<p><a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="209094055" data-permission-text="Issue title is private" data-url="https://github.com/rpm-software-management/rpm/issues/163" data-hovercard-type="issue" data-hovercard-url="/rpm-software-management/rpm/issues/163/hovercard" href="https://github.com/rpm-software-management/rpm/issues/163">#163</a> / commit <a class="commit-link" data-hovercard-type="commit" data-hovercard-url="https://github.com/rpm-software-management/rpm/commit/91aa0786cf3b2e34de01c586427952de6d0d9b40/hovercard" href="https://github.com/rpm-software-management/rpm/commit/91aa0786cf3b2e34de01c586427952de6d0d9b40"><tt>91aa078</tt></a> added <code>RPMTAG_PAYLOADDIGEST</code> and <code>RPMTAG_PAYLOADDIGESTALGO</code>, so RPM now verifies the integrity of the payload. But there are tools (e.g. <code>deltarpm</code>) that reconstruct RPM payloads from individual parts. Given an RPM header and the individual file contents, the original (uncompressed) payload can be easily reconstructed by adding the appropriate CPIO headers, but there's no way to verify the integrity of the reconstructed payload other than re-compressing it and letting RPM verify PAYLOADDIGEST, which wastes a bunch of CPU & disk i/o and then sometimes fails randomly because of minor, unpredictable differences in compressor output.</p>
<p>To fix this I propose adding a second digest (<code>RPMTAG_PAYLOADDIGEST_UNCOMPRESSED</code>?) for the <em>uncompressed</em> payload, and then either:</p>
<ol>
<li>Fall back to uncompressing the payload and checking the uncompressed digest if the original verification fails (unsafe, slow)</li>
<li>Add another tag (maybe <code>SIGTAG_PAYLOAD_UNCOMPRESSED</code>?) which directs RPM to assume the payload is already uncompressed; external programs could manually set that flag when reconstructing an RPM, or</li>
<li>Add a new tag (<code>RPMTAG_PAYLOAD_MAGIC</code>?) that gives magic bytes (e.g. the first 4 bytes) for the compressed and uncompressed payload, so RPM can identify uncompressed/reconstructed payloads.</li>
</ol>
<p>Either way, RPM would also need to override/ignore <code>RPMTAG_PAYLOADCOMPRESSOR</code> when the "uncompressed payload" flag is set. But that only happens in 3 places that I can see, so that's doable.</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/rpm-software-management/rpm/issues/861?email_source=notifications&email_token=ADLPZU7HQJ46IRBAQKQ3ZVDQLJR2FA5CNFSM4I2DY54KYY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4HNM7XPA">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/ADLPZU6CPGGOLRNZGZDQITTQLJR2FANCNFSM4I2DY54A">mute the thread</a>.<img src="https://github.com/notifications/beacon/ADLPZUYWXBFAEP4BLQOPIG3QLJR2FA5CNFSM4I2DY54KYY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4HNM7XPA.gif" height="1" width="1" alt="" /></p>
<script type="application/ld+json">[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "https://github.com/rpm-software-management/rpm/issues/861?email_source=notifications\u0026email_token=ADLPZU7HQJ46IRBAQKQ3ZVDQLJR2FA5CNFSM4I2DY54KYY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4HNM7XPA",
"url": "https://github.com/rpm-software-management/rpm/issues/861?email_source=notifications\u0026email_token=ADLPZU7HQJ46IRBAQKQ3ZVDQLJR2FA5CNFSM4I2DY54KYY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4HNM7XPA",
"name": "View Issue"
},
"description": "View this Issue on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
}
]</script>