[Rpm-maint] [rpm-software-management/rpm] IDENTITY as header tag extension discussion (#426)

wladmis notifications at github.com
Sun Apr 1 23:30:49 UTC 2018


There was a suggestion to [calculate RPMTAG_IDENTITY as tag extension](http://lists.rpm.org/pipermail/rpm-maint/2018-March/007688.html) and do not the tag to actual rpm package during build time.

The main idea is to take message digest from package header tags filtered by the blacklist containing tags that don't represent actual package build characteristics, such as buildtime or values based on randomness; that digest is the value of RPMTAG_IDENTITY.

One of advantage of IDENTITY is package reproducible build check; advantage of dynamically calculated IDENTITY is no need to rebuild a package to take the value.

Still, in the future releases new tags can be added to rpm, and some of them can be put to the blacklist, so previous and new rpm(8) releases will produce different IDENTITY values, that is not good and requires a solution. One of possible solution is to put to package header some addintional information about IDENTITY version during build time (and prevent to calculate identity if current rpm doesn't know how to do it for required version), or list of tagnos that should be filtered, but it is too flexible, that is not good for the task.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/426
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20180401/52b0260c/attachment.html>


More information about the Rpm-maint mailing list