delta rpms - can we turn them off
Kevin Fenzi
kevin at scrye.com
Sat Jun 28 15:49:06 UTC 2014
On Sat, 28 Jun 2014 12:51:07 +0200
drago01 <drago01 at gmail.com> wrote:
> On Sat, Jun 28, 2014 at 12:22 PM, Florian Weimer <fweimer at redhat.com>
...snip...
> > The signature is on the RPM header, not the payload. The RPM
> > header only lists digests of individual files (after decompression).
> >
> > So this shouldn't make a difference.
>
> OK so there is no reason not to do it really.
I'm clearly failing to get accross how this works... I guess I'll give
it one more go and then bow out. :)
So, say you have a.rpm. You build it, You sign it.
A user installs a.rpm and is happy.
b.rpm comes along as an update. You build it. You sign it.
You make a a-to-b.drpm of the changes between the two.
User wants to upgrade installed a to b via the drpm.
In order to not assemble b.rpm locally and just apply a-to-b.drpm to
your existing install you would need to either:
a) yum/dnf would have to grow support to do what rpm does right now,
ie, unpack files on the filesystem, update rpmdb, etc.
or
b) rpm would need to grow support for drpms directly. It current to my
understanding doesn't have any.
So, sure, we could sign drpms and yum/dnf could check that, but they
still need to assemble the final rpm in order to pass it to rpm.
Feel free to poke around at it and come up with a proof of concept or
buy in from one of those groups if you can get it working.
kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20140628/ddb3f4ac/attachment.sig>
More information about the devel
mailing list