Re: Koji payload hash?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Oct 31, 2016 at 12:01 PM Panu Matilainen <pmatilai@xxxxxxxxxxxxxxx> wrote:
On 10/31/2016 05:17 PM, Florian Weimer wrote:
> On 10/21/2016 05:34 PM, Kevin Fenzi wrote:
>> On Thu, 20 Oct 2016 16:42:02 +0000
>> Christopher <ctubbsii@xxxxxxxxxxxxxxxxx> wrote:
>>
>>> What is the "Payload Hash" in koji?
>>> It looks like an MD5, but of what? It's not the rpm... I've checked.
>>> Should koji be providing verification hashes for manual downloads of
>>> built RPMs? I think this would be useful for testing.
>>>
>>> http://koji.fedoraproject.org/koji/rpminfo?rpmID=8351409
>>
>> I'm not sure either. I think it's the internal payload before adding
>> the signatures, etc?
>
> It's the RPM_SIGTAG_MD5 RPM header:
>
>   SIGNATURE:SIGTAG_HEADERSIGNATURES (BIN):
>     0000003e00000007ffffffa000000010
>   SIGNATURE:SIGTAG_SHA1HEADER (STRING):
> "bbc33a4f6670d31817cd571de632f3190a72e1bf"
>   SIGNATURE:SIGTAG_SIZE (INT32): 103674
>   SIGNATURE:SIGTAG_MD5 (BIN):
>     cdf775308f76e659385444b50ee26a7a
>   SIGNATURE:SIGTAG_PAYLOADSIZE (INT32): 396760
>
> I'm not completely sure over which part of the RPM it is computed.  I
> suspect over the non-signature header followed by the decompressed payload.

All RPM v3 digests (so yes, RPM_SIGTAG_MD5) and signatures are on the
(non-signature) header + compressed payload. Only the individual file
digests are on uncompressed data.

        - Panu -



Thanks. This was explained on https://pagure.io/koji/issue/190 with instructions on how to verify.

_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux