Date: Sun, 11 Sep 2011 22:02:21 -0400 From: "b. f." <bf1783@googlemail.com> To: freebsd-ports@FreeBSD.org Subject: Re: [RFC] New ports idea: github / gitorious / bitbucket direct support. Message-ID: <CAGFTUwPZ_GCo4sU0Or28tfRmhtE1bE8zvgVUBdJyRJv%2BiPfMyg@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
> > ... gzip, for example, has "timestamp" field in header. > > Try this locally, without any [D]VCS: > > > > % mkdir test && echo "one" > test/one.txt && echo "two" > test/two.txt > > % tar czf test1.tar.gz test && sleep 5 && tar czf test2.tar.gz test > > % md5 test1.tar.gz test2.tar.gz > > MD5 (test1.tar.gz) = 7b7c763a9d1d4edca7b5b415ab297fec > > MD5 (test2.tar.gz) = 703ac5387b2bd1146434516f1d761ed9 > > % gzip -d test1.tar.gz test2.tar.gz > > % md5 test1.tar test2.tar > > MD5 (test1.tar) = 0ba33aa8ff6bffeeeb2d96efc38eec85 > > MD5 (test2.tar) = 0ba33aa8ff6bffeeeb2d96efc38eec85 > > That is arguably a bug in "tar czf" :) but it is easy enough to > work around; we just need a checksum method -- e.g. SHA256_UNGZ -- > that pipes the distfile through gunzip when computing its checksum. > The problem goes beyond that: different standard tar formats can include mutable data like major and minor device numbers, and the atimes, uids, and gids of files. See, for example, tar(5). We would have to continually monitor whether each site generates tarballs with invariant checksums from the "same" files, or check the integrity of archive members after extraction. b.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAGFTUwPZ_GCo4sU0Or28tfRmhtE1bE8zvgVUBdJyRJv%2BiPfMyg>