[Rpm-maint] [rpm-software-management/rpm] [Question] How to understand the immutable header regions introduced from RPM 4.0 (Discussion #2719)

Panu Matilainen notifications at github.com
Fri Oct 13 07:13:43 UTC 2023


Yeah I was just looking at the document a few days ago and thinking this is so confusing we'd probably be better off without it :sweat_smile: 

The details are more complicated than this, but in broad stokes, the header immutable region (there's only one) is mostly about header-only hashes and signatures. It's a marker in the header that says anything before it is original and anything after it is not. And knowing that, it's possible to calculate the hash of the original header content even after more stuff (such as install time) was added. There's obviously no way to prevent somebody from changing the header content of eg an on-disk file, but doing so will break the hashes and signatures.

As per the document, the main driver was to allow verifying signatures (and hashes) of installed packages.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/discussions/2719#discussioncomment-7270819
You are receiving this because you are subscribed to this thread.

Message ID: <rpm-software-management/rpm/repo-discussions/2719/comments/7270819 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20231013/fcdc0cee/attachment.html>


More information about the Rpm-maint mailing list