Stronger Hashes

Nicolas Chauvet kwizart at gmail.com
Fri Mar 13 17:13:40 CET 2009


2009/3/12 Thorsten Leemhuis <fedora at leemhuis.info>:
> On 12.03.2009 10:15, Dan Horák wrote:
>>
>> Thorsten Leemhuis píše v St 11. 03. 2009 v 08:15 +0100:
>>>
>>> On 10.03.2009 19:31, Julian Sikorski wrote:
>>>>
>>>> Thorsten Leemhuis pisze:
>>>>>
>>>>> So we got the new rpm and build for i586 now on x86-32. Are any other
>>>>> changes needed? Do we want to do a mass rebuild? How: Manual or
>>>>> scripted? And are there any big updates pending that we should do
>>>>> before
>>>>> starting the mass rebuild (ffmpeg?)
>>>>
>>>> I think we should do a mass rebuild, just as fedora did.
>>>
>>> BTW (in case that wasn't obvious from my earlier mail): I agree here ;-)
>>>
>>>> Does the “stronger hashes” feature concern us as well?
>>>
>>> I'd say it "would be nice to have". But does anyone know what exact steps
>>> we need to do to get it? After reading
>>>
>>> https://www.redhat.com/archives/fedora-announce-list/2009-March/msg00004.html
>>> http://fedoraproject.org/wiki/Features/StrongerHashes
>>> is seems it requires a few changes in different areas of our infra.
>>> Somebody afaics need to look into what exactly is needed. Any volunteers?
>>> Anyone with a good connection to Fedora intra/Jesse/mitr that could ask for
>>> advice?
>>
>> I talked to mitr and he is ready answer your questions, he is usually
>> online on #fedora-devel.
>
> Hehe, nice trick ;-) The purpose of my mail was to put the work (or at least
> parts of it) on somebodies else todo-list and not on mine (which is filled
> with lots of RPM-Fusion-related work already). I thought that was obvious
> ;-)
>
According to the 23/02/2009 commit's of redhat-rpm-config, theses
macros are added.
--------
+# Use SHA-256 for FILEDIGESTS instead of default MD5
+%_source_filedigest_algorithm 8
+%_binary_filedigest_algorithm 8
+
------------
Since we don't override the redhat-rpm-config we should already use
StongerHashes.

So I don't think we don't need to tweak anything from our
configuration. Furthermore packages built since this new
redhat-rpm-config already use strongerhash . (rpm -qR package show
rpmlib(FileDigests) <= 4.6.0-1 ) This means they cannot be installed
on F-9 (GA + updates) nor F-10 vanilla (GA only) unless rpmlib
provides that capability.

Now the second part of the problem is:
Is it possible to sign these rpms. And I think that's depend if the
rpm version used to sign.
I was abble to do so, using F-10 + updates (meaning rpmlib >=
4.6.0-1), but I don't know which rpm version is used for signing
rpmfusion package. Is there a problem in this area ?

Nicolas (kwizart)


More information about the rpmfusion-developers mailing list