[Rpm-maint] [rpm-software-management/rpm] Add SHA3 payload digest and -alt variant to v6 packages (PR #3798)

Tue Jun 10 09:52:45 UTC 2025

This is painful.

The existing PAYLOADDIGEST cannot be extended in any way due to hardcoded behavior in existing releases so we have no choice but to rename it to PAYLOADSHA256 to make room for new algorithms on the payload. This is binary compatible both ways but queries intentionally break (more on that below and in the commit message).

Add SHA3 digest of the payload along with the alt version, but to v6 packages only. In order to sanely do that, we need to extend the rpmtag naming policy to allow extra underscores in the name (see 73e1c149c9379e5b30d87d4454c0a07ca90da955 for the prep work).

Notes:
- We could add 100% compatibility aliases for the PAYLOADDIGEST* names, but I'd rather not do that unless it turns out this breaks the world - most of the world isn't expected to be interested in this particular detail. So that part intentionally left out here, with an understanding that we might need to add it "back" later.
- My initial version added a tag extension by the name PAYLOADDIGEST (and ALT) that returns the data from both these tags, but this could cause silent breakage for API users so it seems safer to intentionally break. I think we'll want to add RPMTAG_PAYLOADDIGESTS extension instead (note trailing S) to make it clear this is a new, different thing, and return all the digests from there.
You can view, comment on, or merge this pull request online at:

  https://github.com/rpm-software-management/rpm/pull/3798

-- Commit Summary --

  * Avoid commas in RPMTEST_SETUP_RW() title, it gets broken up
  * Rename PAYLOADDIGEST tags to PAYLOADSHA256 to match reality
  * Drop PAYLOADSHA256ALGO from v6 packages
  * Allow underscores in RPMTAG names
  * Tiny refactor to delete dummy header entries centrally at build
  * Add SHA3 payload digest and -alt variant to v6 packages

-- File Changes --

    M build/pack.cc (65)
    M docs/manual/format_v6.md (15)
    M docs/manual/signatures_digests.md (8)
    M docs/manual/tags.md (8)
    M include/rpm/rpmtag.h (8)
    M include/rpm/rpmts.h (13)
    M lib/gentagtbl.sh (2)
    M lib/rpmchecksig.cc (6)
    M lib/rpmvs.cc (20)
    M python/rpmmodule.c (1)
    M sign/rpmgensig.cc (4)
    M tests/data/misc/rpmdump4-srpm.txt (6)
    M tests/data/misc/rpmdump4.txt (6)
    M tests/data/misc/rpmdump6-srpm.txt (52)
    M tests/data/misc/rpmdump6.txt (62)
    M tests/pinned/common/rpmsigdig.sh (4)
    M tests/pinned/rpmsigdig.txt (6)
    M tests/pinned/rpmsigdig6.txt (10)
    M tests/rpmgeneral.at (8)
    M tests/rpmquery.at (8)
    M tests/rpmsigdig.at (20)
    M tests/rpmvfylevel.at (4)

-- Patch Links --

https://github.com/rpm-software-management/rpm/pull/3798.patch
https://github.com/rpm-software-management/rpm/pull/3798.diff

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3798
You are receiving this because you are subscribed to this thread.

Message ID: <rpm-software-management/rpm/pull/3798 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20250610/a9632ac1/attachment-0001.htm>