[Replicant] [vendor_replicant-scripts] [PATCH v2] Add script to generate the key-migration.sh script
Denis 'GNUtoo' Carikli
GNUtoo at cyberdimension.org
Thu Sep 24 22:33:51 UTC 2020
I was trying to make something fast, to release it soon, but thinking
more about it the design is not great and way too fragile.
I really cannot find any good way to identify the key name having
signed a given package from within the packages.xml and now that I know
a bit more about how it works it's probably better not to use the
package names from packages.xml but instead use the certificate file
names directly, and not do any checks on the certificates names.
After that I'll also try to re-add a way to extract certificates from
the packages.xml now that I know the encoding, to enable that to still
work for people that deleted their former certificates.
This could probably be done in parallel of the RC and release process
as this is not needed for the final image.
This design would also enable people to migrate application data from
one application to another, like to migrate from Google play to
f-droid, as it would just pick any certificates in the given
directories without doing any checks.
Denis.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.osuosl.org/pipermail/replicant/attachments/20200925/8011f2c9/attachment.asc>
More information about the Replicant
mailing list