[Rpm-maint] [rpm-software-management/rpm] 6.0 breaks rpmpgp_legacy (Issue #4038)
Bernhard Rosenkraenzer
notifications at github.com
Mon Nov 10 02:37:33 UTC 2025
berolinux created an issue (rpm-software-management/rpm#4038)
**Describe the bug**
rpm 6.0 breaks using https://github.com/rpm-software-management/rpmpgp_legacy because rpm 6.0 requires a pgpDigParamsSalt implementation, which has never been added to rpmpgp_legacy
**To Reproduce**
Build rpm 6.0 with rpmpgp_legacy, then try to do anything with the resulting rpm
**Expected behavior**
works
**Output**
Unresolved symbol: pgpDigParamsSalt
**Environment**
- OpenMandriva Cooker
**Additional context**
https://github.com/rpm-software-management/rpm/pull/3975.patch fixes an identical problem for building without pgp (rpmpgp_dummy.cc).
It is clear that the fix is to implement `pgpDigParamsSalt` in rpmpgp_legacy; unfortunately the workings of the rpmpgp API aren't documented very well.
I added an `int pgpDigParamsSalt(pgpDigParams digp, const uint8_t **datap, size_t *lenp)` function to rpmpgp_legacy that just dumps information and returns -1 for now (this at least gets to a point where rpm 6 works if `--nosignature` is given), but I'm not sure where to go from there:
`digp->tag` is 2 (`PGPTAG_SIGNATURE`, as expected), `digp->sigtype` is 0 (`PGPSIGTYPE_BINARY`, as expected), `digp->hash_algo` is 8 (`RPM_HASH_SHA256`, as expected), `digp->hashlen` is 35.
Since a SHA256 hash is 32 bytes, I assumed `digp->hash` would contain either a 3 byte salt followed by the sha256 hash, or the sha256 hash followed by a 3 byte salt -- but that doesn't seem to be the case, if I copy the first or last 3 bytes (tried both variants) from `digp->hash` to `datap` and return `3` in `lenp`, it results in an error thrown for everything being verified:
```
error: rpmdbNextIterator: skipping h# 318357
Header OpenPGP V4 RSA/SHA256 signature, key fingerprint: 88d19fb468ba8f3fda4f5e8c180922d8bf81de15: BAD
Header SHA256 digest: OK
Header SHA1 digest: OK
```
Any hints on what I'm doing wrong here? How is the hash field in pgpDigParams actually encoded?
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/4038
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/issues/4038 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20251109/ec5c0f26/attachment.htm>
More information about the Rpm-maint
mailing list