[AppStream] AsChecksum target

[Richard Hughes]

Hi all,

I've been using
https://www.freedesktop.org/software/appstream/docs/api/AsChecksum.html
for the various firmware things that I do for some time, and wanted to
add another enum in the "target" property. Then I checked the spec,
and realized the target stuff isn't upstream :)

Some background.

When we generate the checksum for firmware we actually want multiple
checksums for different things. e.g. the container (the .cab file
typically) and also the content (the firmware .bin file typically).
This means we can verify both the downloaded file and also the
exploded file before we try to verify it with a trusted public key.
This means we can show a proper error message rather than just "failed
to verify". The target property is used to know which file is being
targetted for the checksum operation. It's expected there's only one
container, but there could be more than one content.

What I also wanted to propose is a new enum value so I can also
checksum the catalog file (typically a .cat file on windows systems)
which is used to verify the driver has been trusted by the Microsoft
root/WHQL signature.

So, what I've been using is:

 <checksum target="container"> and <checksum target="content"> and
would also like to suggest <checksum target="signature"> but for the
last one another name would be perfectly fine, e.g. "signing",
"security", "trust" etc.

Comments welcome,

Richard