Am Montag, den 02.02.2009, 12:34 -0800 schrieb Zac Medico: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi, > > I'd like to add a new metadata cache value called DIGESTS which will > contain a space separated list of digests which can be > used to validate the metadata cache. Like INHERITED and > DEFINED_PHASES [1], it will be automatically generated. The first > digest in the list will correspond to the ebuild. If there are any > inherited eclasses, the digests of those eclasses will follow in a > space separated list, in the same order that they occur in the > INHERITED variable. The value of the DIGESTS variable will be on > line 18 of the metadata cache (just after DEFINED_PHASES). > > For the digest format, I suggest that we use the leftmost 10 > hexadecimal digits of the SHA-1 digest. The rationale for limiting > it to 10 digits (out of 40) is to save space. Due to the avalanche > effect [2], 10 digits should be sufficient to ensure that problems > resulting from hash collisions are extremely unlikely. I'd recommend to prefix the digest with a "{TYPE}" (like for hashed passwords) to be able to change the digest algorithm as needed (especially in regards to the current SHA successor competition). This allows a future package manager which might use SHA-3 for hashing (once it's released) to still check old digests. Furthermore it would allow for easier transition and only needs a definition of allowed hashes instead of a specific one. > > The primary reason to use a digest for cache validation instead of a > timestamp is that it allows the cache validation mechanism to work > even if the tree is distributed with a protocol that does not > preserve timestamps, such as git or subversion. This would make it Well, usually you don't keep intermediate or generated files in a VCS, so why the metadata? > possible to distribute metadata cache directly from git and > subversion repositories (among others). Since a digest is inherently > more expensive to obtain than a timestamp, package managers may use > the Manifest entries as a digest cache, in order to avoid the need > to compute digests of ebuilds during dependency calculations. > > Does the suggested approach seem reasonable? Would anybody like to > suggest any changes? Cheers, Tiziano -- ------------------------------------------------------- Tiziano Müller Gentoo Linux Developer, Council Member Areas of responsibility: Samba, PostgreSQL, CPP, Python, sysadmin E-Mail : dev-zero@gentoo.org GnuPG FP : F327 283A E769 2E36 18D5 4DE2 1B05 6A63 AE9C 1E30