On May 28, 2007, at 8:55 PM, Olivier Thauvin wrote:

>
>
> The whole specfile is not reasonnable in all binaries, because the  
> size it
> will need, the specfile is probably bigger than the whole header.
>
> But a 16 bytes length binary string is ok, and md5sum is enough to  
> warranty a
> the uniqness of the file in most of case.
>
> WDYT of this idea ?
>

I think its a good idea.

I'd like to support gnupg based detached signature verification on  
spec files
so that the spec file can be authenticated after transport over  
insecure channels.

Getting a digest on the spec file is a degenerate case of signature  
verification.

The other thing that I noticed while setting up the remote build  
element transport
to test the run-time digest() and gnupg() probes was that the spec  
file needs to be
autofetched as well. The rpmio URI cache is rather primitive, and  
cannot atm
handle multiple paths on a remote server.

That flaw can be lived with if the R -> L autofetch is attempted just  
before the
spec file is Fopen'd for parsing, reopening the L (i.e. local) copy.

Kinda hacky, but will "work". The real fix will be to implement a  
fancier URI
cache in rpmio/url.c.

73 de Jeff