Opened 9 years ago

Last modified 6 years ago

#30562 new enhancement

MacPorts should offer to sign archives

Reported by: fracai Owned by: macports-tickets@…
Priority: Normal Milestone:
Component: base Version:
Keywords: archive, digest, pkg, mpkg, dmg, mdmg Cc: nerdling (Jeremy Lavergne), cooljeanius (Eric Gallager)
Port:

Description

Now that MacPorts is always generating archives and has support for fetching signed archives, it should also generate and clean up the signature files when possible.

A configuration item that specifies the path to the private key would be necessary to start signing packages.

Regardless, MacPorts should delete any .rmd160 files that are left over when uninstalling a port.

It would also be beneficial if an existing .rmd160 file were deleted if it exists when a new archive is created. In the event that an archive is signed before it is finished being written, or the user forces a reinstall of an existing port.

Change History (3)

comment:1 Changed 8 years ago by nerdling (Jeremy Lavergne)

Cc: snc@… added
Keywords: pkg mpkg dmg mdmg added
Version: 2.0.1

Similarly, MacPorts should offer to sign the [m]pkgs that it creates. In the case of mpkg, the child package need not be pre-signed since the metapackage will be signed.

comment:2 Changed 6 years ago by cooljeanius (Eric Gallager)

Cc: egall@… added

Cc Me!

comment:3 Changed 6 years ago by cooljeanius (Eric Gallager)

Speaking of signing packages/archives, a user on another ticket (ticket:40305:2) was wondering if MacPorts could support gpg signatures in addition to the current signing methods... would that fall under this ticket as well, or should it get its own separate ticket?

Note: See TracTickets for help on using tickets.