Linux Archive

Linux Archive (
-   Fedora Development (
-   -   About package review and mismatching md5sums (

P J P 06-29-2011 07:29 AM

About package review and mismatching md5sums
** Hi! :)

One of the package review guideline says

MUST: The sources used to build the package must match the
upstream source, as provided in the spec URL. Reviewers should use
md5sum for this task.

Past couple of days, I've been reviewing the python grapefruit package

* at -

and the thing is, the spec file provides an - $ svn export -r 31 ... - command to pull the sources and create a tarball using $ tar -czvf ...

But as it turns out, it seems, if you create a tarball from the *very same* sources on two different machines, they don't match. As in the md5sum for the two tarball differs.

Please try this simple test


$ echo 'Hello, world' > 1
$ tar -cjf 1.tar.bz2 1

$ scp 1.tar.bz2 to a different machine.

$ ssh to that same machine
$ tar -xjf 1.tar.bz2 -C .
$ tar -cjf 2.tar.bz2 1

$ md5sum 1.tar.bz2 2.tar.bz2
d67ea3dac09ed7eee310d9846ecdd879* 1.tar.bz2
d4b716716f3cf48139c4112719538513* 2.tar.bz2


Could someone suggest how to fix this glitch? Or the guideline above??

Thank you.

devel mailing list

All times are GMT. The time now is 12:26 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.