Hi Marcus, Marcus Hüwe <suse-tux@gmx.de> writes:
On 2021-01-25 22:24:48 +0100, Dan Čermák wrote:
Adrian Schröter <adrian@suse.de> writes:
On Montag, 25. Januar 2021, 16:21:43 CET Dan Čermák wrote:
Andreas Schwab <schwab@linux-m68k.org> writes:
On Jan 25 2021, Dan Čermák wrote:
I am wondering, how is the md5sum of a package[1] calculated? I have tried the md5sum of all the files[2], but that did not appear to match
For non-linked packages: md5sum * | md5sum Ie., the MD5 sum of the md5sum output.
Is that done exactly via this shell command in bash?
For linked packages, it is quite a bit more complicated.
Could you elaborate what is done differently here? I would have expected to run above command over the expanded sources.
you would get the verifymd5 sum then. But not the xsrcmd5, which includes also the linkinformation of the _link files.
Uh, what's verifymd5? My google-skills have failed me here.
See above, the md5 sum of the md5sum outputs (where the filenames are sorted lexicographically). That is, in bash
md5sum - <<EOF $(md5sum file1) ... $(md5sum fileN) EOF
where file1 < ... < fileN (wrt. the lexicographical order)
For instance, if you have a package (or more precisely a fileset of a package) that consists of two files
md5sum filename 401b30e3b8b5d629635a5c613cdb7919 x 009520053b00386d1173f3988c55d192 y
its verifymd5 is cd5c0c5e01f0843238b2dab8205cb27b.
Thank you for this in-depth explanation!
Note that the verifymd5 always belongs to a "fileset" of a package. For instance, the unexpanded fileset and the expanded fileset of a linked/branched package usually have different verifymd5s (unless there is a md5 collision...). (I tried to come up with a concrete example, which illustrates the different verifymd5s, via the "GET /source/<prj>/<a branched pkg>?view=info" vs. the "GET /source/<prj>/<a branched pkg>?view=info&noexpand=1" routes, but the API ignores the "noexpand" parameter:/ )
So it depends which md5sum you actually want.
I want to calculate some unique hash of a (potentially modified and checked-out) package. I could use some custom scheme, but I thought it would be more productive to use the same method that OBS itself employs. Using the packages md5sum appeared like the simplest choice to me.
In order to detect "local changes" it is probably the best to simply compare the actual md5 with the expected md5 of the individual files. In essence, that's also what osc does. Or if you need this per package fileset, you could compare the verifymd5s (actual/computed vs. expected).
I'm probably going to use the verifymd5 for this, as it appears to be the simplest to use in this case. Thanks again everyone for your answers! Dan -- Dan Čermák <dcermak@suse.com> Software Engineer Development tools SUSE Software Solutions Germany GmbH Maxfeldstr. 5 90409 Nuremberg Germany (HRB 36809, AG Nürnberg) Managing Director: Felix Imendörffer