[Rpm-maint] [rpm-software-management/rpm] Add support for multiple, named OpenPGP signatures per package (#1050)

Panu Matilainen notifications at github.com
Wed Feb 5 12:48:56 UTC 2020

Add support for multiple, named signatures per package.
Named signatures are stored as a <name:base64> encoded string array in
RPMTAG_OPENPGPHEADER, name is an arbitrary \0-terminated string
and is part of the signed data (appended after actual package data).

These are always header-only signatures, and can co-exist with
"traditional" signatures: if no name is specified when signing then
the new signature replaces any old traditional signature the package
may have. If name is specified then the signature is merely appended


    rpmsign --addsign --name=<name> <package>

Not implemented yet:
- name sanity checks (limit to alphanumeric and punctuation?)
- named signatures are not checked for duplicates when signing
- there's no way to delete just one named signature
- ...

Misc notes:
We could trivially support signatures without names too in the same
tag, but the question then becomes what to do with "traditional"
signatures when name isn't specified - only putting named signatures
into the new tag makes that simple(r). People will still need those
legacy signatures for some time due to older versions not supporting
the new.
You can view, comment on, or merge this pull request online at:


-- Commit Summary --

  * Add support for multiple, named OpenPGP signatures per package

-- File Changes --

    M lib/package.c (1)
    M lib/rpmtag.h (2)
    M lib/rpmvs.c (53)
    M lib/rpmvs.h (1)
    M rpmsign.c (6)
    M sign/rpmgensig.c (79)
    M sign/rpmsign.h (1)
    M tests/rpmgeneral.at (1)
    M tests/rpmsigdig.at (38)
    M tests/rpmvfylevel.at (1)

-- Patch Links --


You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20200205/cde891fe/attachment.html>

More information about the Rpm-maint mailing list