rpm5 & ts.hdrFromFdno from .hdr file

Jeffrey Johnson n3npq at me.com
Sat May 18 19:58:16 CEST 2013


On May 18, 2013, at 7:37 AM, Elan Ruusamäe wrote:

> On 05/18/2013 01:54 PM, Elan Ruusamäe wrote:
>> seems the .hdr files that yum/anaconda creates are not parseable by rpm5 on the same system:
>> ...
>> above tar is available from here to debug:
>> http://carme.pld-linux.org/~glen/rpm5-hdr.tar
>> 
> 
> 
> header is extracted from this repodata info:
> 
>    <rpm:header-range start="368" end="7947"/>
> 
> perhaps those offsets are incorrect?
> 

Heh: offsets being different.

You (in fact) asked for the change in offsets years ago. I also gave you the
backport to rpm-4.4.9 at the time.

The issue is that the package signature precedes the plaintext that is signed
in a *.rpm package.

In order to sign a package, the entire payload MUST be rewritten, which is quite
slow on NFS.

rpm5 reserves space in the signature header so that the signature can be substituted
rather than forcing the entire package to be rewritten.

The corollary is that the metadata header always starts at the same offset.

Offhand, you do not seem to be using the functionality that you asked for: "368"
is way too small.

I also suspect that you are using ancient versions of yum (and perhaps anaconda)
if attempting to produce files containing only header metadata, rpm5 goes to some
'lenghts to ALWAYS verify package signatures, and EVERY package produced by
rpmbuild has a non-repudiable signature (i.e. there is ALWAYS a signature and
public key  present in every package produced by rpmbuild).

hth

73 de Jeff

73 de Jeff





More information about the pld-devel-en mailing list