support for signing packages / index
We need make sure packages downloaded from different mirrors are unchanged.
Some easy way to install developer keys will be needed too.
(from redmine: issue id 46, created on 2009-06-22, closed on 2009-07-24)
- Changesets:
- Revision 3f4f9e99 by Timo Teräs on 2009-07-17T10:07:52Z:
verify: new applet (ref #46)
an utility to check package signature and integrity.
- Revision 09428323 by Timo Teräs on 2009-07-17T11:29:02Z:
index: fix output file permissions, verify signed index (ref #46)
- Revision eca9c222 by Timo Teräs on 2009-07-20T08:13:03Z:
db: signed index loading (ref #46)
prefer index in the new format as signed .tar.gz.
- Revision 79f43861 by Timo Teräs on 2009-07-22T18:04:54Z:
signing: verify and generate identity
fixes verification of non-repository packages while installing
them. this is final thing needed for full signing support
(fixes #46).