github port group

Ryan Schmidt ryandesign at macports.org
Sun Apr 22 14:27:39 PDT 2012


On Apr 22, 2012, at 16:21, Joshua Root wrote:

> On 2012-4-23 06:51 , Ryan Schmidt wrote:
>> No, I'm trying to protect against the gzip compression of the tar archive varying from generation to generation. gzip compression uses entropy -- random numbers. If you have two identical tar archives, and gzip compress them with the same settings, the resulting gzip files will not be byte for byte identical, and thus they'll have different checksums:
>> 
>> $ sha1sum *.tar
>> 92bfe8b02b49b977a18c9f8e8d301a0ef159fe51  1.tar
>> 92bfe8b02b49b977a18c9f8e8d301a0ef159fe51  2.tar
>> $ gzip 1.tar
>> $ gzip 2.tar
>> $ sha1sum *.tar.gz
>> 39c6beda6851d98295f770a11b8ea122647ae4c8  1.tar.gz
>> 7a95ea746e698d367ec155e4387972051e1a2e38  2.tar.gz
>> $ 
> 
> Nonsense. The gzip files in the above example differ because they
> contain files with different names.

Oh. Well, here's a test with the same file names:

$ sha1sum */file.tar
92bfe8b02b49b977a18c9f8e8d301a0ef159fe51  1/file.tar
92bfe8b02b49b977a18c9f8e8d301a0ef159fe51  2/file.tar
$ gzip 1/file.tar 
$ gzip 2/file.tar 
$ sha1sum */file.tar.gz
238d08d9c64af0622abdd6a074b5c3c0b784a238  1/file.tar.gz
e398dbc43e65f5bb165876bcb1819b302fe251fd  2/file.tar.gz
$ 


> I haven't looked into it in detail, but I would guess the actual reason
> the tarballs end up having different checksums when regenerated is
> because of the timestamps.




More information about the macports-dev mailing list