----- Original Message ----- > From: "Samuel Sieb" <samuel@xxxxxxxx> > To: devel@xxxxxxxxxxxxxxxxxxxxxxx > Sent: Thursday, May 30, 2019 11:52:55 PM > Subject: Re: Fedora 31 System-Wide Change proposal: Switch RPMs to zstd compression > > On 5/30/19 2:38 PM, Chris Murphy wrote: > > On Thu, May 30, 2019 at 3:31 PM Samuel Sieb <samuel@xxxxxxxx> wrote: > >> > >> On 5/30/19 1:56 PM, Chris Murphy wrote: > >>> I have no idea how deltarpm works, but if working on bit level > >>> difference on uncompressed data, I don't see why local rebuild needs > >>> to use the same compression level as the Fedora build system. If it's > >>> working on compressed data, well I'm not sure how that works, in > >>> particular if pixz is used which gives non-reproducible results. > >> > >> I was going to suggest earlier that deltarpm could use a faster > >> compression when repacking. But then I realized that the result has to > >> be be bit-exact with the original so the package signing is still intact. > > > > Package signing happens after compression? Compression is an > > optimization, in no way does it affect the validity of the payload. > > My understanding is that the signature is calculated over the compressed > payload. (I couldn't find any clear documentation on it with a quick > search.) I see that would make it simpler and somewhat quicker to > verify, but it does cause problems with things like deltarpm and > recompressing packages. I guess we can't just switch what the signature refers to as there are other tools that do this kind of verification on the compressed data, not just delta-RPM, right ? So maybe, could we attach a second signature computed on the uncompressed payload ? Delta-RPM could then use that to verify the reconstructed package & would be crazy fast, as the slow XZ compression will no longer be needed to be performed client-side to verify the signature. > _______________________________________________ > devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx > _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
