Eliminate --pkgid and --hdrid commandline switches #2633
Comments
@Conan-Kudo I believe you may have mentioned in the past that the MD5 headers (pkgid) are used in some build systems? |
|
Yes. I think Koji did at one point, and OBS does last I checked. |
|
Yes various places show it because ... it's there. And course, for the longest time that was the only checksum kind of thing that we had on the payload. |
|
This is basically three different but related parts:
Then there's also RPMTAG_SOURCEPKGID that's still md5 but that is a separate topic (#3329 ) |
|
Split the pkgid/hdrid tag aliases to a separate ticket too, they're not actually used for the database operation: #3330 |
|
And, from there we get to something resembling an AC:
Thoughts? |
Is the removal of these two switches settled then? Also, isn't the new #3330 related to this in a way? I.e. if we end up keeping the aliases, shouldn't we also keep the CLI switches? |
|
Well, OK, that's why you were asking for feedback in the first place (while you also justified the removal) 😄 |
|
I also think that removing obscure functionality makes sense unless we know of some users (and we don't here). It can always be added back in the future if there's enough interest... |
|
The PKGID and HDRID tags are not used for the index generation, or query. The db index uses RPMDBI_SIGMD5 and RPMDBI_SHA1HEADER, which "happen to be" equivalent to RPMTAG_SIGMD5 and RPMTAG_SHA1HEADER. So while they appear related, they're much less so than you'd initially think - I too thought it was more closely bound. |
|
Oh, looking at the code here too, you're right. |
|
So in other words, its two practically unused tags, practically unused cli-switches, backed by two practically unused db indexes 🤦 😆 We could keep --pkgid and --hdrid without the indexes and just do a brute-force search, but there seems little point in preserving this functionalty. Who wants to query the db based on an header hash they likely don't know even exists in the first place? |
|
Yup, makes sense now, thanks 😄 As for the first AC point:
This part still sounds quite vague (to me)... |
Basically that means in existing databases, we need to keep updating the indexes. Minimally, we need to update the index on package removal. If we just drop the code, we could leave orphans in the index, and that cannot be allowed, so it's a hard requirement. If we actually cared about this functionality we'd require maintining the index for new items on existing dbs too, but since we dont, just taking care of orphans seems enough to me. Whether it actually makes sense to implement it that way or preserve both, I don't know, I haven't really looked (trying to play brave 😄 ) |
|
Hmm. On a second thought: we could simply just remove the query switches for now, and leave the db indexes to die of old age, to be buried in rpm 7.0. That preserves them for existing databases which in theory matters because we'll be dealing with v4 databases for years to come. In new ones they'll eventually just grow empty because the data is not there. These indexes are not expensive to maintain in any way, and actually trying to remove them is far more tricky than just letting them be. |
|
So... that would make an AC something like:
That would let us off the hook with minimal effort, this isn't a very interesting item from v6 perspective. |
|
Ack, this looks like the right amount of effort for such a tiny thing, indeed. |
pmatilai
changed the title
These obscure switches are backed up by obsolete crypto that wont be, cannot be, present in v6 packages. It would be possible to keep them alive by making them point to non-obsolete data, but for that there would need to be a use-case and users. These have neither as far as I've learned in the last ~20 years. Fixes: rpm-software-management#2633
Nothing and nobody should be using these for anything at all. We'de rather remove these indexes entirely but doing so while keeping compatibility with existing databases and so on is far more trouble than letting these die of old age is. V6 packages will not have such tags so in time these indexes will be all empty and then we can just axe them without having to work out transitional details. Related: rpm-software-management#2633
Nothing and nobody should be using these for anything at all. We'de rather remove these indexes entirely but doing so while keeping compatibility with existing databases and so on is far more trouble than letting these die of old age is. V6 packages will not have such tags so in time these indexes will be all empty and then we can just axe them without having to work out transitional details. Related: rpm-software-management#2633
Nothing and nobody should be using these for anything at all. We'd rather remove these indexes entirely but doing so while keeping compatibility with existing databases and so on is far more trouble than letting these die of old age is. V6 packages will not have such tags so in time these indexes will be all empty and then we can just axe them without having to work out transitional details. Related: rpm-software-management#2633
Nothing and nobody should be using these for anything at all. We'd rather remove these indexes entirely but doing so while keeping compatibility with existing databases and so on is far more trouble than letting these die of old age is. V6 packages will not have such tags so in time these indexes will be all empty and then we can just axe them without having to work out transitional details. Related: #2633
As pointed out by @dralley in #2374 (comment): we support indexed db queries for "pkgid" and "hdrid", which are actually backed by SIGMD5 and SHA1HEADER tags. These aren't really security sensitive because they're just an identifier in this context, but both will be gone in the v6 format, so we need to eliminate these indexes based on obsolete crypto, and if pkgid/hdrid concepts are to be preserved (I don't know anybody using them so dunno), figure out something that doesn't have an expiration date like the crypto functionality nowadays.
AC:
The text was updated successfully, but these errors were encountered: