Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[OCP3] Support header-only signed RPMs #1650

Merged
merged 1 commit into from
Aug 27, 2021
Merged

[OCP3] Support header-only signed RPMs #1650

merged 1 commit into from
Aug 27, 2021

Conversation

MartinBasti
Copy link
Contributor

@MartinBasti MartinBasti commented Aug 27, 2021
edited
Loading

CLOUDBLD-7002

There are 4 RPM tags that can contain signatures 1. Two of them are
calculated from the header+payload - SIGPGP and SIGGPG. The other two
are calculated only from the header - DSAHEADER and RSAHEADER.

Header signatures were added in rpm v4 and the header+payload ones have
slowly been getting phased out since then 2. The default rpm behavior
is now to include only the header signature 3.

What this means for OSBS is simply that we need to start looking at the
header signatures as well, where previously we would only consider the
header+payload ones.

Signed-off-by: Adam Cmiel [email protected]

Maintainers will complete the following section

  • Commit messages are descriptive enough
  • Code coverage from testing does not decrease and new code is covered
  • JSON/YAML configuration changes are updated in the relevant schema
  • Changes to metadata also update the documentation for the metadata
  • Pull request has a link to an osbs-docs PR for user documentation updates
  • New feature can be disabled from a configuration file

@chmeliik @MartinBasti
Support header-only signed RPMs
b1b3882 
CLOUDBLD-7002

There are 4 RPM tags that can contain signatures [1]. Two of them are
calculated from the header+payload - SIGPGP and SIGGPG. The other two
are calculated only from the header - DSAHEADER and RSAHEADER.

Header signatures were added in rpm v4 and the header+payload ones have
slowly been getting phased out since then [2]. The default rpm behavior
is now to include only the header signature [3].

What this means for OSBS is simply that we need to start looking at the
header signatures as well, where previously we would only consider the
header+payload ones.

[1]: https://rpm-software-management.github.io/rpm/manual/tags.html
[2]: rpm-software-management/rpm#863
[3]: rpm-software-management/rpm@b1aeafe

Signed-off-by: Adam Cmiel <[email protected]>
@MartinBasti
Copy link
Contributor Author

backporting #1649

@MartinBasti MartinBasti merged commit 5f67682 into containerbuildsystem:osbs_ocp3 Aug 27, 2021
@MartinBasti MartinBasti deleted the backport_ocp3_new_rpm_signature branch August 27, 2021 18:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ben-alkov ben-alkov ben-alkov approved these changes

@rcerven rcerven rcerven approved these changes

@chmeliik chmeliik Awaiting requested review from chmeliik

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@MartinBasti @ben-alkov @rcerven @chmeliik