Re: Fedora 31 System-Wide Change proposal: Switch RPMs to zstd compression

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Le jeudi 30 mai 2019 à 14:29 -0700, Samuel Sieb a écrit :
> On 5/30/19 1:56 PM, Chris Murphy wrote:
> > On Thu, May 30, 2019 at 8:40 AM Daniel Mach <dmach@xxxxxxxxxx>
> > wrote:
> > > Dne 30. 05. 19 v 0:05 Neal Gompa napsal(a):
> > > > I'm pretty sure this would break DeltaRPMs, since none of the
> > > > drpm
> > > > software has been updated to handle zstd compression. Neither
> > > > drpm nor
> > > > deltarpm handle it today.
> > > > 
> > > Thanks for heads-up. We'll look into it and provide a fix soon.
> > 
> > I have no idea how deltarpm works, but if working on bit level
> > difference on uncompressed data, I don't see why local rebuild
> > needs
> > to use the same compression level as the Fedora build system. If
> > it's
> > working on compressed data, well I'm not sure how that works, in
> > particular if pixz is used which gives non-reproducible results.
> 
> I was going to suggest earlier that deltarpm could use a faster 
> compression when repacking.  But then I realized that the result has
> to 
> be be bit-exact with the original so the package signing is still
> intact.

That's because someone in the old old past took the shortut of signing
compressed payload hashes instead of signing the uncompressed payload.
That was an easy mistake to make at the time everything was a gzip
file.

That’s something which is also killing us hosting side, now that many
”source” archives are generated on-the-fly, and the on-the-fly
compression method is not stable over time.

Someday the technical debt will reach such levels, the whole package
creation and distribution toolchain will have to be audited to hunt
down all the steps where we assume the security invariant is the
compressed payload instead of the payload itself.

-- 
Nicolas Mailhot
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux