[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debdiff project announcement.

In tom.lists.debian-devel, you wrote:
> The main problem was in verifying checksums on the "rebuilt" files.
> I.e., you can't do a diff/patch operation on the file and end up
> with the same checksum as the original version on master.  We would
> probably need to come up with a way of checksumming the unpacked
> package to verify integrity/non-tampering.

I don't see why this is impossible. The debdiff files that my code
will produce will (optionally) checksum files that should already
exist, as well as always including files, such as config files, that
will potentially be modified by the user. (This will really only come
into play in a later version, which will be disk+debdiff->deb, rather
than the original deb+debdiff->deb code.)

Information on the order of elements within control.tar and data.tar
will be preserved in the debdiff. This should lead to identical output
to the original when these files are compressed with gzip.

So, if I'm not missing anything, it should be possible to create an
output file that's identical to the input. However, if something goes
wrong with the gzipping of the files, it would always be
possible (And indeed fairly simple with my current codebase) to write
a program that compares the md5s of the individual members in a deb
(debian-binary, control.tar, and data.tar), rather that the compressed
versions or the whole thing.

Tom Rothamel --------- http://onegeek.org/~tom/ ---------- Using GNU/Linux
	"Students who successfully accomplish this task will be given 
	 extra credit (and a complete psychiatric examination)."
		- Andrew S. Tannenbaum, _Structured Computer Organization_

Reply to: