How SHA1 in signature header is calculated?

Max Lapshin max.lapshin at
Fri Jan 10 14:05:32 UTC 2014

After 6 hours of gdb I've figured at least how to make a rpm without librpm.

I've found several undocumented things:

1) file list MUST be sorted before packing it to header
2) header MUST NOT be aggressively aligned with gaps and it MUST be aligned
STRICTLY as it is declared
3) directory names MUST be packed with leading /
4) SHA1 header MUST exists or Centos will refuse to install it
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Rpm-list mailing list