<p>There should be a way to verify the payload before trying to uncompress, and more importantly, unpack it:</p>
<ul>
<li>We have digests on the contents of individual files, but detecting corruption in middle of installation, after all sorts of scripts might have already run, is no good at all</li>
<li>Compresssion libraries have vulnerabilities of their own</li>
<li>The RPMv3 digest covering the payload is the obsolete MD5, and furthermore it covers the header and the payload, but we want a digest on the payload only. This way it can be included in the main header which in turn can be signed, so the digest is protected.</li>
</ul>
<p>The main obstacle is that the payload comes after the header during build, so it's necessary to calculate a placeholder header and rewrite with the actual digest value after writing down the payload, much like is done with signature header currently. The digest algorithm should be configurable, but default to something relatively strong, SHA256 perhaps.</p>
<p>It has also been suggested that this should be implemented as multiple intermediate digest "snapshots" to avoid having to check everything at once and to allow early exit on corrupted content. It would no doubt be beneficial, the challenge is finding a rasonable tradeoff between header size and the snapshot frequency, considering the payload can be anything from a few kilobytes to tens of gigabytes.</p>
<p>Verification of the data is another story with its own set of problems, but lets not go there yet.</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/rpm-software-management/rpm/issues/163">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/ANb8022fknSWHEFYf1EHfvLLYwm_d0SBks5rerTzgaJpZM4MHGSn">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/ANb80-61c74GkfI6UnlRsc459NmQ423qks5rerTzgaJpZM4MHGSn.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/rpm-software-management/rpm/issues/163"></link>
  <meta itemprop="name" content="View Issue"></meta>
</div>
<meta itemprop="description" content="View this Issue on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/rpm-software-management/rpm","title":"rpm-software-management/rpm","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/rpm-software-management/rpm"}},"updates":{"snippets":[{"icon":"DESCRIPTION","message":"RFE: add a digest on the compressed payload content (#163)"}],"action":{"name":"View Issue","url":"https://github.com/rpm-software-management/rpm/issues/163"}}}</script>