In Alpine Linux, when I run the command
apk update it looks at my /etc/apk/repositories file and downloads the APKINDEX.tar.gz file from each repository. It then renames each APKINDEX tar file using a checksum to be in the format APKINDEX.12345678.tar.gz where 12345678 represent some checksum.
I've been trying to understand how this checksum works because I'd like to update the package listing for an offline Alpine installation. To better understand it, I am reading the source code for the apk tool . From the source, I understand that the checksum is 4 bytes of a SHA1 hash, but I can't figure out what the SHA1 hash is taken on.
Where are the 4 bytes of the APKINDEX checksum coming from? Specifically, what is the algorithm for recalculating it? I apologize if this has already been answered but I've spent multiple days searching the internet and not come up with anything.
Asked by dingo_kinznerhook
(111 rep)
Aug 3, 2023, 04:31 PM
Last activity: Aug 4, 2023, 07:36 PM
Last activity: Aug 4, 2023, 07:36 PM