[Rpm-maint] [rpm-software-management/rpm] RPM fsverity support (#1203)
Panu Matilainen
notifications at github.com
Tue May 26 13:23:47 UTC 2020
@pmatilai commented on this pull request.
> + }
+
+ rpmlog(RPMLOG_DEBUG, _("key: %s\n"), key);
+ rpmlog(RPMLOG_DEBUG, _("cert: %s\n"), cert);
+
+ compr = headerGetString(h, RPMTAG_PAYLOADCOMPRESSOR);
+ rpmio_flags = rstrscat(NULL, "r.", compr ? compr : "gzip", NULL);
+
+ gzdi = Fdopen(fdDup(Fileno(fd)), rpmio_flags);
+ free(rpmio_flags);
+ if (!gzdi)
+ rpmlog(RPMLOG_DEBUG, _("Fdopen() failed\n"));
+
+ files = rpmfilesNew(NULL, h, RPMTAG_BASENAMES, RPMFI_FLAGS_QUERY);
+ fi = rpmfiNewArchiveReader(gzdi, files,
+ RPMFI_ITER_READ_ARCHIVE_OMIT_HARDLINKS);
Mmh. Reading through the entire archive unpacking things as we go is expensive and very much out of the ordinary for signing.
Could you instead use rpm's file hash algorithm for the purpose, ie if rpm's file digests are sha256 then use that for verity too so you don't need to recalculate?
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1203#pullrequestreview-418292313
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20200526/cd77f27c/attachment.html>
More information about the Rpm-maint
mailing list