On Wed, Jan 13, 2010 at 11:35:48PM +0000, Chris Gerhard wrote: > Thanks. Are there plans to allow users to use the sha1 check. I > can see all sorts of confusion when audits find files on systems > that are supposed to be identical are different yet the pkg system > does not report it.
The pkg system doesn't report an error, because the ELF sections of the binary that it cares about haven't changed. Different has multiple meanings. The pkg client uses the digest of the entire file, when the file is not in ELF format. The hash algorithms may change over time, so reading the action data by hand and making assumptions about its content aren't a good idea. If you need a programatic interface to pkg verify, we might be able to add that to the API. > This came to light as I was looking into ksh93 dumping core.I can > reproduce it on one system and not the other. Now it could be > nothing to do with the different binaries but if I can see customer > calling up in very agitated states if they see this. Verify has told you that the file hasn't changed in a way that would affect its behavior. -j _______________________________________________ pkg-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
