[Rpm-maint] [rpm-software-management/rpm] More work on the Reference Manual (#1691)

Demi Marie Obenour notifications at github.com
Wed Jun 2 17:41:40 UTC 2021


@DemiMarie commented on this pull request.



>  
-  Header+payload size.
+[Signatures](signatures.md) allow to verify the origin of a package.
+
+Dsaheader         | 267  | bin          | OpenPGP DSA signature of the header (if thus signed)
+Longsigsize       | 270  | int64        | Header+payload size if > 4GB.

Is this the size of the compressed or uncompressed payload?

>  
-  Header+payload size.
+[Signatures](signatures.md) allow to verify the origin of a package.
+
+Dsaheader         | 267  | bin          | OpenPGP DSA signature of the header (if thus signed)
+Longsigsize       | 270  | int64        | Header+payload size if > 4GB.
+Payloaddigest     | 5092 | string array | Cryptographic digest of the compressed payload.
+Payloaddigestalgo | 5093 | int32        | ID of the payload digest algorithm.
+Payloaddigestalt  | 5097 | string array | Cryptographic digest of the uncompressed payload.
+Rsaheader         | 268  | bin          | OpenPGP RSA signature of the header (if thus signed).
+Sha1header        | 269  | string       | SHA1 digest of the header.
+Sha256header      | 273  | string       | SHA256 digest of the header.
+Siggpg            | 262  | bin          | OpenPGP DSA signature of the header+payload (if thus signed).

```suggestion
Siggpg            | 262  | bin          | OpenPGP DSA or EdDSA signature of the header+payload (if thus signed).
```

>  
-  Header+payload size.
+[Signatures](signatures.md) allow to verify the origin of a package.

Not all of these tags are actually signatures.  There should be a separation between cryptographic signatures, and entries that just happen to be in the signature header.

>  
-  Header+payload size.
+[Signatures](signatures.md) allow to verify the origin of a package.
+
+Dsaheader         | 267  | bin          | OpenPGP DSA signature of the header (if thus signed)
+Longsigsize       | 270  | int64        | Header+payload size if > 4GB.
+Payloaddigest     | 5092 | string array | Cryptographic digest of the compressed payload.
+Payloaddigestalgo | 5093 | int32        | ID of the payload digest algorithm.
+Payloaddigestalt  | 5097 | string array | Cryptographic digest of the uncompressed payload.
+Rsaheader         | 268  | bin          | OpenPGP RSA signature of the header (if thus signed).
+Sha1header        | 269  | string       | SHA1 digest of the header.
+Sha256header      | 273  | string       | SHA256 digest of the header.
+Siggpg            | 262  | bin          | OpenPGP DSA signature of the header+payload (if thus signed).
+Sigmd5            | 261  | bin          | MD5 digest of the header+payload.
+Sigpgp            | 259  | bin          | OpenPGP RSA signature of the header+payload (if thus signed).
+Sigsize           | 257  | int32        | Header+payload size.

Compressed or uncompressed size?  Also, there are tags for just the size of the payload.

>  
-  Header+payload size.
+[Signatures](signatures.md) allow to verify the origin of a package.
+
+Dsaheader         | 267  | bin          | OpenPGP DSA signature of the header (if thus signed)

```suggestion
Dsaheader         | 267  | bin          | OpenPGP DSA or EdDSA signature of the header (if thus signed)
```

> +
+Filecontexts       | 1147 | string array
+Fscontexts         | 1148 | string array
+Gif                | 1012 | bin
+Icon               | 1043 | bin
+Oldenhancesname    | 1159 | string array
+Oldenhancesversion | 1160 | string array
+Oldenhancesflags   | 1161 | int32 array
+Oldfilenames       | 1027 | string array
+Oldsuggestsname    | 1156 | string array
+Oldsuggestsversion | 1157 | string array
+Oldsuggestsflags   | 1158 | int32 array
+Patchesflags       | 1134 | int32 array
+Patchesname        | 1133 | string array
+Patchesversion     | 1135 | string array
+Pubkeys            | 266  | string array

This tag is actually used by RPM internally.  It is ignored if found in the signature header of a package, but if it is found in the main header of a package, it adds a key to the RPM database.

> @@ -285,6 +285,10 @@ Sigsize           | 257  | int32        | Header+payload size.
 
 ## Installed packages
 
+Some information on how exactly a package got installed can not be
+known before hand. RPM though adds a few tags to the header during
+installation before adding it to the rpmdb.

Does RPM correctly reject such tags in package files?

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1691#pullrequestreview-674496004
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20210602/2c79f943/attachment.html>


More information about the Rpm-maint mailing list