Skip to content

Commit

Permalink
Force gpg to use SHA256 when generating signatures.
Browse files Browse the repository at this point in the history
Some versions of gpg appear to default to using SHA512.  This breaks
several tests' assumption that gpg generates a SHA256 hash.  Force gpg
to use SHA256 by passing `--digest-algo sha256` to rpmsign.

Fixes #2002.

(cherry picked from commit 4814bc8)
nwalfield authored and pmatilai committed Apr 13, 2022

Verified

This commit was signed with the committer’s verified signature. The key has expired.
justinsb Justin Santa Barbara
1 parent 8c28f5c commit 3c64a59
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions tests/rpmsigdig.at
Original file line number Diff line number Diff line change
@@ -577,7 +577,7 @@ AT_CHECK([
RPMDB_INIT

cp "${RPMTEST}"/data/RPMS/hello-2.0-1.x86_64.rpm "${RPMTEST}"/tmp/
run rpmsign --key-id 1964C5FC --addsign "${RPMTEST}"/tmp/hello-2.0-1.x86_64.rpm > /dev/null
run rpmsign --key-id 1964C5FC --digest-algo sha256 --addsign "${RPMTEST}"/tmp/hello-2.0-1.x86_64.rpm > /dev/null
echo PRE-IMPORT
runroot rpmkeys -Kv /tmp/hello-2.0-1.x86_64.rpm|grep -v digest
echo POST-IMPORT
@@ -604,7 +604,7 @@ AT_CHECK([
RPMDB_INIT

cp "${RPMTEST}"/data/RPMS/hello-2.0-1.x86_64-signed.rpm "${RPMTEST}"/tmp/
run rpmsign --key-id 1964C5FC --addsign "${RPMTEST}"/tmp/hello-2.0-1.x86_64-signed.rpm 2>&1 |grep -q "already contains identical signature, skipping"
run rpmsign --key-id 1964C5FC --digest-algo sha256 --addsign "${RPMTEST}"/tmp/hello-2.0-1.x86_64-signed.rpm 2>&1 |grep -q "already contains identical signature, skipping"
],
[0],
[],
@@ -618,7 +618,7 @@ pkg="hello-2.0-1.x86_64.rpm"
cp "${RPMTEST}"/data/RPMS/${pkg} "${RPMTEST}"/tmp/${pkg}
dd if=/dev/zero of="${RPMTEST}"/tmp/${pkg} \
conv=notrunc bs=1 seek=333 count=4 2> /dev/null
run rpmsign --key-id 1964C5FC --addsign "${RPMTEST}/tmp/${pkg}" >/dev/null 2> stderr
run rpmsign --key-id 1964C5FC --digest-algo sha256 --addsign "${RPMTEST}/tmp/${pkg}" >/dev/null 2> stderr
echo $?
grep -c "error: not signing corrupt package " stderr
runroot rpmkeys -Kv /tmp/hello-2.0-1.x86_64.rpm

0 comments on commit 3c64a59

Please sign in to comment.