorts is always generating archives and has support for fetching signed archives, it should also generate and clean up the signature files when possible.
A configuration item that specifies the path to the private key would be necessary to start signing packages.
Regardless, MacPorts should delete any .rmd160 files that are left over when uninstalling a port.
It would also be beneficial if an existing .rmd160 file were deleted if it exists when a new archive is created. In the event that an archive is signed before it is finished being written, or the user forces a reinstall of an existing port.