[Rpm-maint] [rpm-software-management/rpm] Fail to check signature (#270)
Panu Matilainen
notifications at github.com
Wed Aug 16 08:11:12 UTC 2017
Oh, sorry for missed that. But now the question is, what rpm version is used to *sign* that package?
It doesn't seem like any rpm.org upstream version because deleting the signature (with rpm <= 4.13.0) corrupts the package beyond recognition of those older versions too:
```
[pmatilai at sopuli rpm-4.13.x]$ cp ~/Downloads/intel-aero-repo-1.4-r0.corei7_64.rpm /tmp/
[pmatilai at sopuli rpm-4.13.x]$ ./rpmkeys -Kv /tmp/intel-aero-repo-1.4-r0.corei7_64.rpm
/tmp/intel-aero-repo-1.4-r0.corei7_64.rpm:
Header V3 RSA/SHA1 Signature, key ID bb0396db: NOKEY
Header SHA1 digest: OK (3066ac48fef77e939547216732d92bb047eb85b6)
V3 RSA/SHA1 Signature, key ID bb0396db: NOKEY
MD5 digest: OK (cf96418cf798c2ef1351fb012e7a6b7e)
[pmatilai at sopuli rpm-4.13.x]$ ./rpmsign --delsign /tmp/intel-aero-repo-1.4-r0.corei7_64.rpm
/tmp/intel-aero-repo-1.4-r0.corei7_64.rpm:
[pmatilai at sopuli rpm-4.13.x]$ ./rpmkeys -Kv /tmp/intel-aero-repo-1.4-r0.corei7_64.rpm
error: /tmp/intel-aero-repo-1.4-r0.corei7_64.rpm: sigh data: BAD, no. of bytes(8900) out of range
```
If this is signed with an rpm.org release, a reproducer please.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/270#issuecomment-322698252
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20170816/4712f5c0/attachment.html>
More information about the Rpm-maint
mailing list