[Rpm-maint] [PATCH 2/2] Add RPMTAG_IDENTITY
Jeff Johnson
n3npq at me.com
Wed Mar 14 14:20:58 UTC 2018
Afaict, RPMTAG_IDENTITY is an attempt at a reproducible invariant of a package header through rebuilding, which is poisoned by a RPMTAG_BUILDTIME tag (and likely file stat(2) info) being included in the header SHA1 (or SHA256) plaintext.
Note also changes in current rpm to pass in a BUILDTIME to preserve reproducibility.
There are huge legacy compatibility problems committing to a precomputed static value in a header: consider what happens if/when the plaintext definition needs to change.
I'd suggest using a header tag extension rather than a retrieved value so that the plaintext definition can be more easily managed.
I'd also suggest a more specific name than IDENTITY because there are many definitions of reproducibility, as well as alternative schemes like building, and there are surely going to be multiple attempts to Get It Right! that make IDENTITY a misnomer.
hth
73 de Jeff
More information about the Rpm-maint
mailing list