Otherwise will link(2) fail since it does not exist.

can't cancel an index reading or we lose signature checking.

when failed to load an existing index.

and do not remove modified configuration files unless --purge is
specified.

to check system files for changes.

fixes verification of non-repository packages while installing
them. this is final thing needed for full signing support
(fixes #46).

make sure cache is enabled on non-permanent rootfs setups.
some optimizations and fixes too.

smaller callback and less cases to check. also reintroduce the
oneshot digest flag, hopefully correct this time.

we might have done already something.

to not make hard error of untrusted or missing signatures

- error codes for verification failure types
- fix some fdb corruption on file migration
- combine some dependency parsing code
- fix versioned dependencies

do not overwrite untracked files.

- extract everything as .apk-new and overwrite only after data
  has been checksummed
- url construction fixes (to work with simple http servers)
- end of gunzip stream fixed
- remove oneshot digesting flag for now as it's usage was broken

to make sure the scripts have not been altered.

the unflushed data when closing file can be several thousand kiloes,
loop until all is written out.

prefer index in the new format as signed .tar.gz.

speeds up digest calculation on some cases.

that got broke during verify implementation.

an utility to check package signature and integrity.

in future we might add datahashalg to specify the algorithm used.

to speed up apk installation avoid calculating checksums.

change the index generation to do old index, or the new style index
where package identity is sha1 of control block and it's contained
within an .tar.gz to allow signing in future.

replace the old 'delete' option, with 'index'. the idea is that
one can provide existing index files to take cached meta-data of
the package from (assumes package has not been modified if index is
newer, and package size has not changed).

this way one always gives the list of .apk files to include in
the new index, and the old index is used only as "cache".

and prefer sha1 checksums to be stored in base64 encoded format.

otherwise we don't get chechksum anymore after the changes to
support partial gzip checksumming.