Miloslav Trmač wrote: > Bill Crawford píše v Čt 26. 02. 2009 v 11:55 +0000: >> Isn't the new hash >> bigger anyway? In which case it should be able to tell what kind of hash it is >> (just like the password encryption routines can recognise the difference >> between an md5 and an sha1 hash) > Of course rpm can tell. > >> ... and run the old checksum code on the file >> on the machine, before replacing it with the new file and the new hash. > That answers the question whether the user has modified the file. It > doesn't answer the question whether the packager has modified the > shipped file between the two rpm package versions. > mitr, it would help if you actually answer the question that everyone's trying to ask even if they aren't phrasing it right :-) 1. rpmdb has md5 of old vanilla config file. 2. rpm package has sha256 of vanilla new config file. 3. rpm computes md5 of config on filesystem 4. rpm sees that md5 of config on filesystem and config of vanilla file differ => user has modified file. 5. rpm sees the vanilla hashes are of different type. 6. rpm computes md5 of vanilla new config file. 7. rpm compares md5 of both vanilla config files to determine whether the packager has modified the file. You told me on IRC that this wasn't realistic because rpm would have to open the file twice. Care to elaborate so everyone can understand? -Toshio
Attachment:
signature.asc
Description: OpenPGP digital signature
-- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
