[Rpm-maint] [rpm-software-management/rpm] Support enforcing signature check in rpm -V too (#811)

Panu Matilainen notifications at github.com
Tue Aug 13 10:31:47 UTC 2019


While rpm -V and -q from rpmdb do verify existing signatures on rpmdb walk, this is largely useless as an attacker with sufficient permissions can modify the signature tags in rpmdb headers to make a package appear unsigned, after which it can be freely modified further without rpm seeing anything wrong. Additionally, a digest/signature check failure causes the entire header to be skipped as unreadable and so it cannot be inspected or even removed (without using --nodigest/--nosignature).

If there's one situation where checking signatures and all for packages coming from rpmdb makes sense, it's rpm -V, and in this case it needs to output the checks and results explicitly and make missing signatures and/or digests a verification error if so configured (and perhaps by default, require digests, similar to pkg file verification).

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/811
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20190813/d96ab286/attachment.html>


More information about the Rpm-maint mailing list