On 10/21/2016 05:34 PM, Kevin Fenzi wrote:
On Thu, 20 Oct 2016 16:42:02 +0000
Christopher <ctubbsii(a)fedoraproject.org> wrote:
> What is the "Payload Hash" in koji?
> It looks like an MD5, but of what? It's not the rpm... I've checked.
> Should koji be providing verification hashes for manual downloads of
> built RPMs? I think this would be useful for testing.
>
>
http://koji.fedoraproject.org/koji/rpminfo?rpmID=8351409
I'm not sure either. I think it's the internal payload before adding
the signatures, etc?
It's the RPM_SIGTAG_MD5 RPM header:
SIGNATURE:SIGTAG_HEADERSIGNATURES (BIN):
0000003e00000007ffffffa000000010
SIGNATURE:SIGTAG_SHA1HEADER (STRING):
"bbc33a4f6670d31817cd571de632f3190a72e1bf"
SIGNATURE:SIGTAG_SIZE (INT32): 103674
SIGNATURE:SIGTAG_MD5 (BIN):
cdf775308f76e659385444b50ee26a7a
SIGNATURE:SIGTAG_PAYLOADSIZE (INT32): 396760
I'm not completely sure over which part of the RPM it is computed. I
suspect over the non-signature header followed by the decompressed payload.
Florian