Friday, November 19, 2021

[SOLVED] How is the open-check-sum generated in repomd files?

Issue

Take this data tag for example from an RPM repomd.xml:

<data type="primary">
  <checksum type="sha256">6bed9150d4fe928496f4ee82021dd77a841f5571844aedfc5cfcc1e60d6e39de</checksum>
  <open-checksum type="sha256">5391d099dda8cdc7344518b0f891ece59e9d1a41c16d38039a9f992bdb5fa42b</open-checksum>
  <location href="repodata/primary.xml.gz"/>
  <timestamp>1584063551</timestamp>
</data>

It's easy enough to check the actual checksum of the file. However I'm not sure what open-checksum refers to, nor how do I generate it from the file.


Solution

The open-checksum is the checksum of the decompressed version of the file. Think about operation like this:

gzip -dc repodata/primary.xml.gz|sha256sum


Answered By - Romeo Ninov
at