delta rpms - can we turn them off

Florian Weimer fweimer at
Sun Jun 29 11:36:06 UTC 2014

On 06/29/2014 12:32 PM, drago01 wrote:
> On Sun, Jun 29, 2014 at 1:55 AM, Jonathan Dieter <jdieter at> wrote:
>> 2. RPM would also need to support signatures across the uncompressed payload
>> as well as the compressed payload.
> Well Florian said that only the header is actually signed not the
> payload. So this shouldn't be necessary.

I missed that the information that the payload is XZ-compressed is 
likely signed (hard to tell because the current RPM format isn't 
documented).  So we'd need a fake XZ implementation that produces an 
essentially uncompressed data stream (xz -0 still compresses).

In the meantime, we could try to reduce the compression level to 0 
unconditionally in applydeltarpm.

Florian Weimer / Red Hat Product Security

More information about the devel mailing list