[Rpm-maint] [rpm-software-management/rpm] Fix verify element sorting (PR #4043)
Panu Matilainen
notifications at github.com
Thu Nov 20 07:58:57 UTC 2025
pmatilai left a comment (rpm-software-management/rpm#4043)
This is why review is so important.
I saw the v6 signatures being placed last, and managed to brush it under the mental carpet. But it's wrong, both by common sense and according to our own "newer is better" rule for the sorting, there's no way around it.
You also point out another glaringly obvious thing: sigalgo is for these. But *why*? We parse the signature during init so there's no reason for it to be 0, we just don't fill the value:
https://github.com/rpm-software-management/rpm/blob/2e36269a90fe2d5531faa5f2e00e338cc37a0995/lib/rpmvs.cc#L252
But I now have this gigantic patch to split the sigdig tests to separate RPMTEST_CHECK() cases that would conflict massively if we change the order now. So treat the v6 sort order as a separate issue (it technically is), and merge this more or less as-is. I'll just file a ticket for the v6 sort order and make a note of these issues in the (squashed) commit for this.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/4043#issuecomment-3556437263
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/pull/4043/c3556437263 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20251119/48ae507d/attachment.htm>
More information about the Rpm-maint
mailing list