pkg_checksum_generate: Add vital flag to checksum

[llfw]

Package checksums can be used to determine if a newly-built package should replace the old package, for example when building the FreeBSD base system. Since the vital flag is an important attribute of a package, include it in the checksum.

[markjdb]

Does this mean that already-installed vital packages will start reporting checksum errors after updating pkg?

[llfw]

Does this mean that already-installed vital packages will start reporting checksum errors after updating pkg?

i installed pkg 2.3.1, created a fresh pkgbase repo, installed it, then installed this version, and i couldn't make pkg check produce an error with various combinations of -a and -s.

however it does look like i need to fix the test case.

[kevans91]

Does this mean that already-installed vital packages will start reporting checksum errors after updating pkg?

i installed pkg 2.3.1, created a fresh pkgbase repo, installed it, then installed this version, and i couldn't make pkg check produce an error with various combinations of -a and -s.

however it does look like i need to fix the test case.

Do you sign your pkgbase repos? pkg-check is purely package contents, iirc; you'd need to have signed it with the previous version and verified the signature with the new version, which I think might fail in some setup.

[kevans91]

Actually, ignore that; i misremembered what exactly we're signing there. It would presumably be the manifest blob that doesn't get recalculated (just hashed itself). Sorry-

[bapt]

this is internal checksum to figure if a package should be considered for a reinstallation or an upgrade