On Fri, May 31, 2019 at 12:40 PM Samuel Sieb <samuel@xxxxxxxx> wrote: > > On 5/31/19 6:57 AM, Martin Kolman wrote: > > I guess we can't just switch what the signature refers to as there are other tools > > that do this kind of verification on the compressed data, not just delta-RPM, right ? > > > > So maybe, could we attach a second signature computed on the uncompressed payload ? > > Delta-RPM could then use that to verify the reconstructed package & would be crazy fast, > > as the slow XZ compression will no longer be needed to be performed client-side to verify > > the signature. > > It's not deltarpm that needs the signature. It just puts the package > together. It's rpm that checks the signature. I'm not sure... 847 fprintf(stderr, "could not read signature header\n"); There are several more of these, and also there are other checks happening. 1467 fprintf(stderr, "junk at end of payload\n"); That and a bunch of possible skipped file related messages suggests drpm is not so simple. At least it seems like it isn't just some simple difference map between two rpms. -- Chris Murphy _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
