Fingerprinting? - Redhat

This is a discussion on Fingerprinting? - Redhat ; It seems that Red Hat fingerprints all binary files, a fact which I found rather surprising. I've tried this on various machines which were set up in an identical manner, and which have the same packages. However, if I md5sum ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Fingerprinting?

  1. Fingerprinting?


    It seems that Red Hat fingerprints all binary files, a fact
    which I found rather surprising. I've tried this on various
    machines which were set up in an identical manner, and which
    have the same packages. However, if I md5sum a given binary
    file (say, "/usr/bin/bc"), the result will be different even
    if the size and timestamp of the files are identical. Even
    though the files differ, "rpm --verify" will confirm the
    integrity of the files, including their md5sum. I expected
    that the same package would install exactly the same binaries
    on different computers but that doesn't seem to be the case
    (aside from their fingerprint the binaries seem to be identical,
    and work as expected). Is this behaviour documented somewhere?
    Why is it done? Other non-Red Hat RPMs I've installed don't
    seem to do this i.e. installing the rpm on different machines
    puts identical binaries with identical md5sums on the various
    systems.

    Cheers

    --
    marco@reimeika.ca
    Gunnm: Broken Angel http://v4u.reimeika.ca
    http://reimeika.ca/ http://photo.reimeika.ca

  2. Re: Fingerprinting?

    On Thu, 01 Mar 2007 01:24:25 -0500, marco wrote:

    > However, if I md5sum a given binary
    > file (say, "/usr/bin/bc"), the result will be different even
    > if the size and timestamp of the files are identical. Even
    > though the files differ, "rpm --verify" will confirm the
    > integrity of the files, including their md5sum.


    I suspect you are seeing the results of the prelinking of files;
    this is to help executable files using shared libraries to load
    faster. See if you have the PRELINK package installed:

    $ rpm -qi prelink

    If you do, that's probably what's going on.

    HTH

  3. Re: Fingerprinting?

    Tommy Reynolds writes:

    > I suspect you are seeing the results of the prelinking of files;
    > this is to help executable files using shared libraries to load
    > faster. See if you have the PRELINK package installed:


    Sounds reasonable... thanks!

    --
    marco@reimeika.ca
    Gunnm: Broken Angel http://v4u.reimeika.ca
    http://reimeika.ca/ http://photo.reimeika.ca

+ Reply to Thread