[Rpm-maint] [rpm-software-management/rpm] Fail to check signature (#270)
notifications at github.com
Wed Nov 29 07:19:42 UTC 2017
Ehm, maybe we have a terminology problem here. When I talk about signature header immutable region, I mean HEADER_SIGNATURES region. That's not used for digests or signatures and when adding/removing signatures the signature header changes more fundamentally than just padding adjustments. So yes if you look at it in terms of what might change, only the build-time added digests and sizes etc should go into the region and actual signatures etc that might be added over time should go outside it, but rpm has "forever" reloaded the signature into a region after each signature add/remove and all. Padding only changes when signatures are added or removed, so technically it can just as well be in the region (or not). So yes the region doesn't mean a whole lot in the signature header...
As for the bug allegation, the details are right there in my previous posts: the code (copy-pasted from rpm5 as you must've noticed) calls headerReload() after adding the padding, which I read as "make it a single (immutable) region". And despite that, the padding ends up being outside the region. I'm not arguing whether it should be in the region or not, just observing that the result doesn't match what was indicated by the code, which to me seems like a possible bug someplace, which I'm pointing out as in "you might want to look at that", no ill-will / FUD / whatever intended. If I'm mistaken then by golly apologies for speculating the possibility of lurking bugs in a piece of software.
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Rpm-maint