[Rpm-maint] [RFC PATCH v3 2/4] Sign package files and include signatures in package header

Fionnuala Gunter fin at linux.vnet.ibm.com
Wed Oct 22 18:37:07 UTC 2014


>> diff --git a/lib/rpmsignfiles.c b/lib/rpmsignfiles.c
>> new file mode 100644
>> index 0000000..9c33103
>> --- /dev/null
>> +++ b/lib/rpmsignfiles.c
>> @@ -0,0 +1,130 @@
>> +/**
>> + * Copyright (C) 2014 IBM Corporation
>> + *
>> + * Author: Fionnuala Gunter <fin at linux.vnet.ibm.com>
>> + */
>> +
>> +#include "system.h"
>> +#include "imaevm.h"
>> +
>> +#include <rpm/rpmlog.h>		/* rpmlog */
>> +#include <rpm/rpmstring.h>	/* rnibble */
>> +#include <rpm/rpmpgp.h>		/* rpmDigestLength */
>> +#include "lib/header.h"		/* HEADERGET_MINMEM */
>> +#include "lib/rpmtypes.h"	/* rpmRC */
>> +
>> +#include "lib/rpmsignfiles.h"
>> +
>> +static char *rpmDigestAlgo(uint32_t dalgo)
>> +{
>> +    switch (dalgo) {
>> +        case 0:
>> +        case 1: return "md5";
>> +        case 2: return "sha1";
>> +        case 8: return "sha256";
>> +        case 9: return "sha384";
>> +        case 10: return "sha512";
>> +        default: return NULL;
>> +    }
>> +}
> 
> This does not match kernel digest algo enumeration...
> 
I found the rpm digest algo enumeration in rpmio/rpmpgp.h

typedef enum pgpHashAlgo_e {
    PGPHASHALGO_MD5             =  1,   /*!< MD5 */
    PGPHASHALGO_SHA1            =  2,   /*!< SHA1 */
    PGPHASHALGO_RIPEMD160       =  3,   /*!< RIPEMD160 */
    PGPHASHALGO_MD2             =  5,   /*!< MD2 */
    PGPHASHALGO_TIGER192        =  6,   /*!< TIGER192 */
    PGPHASHALGO_HAVAL_5_160     =  7,   /*!< HAVAL-5-160 */
    PGPHASHALGO_SHA256          =  8,   /*!< SHA256 */
    PGPHASHALGO_SHA384          =  9,   /*!< SHA384 */
    PGPHASHALGO_SHA512          = 10,   /*!< SHA512 */
    PGPHASHALGO_SHA224          = 11,   /*!< SHA224 */
} pgpHashAlgo;

> http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/include/uapi/linux/hash_info.h
> http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/crypto/hash_info.c
> 
> I think you could define hash_algo_name structure as well instead of
> using "switch"...
> 
Yes, I will get rid of the switch.

> Actually hash_info.h is since 3.13 and Ubuntu has 3.13 now but there is
> no /usr/include/linux/hash_info.h
> Anyone has any ideas why is that?
> 
> - Dmitry

Thanks,
Fin



More information about the Rpm-maint mailing list