So many formats, So few packages

Jeff Johnson n3npq at mac.com
Mon Apr 11 06:49:41 PDT 2011


On Apr 11, 2011, at 9:18 AM, Jeff Johnson wrote:

> 
> On Apr 11, 2011, at 4:43 AM, Rainer Müller wrote:
> 
>> On 2011-04-07 22:03 , Jeff Johnson wrote:
>>> Does MacPorts have a well-defined and documented means of attaching the "new uid's" to
>>> ports?
>> 
>> Can you explain that a bit more? I know what a UUID is, but how are they
>> being used in Mac OS X binaries or where can I read up on that?
>> 
> 
> Dunno how UUID's are used by/in Mac OS X binaries. But UUID's are a quite general
> mechanism for attaching identifiers to content without getting hung up in all
> the details thare are globally portable (assuming the scheme by which the UUID is
> attached, basically why I was asking, I'd rather use what MacPorts uses than
> attempt my own "http://rpm5.org" set of UUID's. But either approach "works" for me)
> 
> You seem to be asking where you can read about how Mac OS X uses UUID's, and
> you'll have to ask Jordan about that. I can describe how UUID's are being generated
> in RPM metadata if you wish. How the UUID is generated by RPM isn't as important that
> UUID's can be generated by others in the same fashion, or by using the same tool.
> 

The process of generating a UUIDv5 from a header-only SHA1 string carried in
most *.rpm packages is so utterly trivial that perhaps an example using the ossp-uuid
CLI tools explains what I think MacPorts should do:

	The bash *.rpm package contains this SHA1:
		$ rpm -q --qf '%{hdrid}\n' bash
		c4d627e6243836649bfe3564c8463a59889665fa

	The string is prefixed with a conventionally chosen hierarchy
	(I am a djb fanbois so I've chosen a modest extension to djb's /package hierarchy)
		/packages/Hdrid/c4d627e6243836649bfe3564c8463a59889665fa

	An administrative domain is needed, I've chosen
		http://rpm5.org

	And I've chosen UUIDv5 so that I don't have to listen to morons
	telling me that MD5 is insecure. Yes MD5 is insecure and it hardly
	matters for "identification" schemes.

Finally * drum roll please*
	$ echo "/packages/Hdrid/c4d627e6243836649bfe3564c8463a59889665fa" | uuid -v5 ns:URL http://rpm5.org
	e4d837ad-5311-583d-9f2b-c8f90db643da
	$ uuid -d e4d837ad-5311-583d-9f2b-c8f90db643da
	encode: STR: e4d837ad-5311-583d-9f2b-c8f90db643da
	        SIV: 304186648425112881858510770006174090202
	decode: variant: DCE 1.1, ISO/IEC 11578:1996
	        version: 5 (name based, SHA-1)
	        content: E4:D8:37:AD:53:11:08:3D:1F:2B:C8:F9:0D:B6:43:DA
			(not decipherable: truncated SHA-1 message digest only) 

Voila!

So the basic choice I'm asking of MacPorts is this:
	1) What administrative domain (like "http://rpm5.org")
	2) What prefix would you use (like "/packages/Hdrid/c4d627e6243836649bfe3564c8463a59889665fa")
	3) UUIDv3 (MD5 based) or UUIDv5 (SHA1 based) ?

None of the above is rocket science, extends to pre-existing file digests in Portfiles
as well as digests in Mac OS X executables, and one ends up with a Great Big Pile
of identifiers whenever you need them for databases etc, and you can truncate
the 128bit UUID however you choose if 128 bits seems like overkill (it *is* overkill).

73 de Jeff




> Even if you wish NOT to publicize how the "identifiers" are generated, the
> form of UUID's remains the same which helps focus on general rather than
> custom implementations for tracking. One ends up with a cup of bit soup containing
> 128 bits.
> 
> hth
> 
> 73 de Jeff
> 
> _______________________________________________
> macports-dev mailing list
> macports-dev at lists.macosforge.org
> http://lists.macosforge.org/mailman/listinfo.cgi/macports-dev

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4645 bytes
Desc: not available
URL: <http://lists.macosforge.org/pipermail/macports-dev/attachments/20110411/019031e6/attachment-0001.bin>


More information about the macports-dev mailing list