Originally reported as a bug on SOURCEPKGID 
https://bugzilla.redhat.com/show_bug.cgi?id=1741715, but SOURCEPKGID (liberal 
quoting):

Rpm only stores the sourcepkgid if the source rpm was built in the same run as 
the binary (that is, built with -ba), this is by design AFAICT. It would seem 
useful to be able to determine whether the same exact sources were used to 
build a given package, regardless of src.rpm getting generated or not. 

One possibility could be calculating a hash of the spec itself + all the 
sources and patches included and attach this to all source and binary packages 
produced to provide a source trail.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/957
_______________________________________________
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Reply via email to