Question: what is unsigned_hash in immudb?

[KAWAHARA-souta]

related issue: #30

Two immudb-hash record are stored in immudb for one source rpm.

The Hash value of nmstate-2.2.23-1.el9_3.src.rpm is:

$ sha256sum nmstate-2.2.23-1.el9_3.src.rpm
1beff4d72ade264196bc7467a505ca7a9a766163deb5d54409e7dcc622c3ad05  nmstate-2.2.23-1.el9_3.src.rpm

I checked the immudb record for this value and found the value unsigned_hash:

{
  'Name': 'nmstate-2.2.23-1.el9_3.src.rpm', 
  'Hash': '1beff4d72ade264196bc7467a505ca7a9a766163deb5d54409e7dcc622c3ad05'
  'Metadata': {
    'sbom_api_ver': '0.2', 
    'unsigned_hash': 'cc9d4c40630118ea7fbf478437c81f404a9dc3af15307b541e48160de53f0a3c', 
  }
}

I also checked immudb record using this unsigned_hash, then I got almost same recored for nmstate-2.2.23-1.el9_3.src.rpm. (but 'Hash' and 'timestamp' are diferent):

{
  'Name': 'nmstate-2.2.23-1.el9_3.src.rpm', 
  'Hash': 'cc9d4c40630118ea7fbf478437c81f404a9dc3af15307b541e48160de53f0a3c', 
  'Metadata': {
  (...)
  }
}

Checking https://build.almalinux.org/build/8307, the hash value of i686 source rpm is '1beff4d72ade264196bc7467a505ca7a9a766163deb5d54409e7dcc622c3ad05'(real hash value), and the hash value of other arch source rpms are 'cc9d4c40630118ea7fbf478437c81f404a9dc3af15307b541e48160de53f0a3c'(unsigned_hash).

What is unsigned_hash in immudb? and What is the difference between these records?