On 10/31/2016 05:17 PM, Florian Weimer wrote:
On 10/21/2016 05:34 PM, Kevin Fenzi wrote:
On Thu, 20 Oct 2016 16:42:02 +0000
Christopher <ctubbsii@xxxxxxxxxxxxxxxxx> wrote:
What is the "Payload Hash" in koji?
It looks like an MD5, but of what? It's not the rpm... I've checked.
Should koji be providing verification hashes for manual downloads of
built RPMs? I think this would be useful for testing.
http://koji.fedoraproject.org/koji/rpminfo?rpmID=8351409
I'm not sure either. I think it's the internal payload before adding
the signatures, etc?
It's the RPM_SIGTAG_MD5 RPM header:
SIGNATURE:SIGTAG_HEADERSIGNATURES (BIN):
0000003e00000007ffffffa000000010
SIGNATURE:SIGTAG_SHA1HEADER (STRING):
"bbc33a4f6670d31817cd571de632f3190a72e1bf"
SIGNATURE:SIGTAG_SIZE (INT32): 103674
SIGNATURE:SIGTAG_MD5 (BIN):
cdf775308f76e659385444b50ee26a7a
SIGNATURE:SIGTAG_PAYLOADSIZE (INT32): 396760
I'm not completely sure over which part of the RPM it is computed. I
suspect over the non-signature header followed by the decompressed payload.
All RPM v3 digests (so yes, RPM_SIGTAG_MD5) and signatures are on the
(non-signature) header + compressed payload. Only the individual file
digests are on uncompressed data.
- Panu -
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx