The idea is the following: 1. create a package simply, as we do it right now. 2. we got a hash of the package, and we can also calculate the content address, based on the output. 3. we add the original hash (for example as canonical-hash), and the content address to the definition. 4. when we build a package, that has these data we do the following: a. build the package normally, ignoring the additional metadata b. calculate the relocated output into the canonical-hash c. calculate the content address of this reloacted output, and check if it matches to the data. Wdyt?