rpms/rpm
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Disable SHA256 header-only digest generation temporarily (#1480407)

Browse Source 
There's a bug in rpm 4.13.x rpmkeys -K signature checking that chokes
on unknown tags it's supposed to ignore like older rpm versions do.
Unfortunately that means all active Fedora versions are affected,
so disabling the SHA256 header-only digest generation temporarily to
give time to deal with the other versions.
This commit is contained in:
Panu Matilainen 2017-08-11 09:51:16 +03:00
parent 39cbfb7d94
commit 14f55d6b22
2 changed files with 39 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
rpm-4.14-disable-sha256hdr.patch Normal file
View File

@ -0,0 +1,32 @@
diff --git a/lib/signature.c b/lib/signature.c
index b91baf628..ddfa969c9 100644
--- a/lib/signature.c
+++ b/lib/signature.c
@@ -120,6 +120,7 @@ rpmRC rpmGenerateSignature(char *SHA256, char *SHA1, uint8_t *MD5,
int gpgSize = rpmExpandNumeric("%{__gpg_reserved_space}");
/* Prepare signature */
+#if 0 /* rpm 4.13.x signature checking trips up on this, disable temporarily */
if (SHA256) {
rpmtdReset(&td);
td.tag = RPMSIGTAG_SHA256;
@@ -128,6 +129,7 @@ rpmRC rpmGenerateSignature(char *SHA256, char *SHA1, uint8_t *MD5,
td.data = SHA256;
headerPut(sig, &td, HEADERPUT_DEFAULT);
}
+#endif
if (SHA1) {
rpmtdReset(&td);
diff --git a/tests/rpmsigdig.at b/tests/rpmsigdig.at
index bf6bfd01a..75b9bc110 100644
--- a/tests/rpmsigdig.at
+++ b/tests/rpmsigdig.at
@@ -123,7 +123,6 @@ runroot rpmkeys -Kv /build/RPMS/noarch/attrtest-1.0-1.noarch.rpm
[0],
[/build/RPMS/noarch/attrtest-1.0-1.noarch.rpm:
Header SHA1 digest: OK
- Header SHA256 digest: OK
Payload SHA256 digest: OK
MD5 digest: OK
],

8
rpm.spec
View File

@ -29,7 +29,7 @@
Summary: The RPM package management system Summary: The RPM package management system
Name: rpm Name: rpm
Version: %{rpmver} Version: %{rpmver}
Release: %{?snapver:0.%{snapver}.}1%{?dist} Release: %{?snapver:0.%{snapver}.}2%{?dist}
Group: System Environment/Base Group: System Environment/Base
Url: http://www.rpm.org/ Url: http://www.rpm.org/
Source0: http://ftp.rpm.org/releases/%{srcdir}/%{name}-%{srcver}.tar.bz2 Source0: http://ftp.rpm.org/releases/%{srcdir}/%{name}-%{srcver}.tar.bz2
@ -50,6 +50,9 @@ Patch3: rpm-4.9.90-no-man-dirs.patch
Patch4: rpm-4.8.1-use-gpg2.patch Patch4: rpm-4.8.1-use-gpg2.patch
# Temporary band-aid for rpm2cpio whining on payload size mismatch (#1142949) # Temporary band-aid for rpm2cpio whining on payload size mismatch (#1142949)
Patch5: rpm-4.12.0-rpm2cpio-hack.patch Patch5: rpm-4.12.0-rpm2cpio-hack.patch
# rpm 4.13 rpmkeys -K is buggy and chokes on the new sha256 header digest,
# disable its generation until fixed in other fedora versions (#1480407)
Patch6: rpm-4.14-disable-sha256hdr.patch
# Patches already upstream: # Patches already upstream:
@ -565,6 +568,9 @@ exit 0
%doc doc/librpm/html/* %doc doc/librpm/html/*
%changelog %changelog
* Fri Aug 11 2017 Panu Matilainen <pmatilai@redhat.com> - 4.13.90-0.git14000.2
- Disable SHA256 header-only digest generation temporarily (#1480407)
* Thu Aug 10 2017 Panu Matilainen <pmatilai@redhat.com> - 4.13.90-0.git14000.1 * Thu Aug 10 2017 Panu Matilainen <pmatilai@redhat.com> - 4.13.90-0.git14000.1
- Rebase to rpm 4.13.90 aka 4.14.0-alpha (#1474836) - Rebase to rpm 4.13.90 aka 4.14.0-alpha (#1474836)