There was a suggestion to [calculate RPMTAG_IDENTITY as tag
extension](http://lists.rpm.org/pipermail/rpm-maint/2018-March/007688.html) and
do not the tag to actual rpm package during build time.
The main idea is to take message digest from package header tags filtered by
the blacklist containing tags that don't represent actual package build
characteristics, such as buildtime or values based on randomness; that digest
is the value of RPMTAG_IDENTITY.
One of advantage of IDENTITY is package reproducible build check; advantage of
dynamically calculated IDENTITY is no need to rebuild a package to take the
value.
Still, in the future releases new tags can be added to rpm, and some of them
can be put to the blacklist, so previous and new rpm(8) releases will produce
different IDENTITY values, that is not good and requires a solution. One of
possible solution is to put to package header some addintional information
about IDENTITY version during build time (and prevent to calculate identity if
current rpm doesn't know how to do it for required version), or list of tagnos
that should be filtered, but it is too flexible, that is not good for the task.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/426
_______________________________________________
Rpm-maint mailing list
[email protected]
http://lists.rpm.org/mailman/listinfo/rpm-maint
