setup

Corinna Vinschen corinna-cygwin@cygwin.com
Wed Jun 3 08:19:00 GMT 2015 

On Jun  2 18:24, Achim Gratz wrote:
> Corinna Vinschen writes:
> >> Why?  In any case it'd be easy enough to make it switchable.
> >
> > Transition period.  We should do changes like that in two steps, first
> > updating to a setup which handles the new checksums, then changing the
> > generation of checksums to the new method.  Like we did with
> > MD5->SHA512.  It's smoother that way.  It's also certainly not a bad
> > idea to continue supporting the older checksum methods.  You're very
> > likely not the only person creating his/her own setup.ini files and
> > every change may break a script elsewhere :)
> 
> Yes, but in this case you're really talking about the setup.exe side,

Yes, sure.

> not the generation of the setup via upset or genini (which I thought you
> were talking about, since that's the part implemented in Perl).  If we
> use the SHA512: prefix then both hex and base64 encoded checksum are
> distinguishable easily and we might even throw in MD5 just for fun.

There's no reason for upset to create more than one style of checksum.
MD5, SHA512, SHA512/base64, whatever.  What I'm talking about is the
client side.  The setup tool should understand all types of checksums
used.  Right now it identifies MD5 vs. SHA512 just by the length of
the checksum.

> > You seem to be doing this on a regular basis with your own scripts.  Is
> > that right?  Would you think your own method is just hacked to work, or
> > do you think your own ini creation scripts are clean enough to release
> > them to the public?
> 
> No, it's fairly sophisticated already, but not yet feature-complete and
> requires a few clean-ups (don't they always?).
> 
> > I'm asking because, right now, we're relying on a convoluted perl script
> > set which is hard to understand (at least for non-perl guys), is missing
> > comments, has no maintainer, and above all, has a questionable license.
> 
> What I have is also mostly a Perl script plus a few CMD files around it,
> so that part likely wouldn't change.

CMD is out of the question, this running on a Linux box.

> > Upset is a beast.  It handles ini file creation as well as creating the
> > package information for https://cygwin.com/cgi-bin2/package-grep.cgi,
> > as well as the package upload post-processing.
> 
> Since I can't even look at upset, I use genini for the initial setup.ini

I forgot that the upset repo has been hidden from the public for a long
time, and these days there isn't even a repo since it has been deleted :-P

If you're willing to take a look into these upset perl scripts, please
apply for a normal ssh account on sourceware.org via

  https://sourceware.org/cgi-bin/pdw/ps_form.cgi

Use my private email address as approver.  And make sure to use
*another* public SSH key for shell access than the one you're using
for Cygwin uploads to avoid confusion.


Thanks,
Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin-apps/attachments/20150603/520f904b/attachment.sig>

More information about the Cygwin-apps mailing list