NetBuild Library Package Format

1.  NetBuild library packages consist of UNIX tar files compressed using the gzip utility. (otherwise known as .tgz format)

2.  All components of the tar file MUST be ordinary files. No directories, symlinks, block or special files, or other component types are permitted.

3.  All components of the tar file MUST be relative to the local directory. No components whose file names begin with "/" or which contain a reference to a parent directory ("..") are permitted.

4.  One component of the tar file is named md5sums. This file contains a list of MD5 fingerprints of each file in the package (with the exception of files md5sums, md5sums.gpg, and pubkey.gpg). Each line in the md5sums file is in the format

MD5(filename) = md5-fingerprint-in-hex

5.  The file named md5sums.gpg is a detached signature of the file md5sums created with gpg.

6.  The file named pubkey.gpg contains the public key of the party who signed the md5sums.gpg file, along with any signatures on that public key that the signer believes might help the user's NetBuild client authenticate that key. The md5sums.gpg file is in a format that can be imported by gpg 1.2.2 or later.

7.  A file named, if present, is a Bourne shell script to be executed in order to complete installation of the library. The script must exit with status 0 for the NetBuild client to consider the installation successful.

8.  A file named metadata contains a description of the library. Each line of the metadata file is of the form

Where name is one of the names defined in the NetBuild data model, and value is the value associated with that name. Since these metadata describe the library contained in the package, each name is of the form library.something. Other metadata names may be ignored or may cause the library to be considered invalid.

Several of these metadata are extracted by the library cataloging process and made available to NetBuild clients in order to help them choose which specific library to download. A few are for human consumption. Certain metadata variables are also interpreted by the NetBuild client after the library is downloaded and installed:

9.  Any component of the tar file named gpg.status will be ignored; as this file will be overwritten by gpg during signature verification.

10.  Other files in the package are assumed to be needed to use the library. The package contents are essentially arbitrary. For instance, the package may contain multiple library archives (*.a, *.so), header files (*.h), and/or other support files.

Last Change: 14 May 2004