On Sat, Aug 26, 2017 at 02:14:16PM +0200, Julian Andres Klode wrote: > I also want this for delta debs, to identify local rebuilds being > installed, and prevent delta installation failure in such cases.
yay another user!
> > To me it seems that:
> > * we are mostly interested in the hash of the whole container: all the
> > use cases highlighted above would require this;
> > * If ↑ then the hash can't be pre-computed and stored inside the
> > container.
>
> Practically speaking, for your use case you only need a hash of the
> file tree. My proposal for a package id is to use the md5sum of
> DEBIAN/md5sums. This can be stored in DEBIAN/control in an id
> field and generated at build time.
That's not true, as we need the hash also (for example) of all the
maintainer scripts which are not in data.tar (I assume that's what you
meant by "file tree"). Also, we have seen packages where the only
difference is the order of entry in the md5sums file, therefore making
the build not reproducible by our (higher than policy) standards.
We really need the whole container.
> We can also use cat DEBIAN/md5sums DEBIAN/control | md5sum (without an
> Id field in control) as the ID, and then append that to control. This
> means that dependency relations and stuff is included as well. That's
> useful for the solver use case; but it's not really relevant for
> the reproducible build use case - dependencies on the installed
> system, description, etc should not matter for you.
Well, DEBIAN/control contains the dependencies generated during the
package build, and we do are interested in them as well…
In short: we do care about both data.tar and control.tar. After all, we
do compare the hashes of the final .deb container.
As I saw it when I originally thought of the problem the only sane
solution to this for me would be to have dpkg compute the hash of the
.deb before unpacking it, and store in it's $admindir/status file, but
that makes the installation process very CPU-intensive, to the point
that very probably it's too much to be bareable in many systems.
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
signature.asc
Description: PGP signature
