[gentoo-dev] [PATCH 0/6] glep-0078: Clarifications

[gentoo-dev] [PATCH 0/6] glep-0078: Clarifications

[Michał Górny]

Hi,

Here's a bunch of patches to GLEP 78 (GPKG format).  They're mostly
clarifications, that is:

- replacing "basename" with more specific explanation

- linking formats to the respective standards

- deferring compressed file formats to GLEP 74

- clarifying the situation around Manifest signing and verifying binpkg
  authenticity

Please review.


Michał Górny (6):
  glep-0078: Replace "basename" with non-ambiguous explanation
  glep-0078: Link tar format to the respective standards
  glep-0078: Link compressed file formats to GLEP 74
  glep-0078: Link OpenPGP to RFC 4880
  glep-0078: Clarify that Manifest is signed too
  glep-0078: Clarify that Manifest must be present for signed binpkg

 glep-0078.rst | 64 +++++++++++++++++++++++++++++++++++----------------
 1 file changed, 44 insertions(+), 20 deletions(-)

-- 
2.37.3

[gentoo-dev] [PATCH 1/6] glep-0078: Replace "basename" with non-ambiguous explanation

[Michał Górny]

It has been pointed out that the "basename" term may be ambiguous
in the context.  Explain explicitly that it is the filename with
.gpkg.tar suffix stripped.

Signed-off-by: Michał Górny <mgorny@gentoo.org>
---
 glep-0078.rst | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/glep-0078.rst b/glep-0078.rst
index 05ceba9..24c5c9d 100644
--- a/glep-0078.rst
+++ b/glep-0078.rst
@@ -7,8 +7,9 @@ Type: Standards Track
 Status: Accepted
 Version: 1
 Created: 2018-11-15
-Last-Modified: 2022-08-14
-Post-History: 2018-11-17, 2019-07-08, 2021-09-13, 2021-09-22, 2022-05-28
+Last-Modified: 2022-09-21
+Post-History: 2018-11-17, 2019-07-08, 2021-09-13, 2021-09-22, 2022-05-28,
+              2022-09-21
 Content-Type: text/x-rst
 ---
 
@@ -193,10 +194,11 @@ The gpkg package container is an uncompressed .tar achive whose filename
 should use ``.gpkg.tar`` suffix.
 
 The archive contains a number of files.  All package-related files
-should be stored in a single directory whose name matches the basename
-of the package file.  However, the implementation must be able to
-process an archive where the directory name is mismatched.  There should
-be no explicit archive member entry for the directory.
+should be stored in a single directory whose name matches the package
+filaname after stripping the ``.gpkg.tar`` suffix.  However,
+the implementation must be able to process an archive where
+the directory name is mismatched.  There should be no explicit archive
+member entry for the directory.
 
 The package directory contains the following members, in order:
 
-- 
2.37.3

[gentoo-dev] [PATCH 2/6] glep-0078: Link tar format to the respective standards

[Michał Górny]

Signed-off-by: Michał Górny <mgorny@gentoo.org>
---
 glep-0078.rst | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/glep-0078.rst b/glep-0078.rst
index 24c5c9d..4d27ac1 100644
--- a/glep-0078.rst
+++ b/glep-0078.rst
@@ -232,8 +232,10 @@ ignore unknown files but preserve them across package updates.
 Permitted .tar format features
 ------------------------------
 
-The tar archives should use either the POSIX ustar format or a subset
-of the GNU format with the following (optional) extensions:
+The tar archives should use either the POSIX ustar format as defined
+by POSIX.1-2017 [#POSIX-USTAR]_ or a subset of the ustar-compatible
+GNU tar format as described in the GNU tar manual [#GNU-TAR]_ with
+the following (optional) extensions:
 
 - long pathnames and long linknames,
 
@@ -629,6 +631,13 @@ References
    written in C
    (https://packages.gentoo.org/packages/app-portage/portage-utils)
 
+.. [#POSIX-USTAR] The Open Group Base Specifications Issue 7, 2018
+   edition, pax - portable archive interchange, ustar Interchange Format
+   (https://pubs.opengroup.org/onlinepubs/9699919799/utilities/pax.html#tag_20_92_13_06)
+
+.. [#GNU-TAR] GNU tar: an archiver tool, Appendix E Tar Internals
+   (https://www.gnu.org/software/tar/manual/html_node/Tar-Internals.html)
+
 .. [#DEB-FORMAT] deb(5) — Debian binary package format
    (https://manpages.debian.org/unstable/dpkg-dev/deb.5.en.html)
 
-- 
2.37.3

[gentoo-dev] [PATCH 3/6] glep-0078: Link compressed file formats to GLEP 74

[Michał Górny]

Signed-off-by: Michał Górny <mgorny@gentoo.org>
---
 glep-0078.rst | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/glep-0078.rst b/glep-0078.rst
index 4d27ac1..3078061 100644
--- a/glep-0078.rst
+++ b/glep-0078.rst
@@ -5,7 +5,7 @@ Author: Michał Górny <mgorny@gentoo.org>,
         Sheng Yu <syu.os@protonmail.com>
 Type: Standards Track
 Status: Accepted
-Version: 1
+Version: 1.1
 Created: 2018-11-15
 Last-Modified: 2022-09-21
 Post-History: 2018-11-17, 2019-07-08, 2021-09-13, 2021-09-22, 2022-05-28,
@@ -304,15 +304,17 @@ Archive member compression
 
 The archive members outlined above support optional compression using
 one of the compressed file formats supported by the package manager.
-The exact list of compression types is outside the scope of this
-specification.
+The list of compression types is maintained in GLEP 74 [#GLEP74]_.
+The package manager may implement an arbitrary subset of compressed file
+formats.  However, it is recommended that it can uncompress all formats
+that are not listed as deprecated.
 
 The implementations must support archive members being uncompressed,
 and must support using different compression types for different files.
 
 When compressing an archive member, the member filename should be
-suffixed using the standard suffix for the particular compressed file
-type (e.g. ``.bz2`` for bzip2 format).
+suffixed using the suffix for the particular compressed file type
+specified in GLEP 74.
 
 
 The package Manifest file
@@ -638,15 +640,15 @@ References
 .. [#GNU-TAR] GNU tar: an archiver tool, Appendix E Tar Internals
    (https://www.gnu.org/software/tar/manual/html_node/Tar-Internals.html)
 
+.. [#GLEP74] GLEP 74: Full-tree verification using Manifest files
+   (https://www.gentoo.org/glep/glep-0074.html)
+
 .. [#DEB-FORMAT] deb(5) — Debian binary package format
    (https://manpages.debian.org/unstable/dpkg-dev/deb.5.en.html)
 
 .. [#TAR-PORTABILITY] Michał Górny, Portability of tar features
    (https://dev.gentoo.org/~mgorny/articles/portability-of-tar-features.html)
 
-.. [#GLEP74] GLEP 74: Full-tree verification using Manifest files
-   (https://www.gentoo.org/glep/glep-0074.html)
-
 .. [#XPAK2GPKG] xpak2gpkg: Proof-of-concept converter from tbz2/xpak
    to gpkg binpkg format
    (https://github.com/mgorny/xpak2gpkg)
-- 
2.37.3

[gentoo-dev] [PATCH 4/6] glep-0078: Link OpenPGP to RFC 4880

[Michał Górny]

Signed-off-by: Michał Górny <mgorny@gentoo.org>
---
 glep-0078.rst | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/glep-0078.rst b/glep-0078.rst
index 3078061..a109b7f 100644
--- a/glep-0078.rst
+++ b/glep-0078.rst
@@ -349,9 +349,10 @@ not verify, the package manager must reject processing the corresponding
 archive member.  In particular, it must not attempt decompressing
 compressed members in those circumstances.
 
-The signatures are created as binary detached OpenPGP signature files,
-with filename corresponding to the member filename with ``.sig`` suffix
-appended.
+The signatures are created as binary detached OpenPGP signature files
+as defined by RFC 4880 § 11.4 or a subsequent standard, with filename
+corresponding to the member filename with ``.sig`` suffix appended
+[#RFC-4880]_.
 
 The exact details regarding creating and verifying signatures, as well
 as maintaining and distributing keys are outside the scope of this
@@ -643,6 +644,9 @@ References
 .. [#GLEP74] GLEP 74: Full-tree verification using Manifest files
    (https://www.gentoo.org/glep/glep-0074.html)
 
+.. [#RFC4880] RFC 4880: OpenPGP Message Format
+   (https://www.rfc-editor.org/rfc/rfc4880)
+
 .. [#DEB-FORMAT] deb(5) — Debian binary package format
    (https://manpages.debian.org/unstable/dpkg-dev/deb.5.en.html)
 
-- 
2.37.3

[gentoo-dev] [PATCH 5/6] glep-0078: Clarify that Manifest is signed too

[Michał Górny]

Signed-off-by: Michał Górny <mgorny@gentoo.org>
---
 glep-0078.rst | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/glep-0078.rst b/glep-0078.rst
index a109b7f..ab28aed 100644
--- a/glep-0078.rst
+++ b/glep-0078.rst
@@ -328,7 +328,9 @@ the inner archive contents.  This file also provides protection against
 signature reuse/replacement attacks if the OpenPGP signatures are used.
 
 The implementation follows the Manifest specifications in GLEP 74
-[#GLEP74]_ and uses the DATA tag for files within the container.
+and uses the ``DATA`` tag for files within the container.
+If the package is using OpenPGP signatures, the Manifest file must also
+include a cleartext OpenPGP signature as defined in GLEP 74 [#GLEP74]_.
 
 The implementation should be able to detect checksum mismatches,
 as well as missing, duplicate, or extraneous files within
-- 
2.37.3

[gentoo-dev] [PATCH 6/6] glep-0078: Clarify that Manifest must be present for signed binpkg

[Michał Górny]

Signed-off-by: Michał Górny <mgorny@gentoo.org>
---
 glep-0078.rst | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/glep-0078.rst b/glep-0078.rst
index ab28aed..733d8d7 100644
--- a/glep-0078.rst
+++ b/glep-0078.rst
@@ -228,6 +228,11 @@ If the Manifest is present, all files contained in the archive must
 be listed in it and verify successfully.  The package manager should
 ignore unknown files but preserve them across package updates.
 
+For a binary package to be considered signed and suitable for
+authenticity verification, the Manifest file must be present and contain
+a valid signature.  It is recommended to include detached signatures
+for archive members as well.
+
 
 Permitted .tar format features
 ------------------------------
-- 
2.37.3

Re: [gentoo-dev] [PATCH 1/6] glep-0078: Replace "basename" with non-ambiguous explanation

[Ulrich Mueller]

[-- Attachment #1: Type: text/plain, Size: 126 bytes --]

>>>>> On Wed, 21 Sep 2022, Michał Górny wrote:

> +filaname after stripping the ``.gpkg.tar`` suffix.  However,
      ^

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 507 bytes --]