[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: rpm hashes



On Wed, 13 May 2009, Adam Jackson wrote:

On Wed, 2009-05-13 at 09:13 +0300, Panu Matilainen wrote:

From rpm POV it's perfectly legal for any number of packages to share
identical files, and that still works. What doesn't work is sharing files
between packages using different file hash algorithm, so if you need to
share across Centos >= 3 <-> Fedora >= 11 you need to build the package
for lowest common denominator, meaning md5 file hashes. Fedora 11 changes
the default algorithm from md5 to sha256 in redhat-rpm-config, producing
packages that are incompatible with rpm < 4.6.0 but specs and macro
configuration can override that.

Whether it's against Fedora guidelines is another question, but since this
was about a package from a 3rd party repository...

It would have been really, _really_ nice if sha256 was merely another
hash that could be in the payload, instead of forcing you to pick one or
the other.  For that matter, it would still be really really nice.

Could it have been done that way? Yes, and if it were just per-package hash then certainly it would've been done that way. But remember this is per-file data, storing two (and when the day comes when sha256 is considered insufficient, three etc) hashes per file adds a non-trivial amount of header bloat.

Having the md5 hashes too would've been nice for backwards compatibility but actually using them for file conflict calculations would mean (in addition to the header bloat):
- considerable increase in memory use
- falling back to md5 for conflict resolution would void the supposed
  extra security of the better hash

	- Panu -


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]