[CentOS] Checksums for git repo content?

Johnny Hughes johnny at centos.org
Thu Feb 9 18:58:57 UTC 2017


On 02/09/2017 12:53 PM, Johnny Hughes wrote:
> On 02/09/2017 12:50 PM, Leonard den Ottolander wrote:
>> Hello John,
>>
>> On Thu, 2017-02-09 at 16:33 +0000, John Hodrien wrote:
>>> On Thu, 9 Feb 2017, Leonard den Ottolander wrote:
>>>
>>>> How about my request for checksums in the git repo?
>>>
>>> What checksums would you actually want in git?
>>
>> SRPMS are signed which allows the integrity of the contents to be
>> checked. Such an integrity check is missing from the git repo.
>>
>> Either a checksum file for each file or a single checksums file per
>> package/release holding all checksums for all files of said
>> package/release (including the tarballs that are downloaded with
>> get_sources.sh).
>>
>> Regards,
>> Leonard.
>>
> 
> Red Hat exports the source code to the repo, I don't think they are
> going to change what the put in.  It is an extracted SRPM.

At the time of extraction, the <name>.metadata file is created (again,
not by us, but by the Red Hat team that distributes source), and all the
non-text sha1sums are in there as well as all the text sources.

You can see who modifies any of those files (the text sources and the
text <name>.metadata file).




-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20170209/e608ce0f/attachment.sig>


More information about the CentOS mailing list