You are not logged in.

#1 2003-07-28 08:06:12

Moritz
Member
From: Cologne, NRW, Germany
Registered: 2002-10-12
Posts: 166

md5sum check for makepkg

what about a ckeck for md5sum with makepkg.
could be usefull for security-based packages. the md5sum shuld be taken from a different server, so both server must be corrupted to corrupt the package!

regards,
moritz

PS: what about the downloadmanager for pacman? still got no answer on that question!!! :evil:

Offline

#2 2003-08-06 23:06:26

Moritz
Member
From: Cologne, NRW, Germany
Registered: 2002-10-12
Posts: 166

Re: md5sum check for makepkg

anyone in here?
...
.......
....
hellooo?!?
...
...
.....
...
:cry:

Offline

#3 2003-08-06 23:39:38

jlvsimoes
Member
From: portugal
Registered: 2002-12-23
Posts: 392
Website

Re: md5sum check for makepkg

no home is here at this moment please leave your message afther the beep


-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GU/ d- s: a- C L U P+ L+++ E--- W+
N 0+ K- W-- !O !M V-- PS+ PE- V++ PGP T 5 Z+ R* TV+ B+
DI-- D- G-- e-- h! r++ z+ z*
------END GEEK CODE BLOCK------

Offline

#4 2003-08-07 00:46:21

sarah31
Member
From: Middle of Canada
Registered: 2002-08-20
Posts: 2,975
Website

Re: md5sum check for makepkg

do you mean that when running makepkg that a md5sum is created?

that is coming.

as for download manager in pacman.....i thought that was already in there. you can stop and restart a download already i believe. (i could be wrong but i was sure that one of the current versions had been patched for that)

if you really want these feature i suggest making a bug report requesting these features.


AKA uknowme

I am not your friend

Offline

#5 2003-08-07 08:02:38

Moritz
Member
From: Cologne, NRW, Germany
Registered: 2002-10-12
Posts: 166

Re: md5sum check for makepkg

md5sum:
no.
after makepkg (with the help of wget) has downloaded the source, it should download the md5sum from a _different_ server and check the downloaded file.
if (everything is okay)
    go further;
else
    run error;
this is all!


pacman:
i thought of a multiple download-stream. downloading one file from four different servers, and put all four parts together. so all server share the traffic, and share bandwith.
i.e. i made a ftp-installation, and the ftp-server was getting pretty slow. so the whole installation took about 5 hours!
But if only one of four servers is slow, the other three could increase "my" bandwith and decrease the amount of time


bug report:
I've made one bug-report (graphics mode in links). I made a mistake and gave it the priority of "4" (pritty important). Judd took the time to send me a mail, instead of rebuilt the package. I thinkt both took the same time (I've tested it!)
So why should I use it? It would be better, if I would modify makepkg myself. sad

Offline

#6 2003-08-07 08:53:43

sarah31
Member
From: Middle of Canada
Registered: 2002-08-20
Posts: 2,975
Website

Re: md5sum check for makepkg

md5sum:okay but not all source is signed with a md5sum or different mirrors.

pacman: that may be a good feature but i would also hope that it would not slow the functioning of pacman.

bugreport: the advantage is that other who are working on pacman makepkg may get the message too. if the person responsible for the bug is not actively browsing the forum they may not see your post or mentally note it where as their bug report is always there. bug reprts are another form of news for other users. they may give an indication of develo0pment activity. the less fixed bugs the less active a development team may be. etc. but if you "can't be bothered" that is fine.


AKA uknowme

I am not your friend

Offline

#7 2003-08-07 10:37:15

andy
Member
From: Germany
Registered: 2002-10-11
Posts: 374

Re: md5sum check for makepkg

Moritz wrote:

pacman:
i thought of a multiple download-stream. downloading one file from four different servers, and put all four parts together. so all server share the traffic, and share bandwith.
i.e. i made a ftp-installation, and the ftp-server was getting pretty slow. so the whole installation took about 5 hours!
But if only one of four servers is slow, the other three could increase "my" bandwith and decrease the amount of time

That sounds almost like the problem that http://bitconjurer.org/BitTorrent/ is adressing.

After Moritz's idea came up the first time I was thinking about this a bit. Pacman would need to have a bittorrent protocol download mechanism. Then, in addition to the standard ftp server on ftp.archlinux.org there also needs to be a bittorrent tracker and a bittorrent seeder. This could be set up relatively easy. The problematic part is to also get the mirrors participate in the torrent seeding. They would need to be convinced in either manually add a seeder for each new package (that will never happen), or run a program that scans for new packages and does the appropriate (unlikely as well). Also seeding lots of small files instead of one large amount of data may be problematic.

The good news, however, is that there are two C libraries for the bittorrent protocol on http://sourceforge.net/projects/libbt/ and http://libtorrent.sourceforge.net/ I used the example programs of the first and it seems to be ok.

So adding bittorrent capabilities to pacman may not be difficult (and with all that not needing to think about how to contact different servers), but establishing a bittorrent infrastructure could be difficult.

Just some thoughts ...

Offline

#8 2003-08-07 10:47:42

Moritz
Member
From: Cologne, NRW, Germany
Registered: 2002-10-12
Posts: 166

Re: md5sum check for makepkg

first: this instance of the protocol must be protected of sharing illeagle stuff!

second: if bittorrent realy works, all arch'ers would share their stuff, so even my server/router could send some packages (or parts of it!)

third: my idea of a downloadmanager for pacman is like the tool NetAnts for windows, the package manager from gentoo and so on.

Offline

Board footer

Powered by FluxBB