This is my cheat sheet for the RPM file format. While there is an article about the RPM file format, it is far from complete. Still, have a look: http://rpm.org/wiki/DevelDocs/FileFormat
The lead section seems to be pretty much dead. (also see 2.3. Lead format)
||int32_t||The size of the package header and payload section in bytes|
||BLOB||The MD5 digest of the package header and payload as they are stored on the file system.|
||STRING||The SHA1 digest of the package header only. Stored as lowercase hex string.|
||int32_t||The uncompressed size in bytes of the CPIO archive in the payload section.|
After the signature header has been written the file is aligned to 8 bytes. This makes the following package header start of in a file index dividable by 8.
The package header has the same format as the signature header, but does use different tags.
||STRING||The type of the archive format, currently only
||STRING||The way the file archive is compressed: e.g. |
||int32_t||For each file and directory stored in the archive the size in bytes. Directories do count 4096 each.|
The payload data is the actual file data. It is a CPIO archive, compressed either by GZIP, BZIP2 or XZ. Also see tags PAYLOAD_FORMAT and PAYLOAD_CODING.