[Rpm-maint] [rpm-software-management/rpm] Phasing out header+payload digests and signatures (#863)
notifications at github.com
Wed Sep 25 11:05:49 UTC 2019
This came up in #861, but deserves a topic of its own, and also needs to be laid out where people can see it:
The so-called "v3" header+payload digests and signatures in rpm have been on their slower-than-sloth way out ever since header-only digests/signatures were added in rpm v4 around the turn of the millenium, but without them there hasn't been any means to verify the payload without unpacking it, and so they've lingered on.
rpm 4.14 added a separate digest on the compressed payload. Unlike the v3 elements, the payload digest is stored in the immutable main header instead of signature header, so it's guarded by header-only digests/signatures making modification non-trivial and with signed packages, impossible. So there's now the means to perform strong verification of both the header and the payload independently of each other.
This means we can finally start phasing out the v3 digests and signatures for real. For one, it means that signing could technically be done without looking at the payload at all, making it much faster. It would also help the deltarpm case as discussed in #861. I'd like to say "simpler code" too, but rpm probably needs to carry support for the v3 stuff for another decade more for compatibility reasons, so that's not right around the corner. We have to start someplace though, and I think that something should be changing rpmsign only create header-only signatures by default, and add a cli-switch to enable them for those who need it.
I'm sure I'm forgetting half a dozen things from my braindump, but it's a start at least.
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Rpm-maint