On 02/09/2017 12:53 PM, Johnny Hughes wrote:> On 02/09/2017 12:50 PM, Leonard den Ottolander wrote: >> Hello John, >> >> On Thu, 2017-02-09 at 16:33 +0000, John Hodrien wrote: >>> On Thu, 9 Feb 2017, Leonard den Ottolander wrote: >>> >>>> How about my request for checksums in the git repo? >>> >>> What checksums would you actually want in git? >> >> SRPMS are signed which allows the integrity of the contents to be >> checked. Such an integrity check is missing from the git repo. >> >> Either a checksum file for each file or a single checksums file per >> package/release holding all checksums for all files of said >> package/release (including the tarballs that are downloaded with >> get_sources.sh). >> >> Regards, >> Leonard. >> > > Red Hat exports the source code to the repo, I don't think they are > going to change what the put in. It is an extracted SRPM.At the time of extraction, the <name>.metadata file is created (again, not by us, but by the Red Hat team that distributes source), and all the non-text sha1sums are in there as well as all the text sources. You can see who modifies any of those files (the text sources and the text <name>.metadata file). -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20170209/e608ce0f/attachment-0001.sig>
On Thu, 2017-02-09 at 12:58 -0600, Johnny Hughes wrote:> At the time of extraction, the <name>.metadata file is created (again, > not by us, but by the Red Hat team that distributes source), and all the > non-text sha1sums are in there as well as all the text sources.Aha, <name>.metadata, well, for f.e. bc I see only a checksum for the tarball, but not for the patch files. For the kernel it contains checksums for some (all?) source files, but again, not for the patches. Is this something you guys could pass on to Red Hat? If not, where should I direct a request to add checksums for patches to that metadata file? Regards, Leonard. -- mount -t life -o ro /dev/dna /genetic/research
On 02/09/2017 01:11 PM, Leonard den Ottolander wrote:> On Thu, 2017-02-09 at 12:58 -0600, Johnny Hughes wrote: >> At the time of extraction, the <name>.metadata file is created (again, >> not by us, but by the Red Hat team that distributes source), and all the >> non-text sha1sums are in there as well as all the text sources. > > Aha, <name>.metadata, well, for f.e. bc I see only a checksum for the > tarball, but not for the patch files. For the kernel it contains > checksums for some (all?) source files, but again, not for the patches. > > Is this something you guys could pass on to Red Hat? If not, where > should I direct a request to add checksums for patches to that metadata > file? >The patch files are in git as text files, right? Why would you need checksums of those? That is the purpose of git, right? There are checksums of all the NON-text (binary) files in the metadata file. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20170209/b74cd4bf/attachment-0001.sig>