[ITP] openh264 (2.3.1)

Jon Turney jon.turney@dronecode.org.uk
Thu Feb 16 19:24:24 GMT 2023

On 14/02/2023 21:21, Takashi Yano via Cygwin-apps wrote:
> On Tue, 14 Feb 2023 17:41:16 +0100
> ASSI wrote:
>> Takashi Yano via Cygwin-apps writes:
>>> Thanks for the advice. I have revised the cygport file.
>> You are getting the file and the hash from the same unprotected source.
>> I was thinking you should put the hash into the cygport file and hence
>> the postinstall script.
>> Also note that the system doing the postinstall will not necessarily
>> have internet access, so you'll need to cope with errors that will
>> produce.
> Thanks.
> The new cygport file attached downloads md5hash during
> the packaging process and embeds it into postinstall
> script. Does this make sense?


So, this looks like it works, and meets the requirements.

Is md5 the only hash available?  This is not really considered "good 
enough" any more.

As a thought-experiment, consider doing it slightly differently:

package contains:
- the headers
- a data file with the version (or maybe URL) and hash
- a script which can fetch (using above data) or remove the DLL
- postinstall and preremove scripts which invoke that script appropriately

(I think this means the post/pre scripts can be static, and packaged via 
$C, rather than written by the cygport itself)

What do you think of that?

More information about the Cygwin-apps mailing list