[Rpm-maint] [PATCH 4/4] Sign package files during installation

Fionnuala Gunter fin at linux.vnet.ibm.com
Mon Oct 20 15:52:49 UTC 2014


>> -	/* get file signatures from header */
>> -	if (sb.st_mode & (S_IXUSR|S_IXGRP|S_IXOTH)) {
>> +	/* sign executable files */
>> +	if (sb.st_mode & (S_IXUSR|S_IXGRP|S_IXOTH) && signFiles) {
>> +	    digest = rpmtdNextString(&digests);
>> +	    sig = signFile(algo, digest, diglen, key);
> 
> Hi,
> 
> 'sig' here is exactly signature for the file digest.
> 
> Please see my following question...
> 
> 
>> +	    if (!sig) {
>> +		rpmlog(RPMLOG_ERR, _("signFile failed\n"));
>> +		goto exit;
>> +	    }
>> +	}
>> +	/* or get file signatures from header */
>> +	else if (sb.st_mode & (S_IXUSR|S_IXGRP|S_IXOTH)) {
>>  	    sig = rpmtdNextString(&sigs);
> 
> How "sig" is selected from among several sigs?
> How does it correspond to a file? Order is known?

Hi,

The file signature list corresponds to the order of the file list, so
sig is the file signature for the file fpath.

Yes, the file list has an order. In build/files.c:genCpioListAndHeader
the file list sorted using qsort, and then a file digest list is
generated. The file signature list is generated from the file digest
list in lib/rpmsignfiles.c:signFiles.

Thanks,
Fin

> 
> 
> Thanks,
> Dmitry



More information about the Rpm-maint mailing list