[Rpm-maint] [rpm-software-management/rpm] Ensure unique tags for in signature header (#1570)

Demi Marie Obenour notifications at github.com
Mon Mar 8 18:26:22 UTC 2021


> Putting them in the main header would only work if the signing happened during the package build. Otherwise, putting anything in the main header breaks the immutable region hashes, which is a no-no: signing must not modify what is being signed. (IMA signatures were initially this way)

What if we put them in dribble entries of the main header?  We currently reject those outright, but for RPMv6 we don’t need to.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/1570#issuecomment-792972519
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20210308/4e9486dd/attachment.html>


More information about the Rpm-maint mailing list