Opened 13 years ago
Last modified 10 years ago
#30562 new enhancement
MacPorts should offer to sign archives
| Reported by: | fracai | Owned by: | macports-tickets@… |
|---|---|---|---|
| Priority: | Normal | Milestone: | |
| Component: | base | Version: | |
| Keywords: | archive, digest, pkg, mpkg, dmg, mdmg | Cc: | nerdling (Jeremy Lavergne), cooljeanius (Eric Gallager) |
| Port: |
Description
Now that MacPorts is always generating archives and has support for fetching signed archives, it should also generate and clean up the signature files when possible.
A configuration item that specifies the path to the private key would be necessary to start signing packages.
Regardless, MacPorts should delete any .rmd160 files that are left over when uninstalling a port.
It would also be beneficial if an existing .rmd160 file were deleted if it exists when a new archive is created. In the event that an archive is signed before it is finished being written, or the user forces a reinstall of an existing port.
Change History (3)
comment:1 Changed 12 years ago by nerdling (Jeremy Lavergne)
| Cc: | snc@… added |
|---|---|
| Keywords: | pkg mpkg dmg mdmg added |
| Version: | 2.0.1 |
comment:3 Changed 10 years ago by cooljeanius (Eric Gallager)
Speaking of signing packages/archives, a user on another ticket (ticket:40305:2) was wondering if MacPorts could support gpg signatures in addition to the current signing methods... would that fall under this ticket as well, or should it get its own separate ticket?
Similarly, MacPorts should offer to sign the [m]pkgs that it creates. In the case of mpkg, the child package need not be pre-signed since the metapackage will be signed.