[Rpm-maint] [rpm-software-management/rpm] rpmsign --signfiles is broken on master (#723)

David Shea notifications at github.com
Thu May 30 17:55:09 UTC 2019


signFile() in sign/rpmsignfiles.c creates an array of zeroes (https://github.com/rpm-software-management/rpm/blob/master/sign/rpmsignfiles.c#L44) and then passes those zeroes unmodified as the input to imv-evm-util's sign_hash() (https://github.com/rpm-software-management/rpm/blob/master/sign/rpmsignfiles.c#L53). The values stored in RPMSIGTAG_FILESIGNATURES are thus all signatures of 32 zeroes (or whatever the hash length is if not sha256).

8f8fe718413a4066ecc6718f92091d9e87a2d443 removed the code that filled digest with the converted contents of fdigest.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/723
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20190530/7bd51762/attachment-0001.html>


More information about the Rpm-maint mailing list