[Rpm-maint] [rpm-software-management/rpm] RFE: Add a reproducable source package identifier to binary packages (#957)

Panu Matilainen notifications at github.com
Thu Nov 28 11:19:40 UTC 2019


Originally reported as a bug on SOURCEPKGID https://bugzilla.redhat.com/show_bug.cgi?id=1741715, but SOURCEPKGID (liberal quoting):

Rpm only stores the sourcepkgid if the source rpm was built in the same run as the binary (that is, built with -ba), this is by design AFAICT. It would seem useful to be able to determine whether the same exact sources were used to build a given package, regardless of src.rpm getting generated or not. 

One possibility could be calculating a hash of the spec itself + all the sources and patches included and attach this to all source and binary packages produced to provide a source trail.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/957
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20191128/2edfa0fa/attachment.html>


More information about the Rpm-maint mailing list