[Rpm-maint] [rpm-software-management/rpm] rpmsign --signfiles is broken on master (#723)

Panu Matilainen notifications at github.com
Tue Jun 4 08:59:55 UTC 2019

The point of that commit is that those digests are already in the desired binary format inside the file objects, so there's no need to do it again. AFAICS the problem is that it's still passing digest and diglen to sign_hash() when it should pass fdigest instead:

--- a/sign/rpmsignfiles.c
+++ b/sign/rpmsignfiles.c
@@ -50,7 +50,7 @@ const char *key, char *keypass, uint32_t *siglenp)
     signature[0] = '\x03';
     /* calculate file signature */
-    siglen = sign_hash(algo, digest, diglen, key, keypass, signature+1);
+    siglen = sign_hash(algo, fdigest, diglen, key, keypass, signature+1);
     if (siglen < 0) {
        rpmlog(RPMLOG_ERR, _("sign_hash failed\n"));
        return NULL;

If you can try the above "patch", great, but even better would be a full reproducer procedure, starting from scratch (key creation and all) so we can try creating a proper testcase to avoid future regressions. I know I managed to set *something* up at some point in time, but I never was convinced I was doing the right thing and here we are...

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20190604/47180e37/attachment.html>

More information about the Rpm-maint mailing list