[Rpm-maint] [rpm-software-management/rpm] Add pgpVerifySignature2 (PR #2453)
Panu Matilainen
notifications at github.com
Fri Mar 31 07:38:37 UTC 2023
Some minor wrinkles to sort out on both sides, but this indeed makes a world of difference for understanding what's going on:
> [pmatilai🎩︎localhost brpm]$ ./rpmkeys -Kv ~/Downloads/anydesk-6.2.1-1.el8.x86_64.rpm
/home/pmatilai/Downloads/anydesk-6.2.1-1.el8.x86_64.rpm:
error: Error verifying signature: Verifying a signature using certificate D56311E5FF3B6F39D5A16ABE18DF3741CDFFDE29:
Signature is OK, but key is not trusted: verification relies on legacy crypto
error: Error verifying signature: Verifying a signature using certificate D56311E5FF3B6F39D5A16ABE18DF3741CDFFDE29:
Signature is OK, but key is not trusted: verification relies on legacy crypto
Header V3 RSA/SHA1 Signature, key ID cdffde29: BAD
Header SHA1 digest: OK
V3 RSA/SHA1 Signature, key ID cdffde29: BAD
MD5 digest: OK
> [pmatilai🎩︎localhost brpm]$ ./rpmkeys -Kv ~/Downloads/anydesk-6.1.1-1.el8.x86_64.rpm
/home/pmatilai/Downloads/anydesk-6.1.1-1.el8.x86_64.rpm:
error: Error verifying signature: Verifying a signature using certificate D56311E5FF3B6F39D5A16ABE18DF3741CDFFDE29:
No binding signature at time 2021-04-13T11:08:37Z
error: Error verifying signature: Verifying a signature using certificate D56311E5FF3B6F39D5A16ABE18DF3741CDFFDE29:
No binding signature at time 2021-04-13T11:08:37Z
Header V3 RSA/SHA1 Signature, key ID cdffde29: BAD
Header SHA1 digest: OK
V3 RSA/SHA1 Signature, key ID cdffde29: BAD
MD5 digest: OK
This seems more than adequate for 4.18.x but I'm now wondering if we shouldn't go ahead and wire this up all the way through in 4.19, there's a long-standing need for a saner package verification public API anyway... (#2041) Mind you, I'm not expecting you to do that work, just thinking out loud.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/2453#issuecomment-1491451359
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/pull/2453/c1491451359 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20230331/2a2e046c/attachment.html>
More information about the Rpm-maint
mailing list