Re: [Gnu-arch-users] crypto signing take 2

[Robert Collins]

On Sun, 2003-12-14 at 03:28, Tom Lord wrote:

>     > But it's got the key element of - working (for me at least).
> 
> 
> As I said -- this really doesn't belong in the hooks.
> Will it be difficult to correct?

It shouldn't be, although I cannot work on it today. I'm off to a
customer site, and from there to see some live comedy. 

I've deliberately taken a worse-is-better approach doing this - to get
there and find issues, and it highlighted a key pair. (pun intended).

firstly, to move it out of hook (I'm glad to see your initial indecision
on IRC has solidified ;)) will be as easy as rewriting whatever
machinery is in run_hook.

secondly, to move it into the pfs layer /guarantees/ violating the
current pfs abstraction. (I wanted to chat with you on IRC, but ...). 
pfs.* doesn't know archive name that it's working on, and thus cannot
select the script to run. Thats why selected files are signed, not all
files. 

Lastly there is the choice about how best to supply all write calls that
pass through the signing layer with a temporary file. Currently I use
one if it exists (and the name is accessible), or spool one to disk
temporarily if making it accessible was going to generate a lot of bogus
changes. Again, not sure how you'd like this done best...

As far as I'm concerned, we now have something that isn't /too/ ugly
internally or externally, and with excellent flexability to refactor..
and test.

Anyhoo, I have to pass the baton on the gpg code at this point.. I doubt
I'll be able to get back to it until next weekend, and I'd hate to see
it start idling.

Rob

-- 
GPG key available at: <http://www.robertcollins.net/keys.txt>.

signature.asc
Description: This is a digitally signed message part