[Rpm-maint] RFC: RPMTAG_IDENTITY calculation

Jeff Johnson n3npq at me.com
Mon Apr 2 19:44:18 UTC 2018



> On Apr 1, 2018, at 7:31 PM, Vladimir D. Seleznev <vseleznv at altlinux.org> wrote:
> 
>> On Thu, Mar 29, 2018 at 03:07:21PM -0400, Jeff Johnson wrote:
>> 
>> 
>>> On Mar 29, 2018, at 12:55 PM, Vladimir D. Seleznev <vseleznv at altlinux.org> wrote:
>>> 
>>> Hello, rpm-maint@!
>>> 
>>> There are RFC patches which implement RPMTAG_IDENTITY calculation.
>>> 
>>> The main idea is that RPMTAG_IDENTITY contains a hash of as many as possible,
>>> ideally all RPMTAGs, with exception of that that principally cannot be
>>> reproducible and that we don't want to make it reproducible. Another exception
>>> is for these tags that we want to use in certain cases, but only for these tags
>>> that aren't relevant to result of package build. So value of RPMTAG_IDENTITY is
>>> calculating by blacklist filtered tags for each package.
>>> 
>>> I didn't test the code on systems different from ALT, so I don't sure that it
>>> works on these systems properly. I also don't sure that black list is complete
>>> for other systems, these case also need to test.
>>> 
>>> Previously I wrote that RPMTAG_IDENTITY value will be used to generate more
>>> strict interpackage dependencies, but we turn away from it because identity of
>>> binary packages of two builds from one source package can be same for some
>>> packages and differ for others, and it brings collision for them.
>> 
>> This isn't the best implementation for an IDENTITY
>> proof-of-reproducibility implementation.
>> 
>> While I understand that you followed the header SHA1 code path,
>> filtering out tags that were too specific, in order to add an IDENTITY
>> tag in rpmbuild, header.c is just not the right place to hard wire the
>> definition of what tags to include, nor is there any reason to include
>> the IDENTITY within a package header, largely because that forces a
>> package rebuild (a very expensive operation) in order to populate tag
>> values.
>> 
>> The better implementation uses a tag extension (in lib/tagexts.c)
>> using a header tag iterator with filtering to retrieve the tag values
>> you wish in the IDENTITY plaintext.  The reason to calculate IDENTITy
>> dynamically is the ease with which a proof-of-reproducibility can be
>> deployed everywhere, not just in ALT.
> 
> I like the idea to calculate IDENTITY dynamically implemented as tag
> extension. Still I need to think about pros and cons and possible
> pitfalls of this decision.
> 

Good.

>> Please open an issue to discuss IDENTITY as a header tag extension if
>> you would like to proceed in that direction.
> 
> I opened the issue:
> 
> https://github.com/rpm-software-management/rpm/issues/426
> 

Thanks! An issue tracker is a bit easier to collect comments than an email thread these days.

73 de Jeff
> -- 
>   With best regards,
>   Vladimir D. Seleznev


More information about the Rpm-maint mailing list