No more deltarpms by default
Panu Matilainen
pmatilai at laiskiainen.org
Mon Oct 6 18:31:37 UTC 2014
On 10/06/2014 07:53 PM, Jonathan Dieter wrote:
> As mentioned elsewhere, the problem *is* signatures. yum (quite
> rightly) refuses to install an rpm whose signature doesn't match the one
> in the primary repodata. And I believe that the signature in the RPM is
> also over the whole compressed rpm. To make this work, we'd need to add
> an "uncompressed" signature for every package to the primary repodata as
> well as probably the rpms themselves.
IIRC repodata doesn't carry signatures, it caries a (sha256) checksum of
its own on the entire package. Rpm signatures are a different beast:
there's (sha1) checksum and a signature on the header, plus "rpm v3"
checksum and signature on header + payload. rpm -K style signature
checking is the only thing that looks at the header + payload checksum
and signature, otherwise rpm only uses the checksum/signature on header,
which of course then has checksums of the individual files.
Rpm can (and usually does) ignore the payload signature, file-level
checksums get checked anyway (that too *can* be disabled but...)
However it still requires the input data to be compressed in the format
specified in the header. So to avoid having to compress tons of data
only to decompress it shortly afterwards, there would have to be a way
to tell librpm to expect a different payload compression (or
specifically, that the payload is not compressed). Shouldn't be rocket
science.
- Panu -
More information about the devel
mailing list