Re: Koji payload hash?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 10/31/2016 05:17 PM, Florian Weimer wrote:
On 10/21/2016 05:34 PM, Kevin Fenzi wrote:
On Thu, 20 Oct 2016 16:42:02 +0000
Christopher <ctubbsii@xxxxxxxxxxxxxxxxx> wrote:

What is the "Payload Hash" in koji?
It looks like an MD5, but of what? It's not the rpm... I've checked.
Should koji be providing verification hashes for manual downloads of
built RPMs? I think this would be useful for testing.

http://koji.fedoraproject.org/koji/rpminfo?rpmID=8351409

I'm not sure either. I think it's the internal payload before adding
the signatures, etc?

It's the RPM_SIGTAG_MD5 RPM header:

  SIGNATURE:SIGTAG_HEADERSIGNATURES (BIN):
    0000003e00000007ffffffa000000010
  SIGNATURE:SIGTAG_SHA1HEADER (STRING):
"bbc33a4f6670d31817cd571de632f3190a72e1bf"
  SIGNATURE:SIGTAG_SIZE (INT32): 103674
  SIGNATURE:SIGTAG_MD5 (BIN):
    cdf775308f76e659385444b50ee26a7a
  SIGNATURE:SIGTAG_PAYLOADSIZE (INT32): 396760

I'm not completely sure over which part of the RPM it is computed.  I
suspect over the non-signature header followed by the decompressed payload.

All RPM v3 digests (so yes, RPM_SIGTAG_MD5) and signatures are on the (non-signature) header + compressed payload. Only the individual file digests are on uncompressed data.

	- Panu -
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux