[Rpm-maint] [rpm-software-management/rpm] Q: RPMTAG_PAYLOADDIGEST: compute before or after compression? (#184)

Jeff Johnson notifications at github.com
Tue Mar 28 21:06:58 UTC 2017


The recently added RPMTAG_PAYLOADDIGEST computes a digest on the compressed payload.

Perhaps now is the time to change the plaintext used to be the uncompressed rather than the compressed archive payload?

The benefit of the digest on the uncompressed archive is that the digest becomes immune to the compression type and format, and it might become possible to change the compression on binary
packages without rebuilding.

Another benefit is that PAYLOADDIGEST can be verified after installation by reconstructing the (usually cpio archive) to verify the payload digest. While PAYLOADDIGEST can also be verified by reconstructing the compressed payload archive, there are always timestamps and implementation changes in external libraries that can cause false failures. A digest on the uncompressed archive would be immune to compression implementation changes.

Now is the time to consider before PAYLOADDIGEST has "legacy compatibility" issues.

(aside)
It also would not be too difficult to change rpmio to configurably compute the digest on either (or even both) uncompressed or compressed plaintext by duplicating the digest computation on an FD_t to handle 2 bits of flags on the pre/post I/O buffers.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/184
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20170328/f99ebf79/attachment.html>


More information about the Rpm-maint mailing list