Re: [Pkgutil-users] Help with creating a catalog?
Status: Beta
Brought to you by:
bonivart
Menu
▾
▴
Re: [Pkgutil-users] Help with creating a catalog?
|
From: Dennis C. <dc...@bl...> - 2010-04-06 08:42:07
|
> On Fri, Apr 2, 2010 at 3:21 PM, Gerrit van der Sanden > <ger...@er...> wrote: >> Hi Tom, >> >> I have version 1.8.0bw, I have downloaded it this week. Where can I find >> 1.9.1? Sorry. WE just *had* to do that. I think we posted diffs and patches. If not .. then I'll look into that. Simply put we now enforce MD5 checks with a static MD5 bin provided and this will change to SHA256 shortly along with enforced GPG auth checks on the catalog. This is all transition regardless as we ( Blastwave ) focus on security issues and testing and trust levels in the packages as well as the delivery mechanisms. More and more of our packages are being centralized inside Oracle based repos at the moment and we are focused on business like processes and NOT simply tossing software in any condition over the wall. At the moment, pkgutil is the best in the world for a delivery mechanism but all ability to work with you seems to have failed. When we hit the cyclic dependecy bug that you, yes Peter, you seemed to ignore, we forked on the spot. This is all transitiory regardless as the future delivery mechanisms are based on IPS and other tools in future Solaris revs. > I assume you use Blastwave then, they have forked the pkgutil source, > I don't know what their version of 1.8 contains. The official pkgutil > version is now 1.10. I'll have to ask the man that worked on the fork about the rev. It makes sense for us however as we now have a different rev and different functionality in pkgutil. Simply put, we won't allow software to arrive at a server if it can not be authenticated and audited in a verifiable manner using well known digital sig hash methods. I can not get too far into that. It is a project on going here. >> The wget link on the web page does not work for me, probably incorrect >> firewall settings somewhere. > > What link is that? If you mean something on http://pkgutil.wikidot.com > I'm very interested in fixing it if something is wrong. > >> One more question if I may. Package "nutty" has a depend file with the >> line: >> >> P krazy KrAzY Applications >> >> In other words, it has a dependency towards the package "krazy". >> But if I do "pkgutil -i nutty" it does not automatically install krazy. > > Pkgutil only uses the catalog to decide this so first check the > contents of the catalog you have created, in the 7th field of the > nutty line you should have krazy there as a dependency. And you also > need to specify that mirror in pkgutil.conf or with -t when calling > pkgutil. That is another issue which I can not get too far into but suffice it to say that the catalog itself no longer seems reasonable as a tool to provide package dependency data nor is the software dependency constructs of two decades ago reasonable. Yet another project I'm involved in that I can not get into but again ... it would have been better if we worked together as oppose to forking. -- Dennis Clarke OpenSolaris Governance Board member 2010 dc...@op... <- Email related to the open source Solaris dc...@bl... <- Email related to open source for Solaris |
