[Rpm-maint] [PATCH] Add RPMTAG_IDENTITY calculation as tag extension

Vladimir D. Seleznev vseleznv at altlinux.org
Thu Apr 5 12:42:15 UTC 2018


On Thu, Apr 05, 2018 at 11:41:33AM +0300, Panu Matilainen wrote:
> On 04/03/2018 10:31 PM, Vladimir D. Seleznev wrote:
> > RPMTAG_IDENTITY is calculating as digest of part of package header that
> > does not contain irrelevant to package build tag entries.
> > 
> > Mathematically RPMTAG_IDENTITY value is a result of function of two
> > variable: a package header and an rpm utility, thus this value can
> > differ for same package and different version of rpm.
> > 
> 
> Before proceeding with further work on this, we need to define what is 
> it that we're trying to identify. The above definition is very 
> ambiguous, and it's impossible to properly review + discuss the patch 
> when my idea of package identity might be entirely different from 
> somebody elses idea, that'll only cause unnecessary work and frustration.

Agree, that commit message isn't clear.

> Starting with, what is a "package"? Are we talking about the source 
> package, or binary packages?

Originally it was about binary packages, but is there really difference?
Source packages are building as well as binary, and something can be
changed after rebuild.

> If it's binaries, then we're always ultimately talking about a *build*, 
> and a line needs to be drawn somewhere.

OK.

> There are any number of ways to draw such a line, so it needs to be
> explicitly stated. One example of such line could be something like
> "package id must match between a package built on different instances
> of the same operating system, version and architecture". That clearly
> is NOT the line that this version of the patch tries to draw, but then
> it's not at all clear to me what that line is supposed to be.

I think, there should be a line with other side idea: if package
identity is matched between package build on the same build environment,
then the build is reproducible.

The possible new version of commit massage is below:

Add RPMTAG_IDENTITY calculation as tag extension

RPMTAG_IDENTITY is calculating as digest of values of significant
package header tag entries and represents package build characteristics.
The main purpose of package identity is reproducible build verification:
if package identity is matched between package build on same build
environment, then the package build is reproducible for this
environment.

-- 
   With best regards,
   Vladimir D. Seleznev


More information about the Rpm-maint mailing list