Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enhance rpm validation workflow with distribution signature check #2222

Merged
merged 3 commits into from
Jun 23, 2022
Merged

Enhance rpm validation workflow with distribution signature check #2222

merged 3 commits into from
Jun 23, 2022

Conversation

zelinh
Copy link
Member

@zelinh zelinh commented Jun 22, 2022

Description

Enhance rpm validation workflow with distribution signature check.
The standard output when we run rpm -K -v on s signed RPM distribution file will be like below:

- rpm -K -v /tmp/workspace/yum-download/opensearch-2.0.1-linux-arm64.rpm
/tmp/workspace/yum-download/opensearch-2.0.1-linux-arm64.rpm:
    Header V4 RSA/SHA512 Signature, key ID 9310d3fc: OK
    Header SHA256 digest: OK
    Header SHA1 digest: OK
    Payload SHA256 digest: OK
    V4 RSA/SHA512 Signature, key ID 9310d3fc: OK
    MD5 digest: OK

While on unsigned distribution files, there would be either saying NOKEY or lack of certain type of signature digest.
This enhancement check will check two aspects:

  1. Check if all signatures are OK.
  2. Check all six above signature digest present.

Issues Resolved

#2197

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

zelinh added 2 commits June 21, 2022 11:15
@zelinh
Add rpm signature validation
edf7dcb 
Signed-off-by: Zelin Hao <[email protected]>
@zelinh
Update jenkins tests
3928ed7 
Signed-off-by: Zelin Hao <[email protected]>
@zelinh zelinh requested a review from peterzhuamazon June 22, 2022 01:43
@zelinh zelinh requested a review from a team as a code owner June 22, 2022 01:43
@zelinh zelinh self-assigned this Jun 22, 2022
@zelinh
Change to use assert
1ae17cf 
Signed-off-by: Zelin Hao <[email protected]>
@peterzhuamazon peterzhuamazon merged commit cfa7922 into opensearch-project:main Jun 23, 2022
@peterzhuamazon peterzhuamazon deleted the enhance-rpm-sig-check branch June 23, 2022 23:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gaiksaya gaiksaya gaiksaya left review comments

@peterzhuamazon peterzhuamazon peterzhuamazon approved these changes

Assignees

@zelinh zelinh

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@zelinh @gaiksaya @peterzhuamazon