[maemo-developers] Community updates for diablo (specifically Application Manager if nothing else)

From: Marius Vollmer marius.vollmer at nokia.com
Date: Tue Apr 14 19:01:24 EEST 2009 
ext Andrew Flegg <andrew at bleb.org> writes:

> Marius wrote:
>
>> I think the following could work:
>>
>> - We start signing Diablo Maemo Extras.
>
> [...]
>
>   * AIUI, the only technical step here is to sign the Release file
>     with the GPG key.

Yes.

>> - We put a "maemo-community-archive-keyring" package or something into Diablo
>>   Maemo Extras that contains the public key needed to verify the signature.
>>   It also contains a new "package domain" with a trust level of 600.
>
> The "package domain"s are entirely Application Manager specific, IIRC?

Yes.

> Does "sort-weight" in nokia-repository's postinst correspond to the
> "trust level"?

No, not at all.  The sort-weight is used to sort the catalogues when
displaying them in the UI.

Package domains are 'orthogonal' to catalogues and repositories.  They
are connected by the signature of the Release file.

The AM looks at the keys that have been used to sign the Release file
and associates each package with a package domain.  Package domains are
configured in /etc/hildon-application-manager/domains.  You will find
the trust level in there, among other things.

See here 

   http://hildon-app-mgr.garage.maemo.org/repos-stable.html

for a bit more.

> First step, I'd suggest would be a small rollout:
>
>    * hildon-application-manager 1:2.1.xx-community (where xx > 19)
>    * hildon-application-manaer-l10n 5.1-community
>    * osso-software-version-rx* 1:6.2009.nn-community

I would lose the "community" suffix, actually.  The
osso-software-version-rx* package could get a display name that clearly
spells out that this is not from Nokia.
More information about the maemo-developers mailing list