[Rpm-maint] RFC: RPMTAG_IDENTITY calculation
Jeff Johnson
n3npq at me.com
Mon Apr 2 19:44:18 UTC 2018
> On Apr 1, 2018, at 7:31 PM, Vladimir D. Seleznev <vseleznv at altlinux.org> wrote:
>
>> On Thu, Mar 29, 2018 at 03:07:21PM -0400, Jeff Johnson wrote:
>>
>>
>>> On Mar 29, 2018, at 12:55 PM, Vladimir D. Seleznev <vseleznv at altlinux.org> wrote:
>>>
>>> Hello, rpm-maint@!
>>>
>>> There are RFC patches which implement RPMTAG_IDENTITY calculation.
>>>
>>> The main idea is that RPMTAG_IDENTITY contains a hash of as many as possible,
>>> ideally all RPMTAGs, with exception of that that principally cannot be
>>> reproducible and that we don't want to make it reproducible. Another exception
>>> is for these tags that we want to use in certain cases, but only for these tags
>>> that aren't relevant to result of package build. So value of RPMTAG_IDENTITY is
>>> calculating by blacklist filtered tags for each package.
>>>
>>> I didn't test the code on systems different from ALT, so I don't sure that it
>>> works on these systems properly. I also don't sure that black list is complete
>>> for other systems, these case also need to test.
>>>
>>> Previously I wrote that RPMTAG_IDENTITY value will be used to generate more
>>> strict interpackage dependencies, but we turn away from it because identity of
>>> binary packages of two builds from one source package can be same for some
>>> packages and differ for others, and it brings collision for them.
>>
>> This isn't the best implementation for an IDENTITY
>> proof-of-reproducibility implementation.
>>
>> While I understand that you followed the header SHA1 code path,
>> filtering out tags that were too specific, in order to add an IDENTITY
>> tag in rpmbuild, header.c is just not the right place to hard wire the
>> definition of what tags to include, nor is there any reason to include
>> the IDENTITY within a package header, largely because that forces a
>> package rebuild (a very expensive operation) in order to populate tag
>> values.
>>
>> The better implementation uses a tag extension (in lib/tagexts.c)
>> using a header tag iterator with filtering to retrieve the tag values
>> you wish in the IDENTITY plaintext. The reason to calculate IDENTITy
>> dynamically is the ease with which a proof-of-reproducibility can be
>> deployed everywhere, not just in ALT.
>
> I like the idea to calculate IDENTITY dynamically implemented as tag
> extension. Still I need to think about pros and cons and possible
> pitfalls of this decision.
>
Good.
>> Please open an issue to discuss IDENTITY as a header tag extension if
>> you would like to proceed in that direction.
>
> I opened the issue:
>
> https://github.com/rpm-software-management/rpm/issues/426
>
Thanks! An issue tracker is a bit easier to collect comments than an email thread these days.
73 de Jeff
> --
> With best regards,
> Vladimir D. Seleznev
More information about the Rpm-maint
mailing list