Module file parse API

[Sean Mullan]

On 06/20/2012 12:49 PM, Chris Hegarty wrote:
> On 20/06/2012 17:28, Sean Mullan wrote:
>> Hi Chris,
>>
>> I've just been reviewing the changes to Signer.java. With the new code,
>> it looks like the caller is now responsible for verifying the hashes
>> whereas in the old code, the Reader would automatically take care of it
>> for you. Can you explain why you changed that?
>
> The parser is just that, a parser. It generates the hashes of section
> data and exposes the section headers hashes, giving flexibility to the
> caller on how to handle them ( you may decide to have a non validating
> implementation! ). The previous way of doing this was just a hack that
> preventing the Reader from actually writing any data, 'extract = false',
> when the reader is actually an installer.

Should we rename it to Installer then?

> Now that Signer can invoke the parser directly rather than creating a
> Reader/Installer we can actually simplify the Reader/Installer so that
> it always extracts the content. I found this to be a more flexible and
> cleaner solution.
>
> Sorry if I've missed the point of your question. Was this what you were
> asking?

Signer is an unusual case in that it is reading the module file without 
extracting its contents in order to calculate the hashes that it will 
then sign.

I think my concern is that if the hashes inside the module file don't 
actually match what is being read, you would want to know about that 
regardless of whether you are extracting the contents.

Having said that, I've been somewhat dubious on the overall 
value/purpose of the hashes inside the module file. They don't provide 
any security without something additional such as a signature, but when 
generating the signature, it has to recalculate all of the hashes again 
to be sure they are still correct since the module file was created. So 
their only value is as a checksum, but my experience with checksums is 
that they are usually stored separately from what they are computed over.

--Sean