Disable SHA256 header-only digest generation temporarily (#1480407)
There's a bug in rpm 4.13.x rpmkeys -K signature checking that chokes on unknown tags it's supposed to ignore like older rpm versions do. Unfortunately that means all active Fedora versions are affected, so disabling the SHA256 header-only digest generation temporarily to give time to deal with the other versions.
This commit is contained in:
Panu Matilainen
parent
39cbfb7d94
commit
14f55d6b22
32
rpm-4.14-disable-sha256hdr.patch
Normal file
32
rpm-4.14-disable-sha256hdr.patch
Normal file
@ -0,0 +1,32 @@
|
||||
diff --git a/lib/signature.c b/lib/signature.c
|
||||
index b91baf628..ddfa969c9 100644
|
||||
--- a/lib/signature.c
|
||||
+++ b/lib/signature.c
|
||||
@@ -120,6 +120,7 @@ rpmRC rpmGenerateSignature(char *SHA256, char *SHA1, uint8_t *MD5,
|
||||
int gpgSize = rpmExpandNumeric("%{__gpg_reserved_space}");
|
||||
|
||||
/* Prepare signature */
|
||||
+#if 0 /* rpm 4.13.x signature checking trips up on this, disable temporarily */
|
||||
if (SHA256) {
|
||||
rpmtdReset(&td);
|
||||
td.tag = RPMSIGTAG_SHA256;
|
||||
@@ -128,6 +129,7 @@ rpmRC rpmGenerateSignature(char *SHA256, char *SHA1, uint8_t *MD5,
|
||||
td.data = SHA256;
|
||||
headerPut(sig, &td, HEADERPUT_DEFAULT);
|
||||
}
|
||||
+#endif
|
||||
|
||||
if (SHA1) {
|
||||
rpmtdReset(&td);
|
||||
diff --git a/tests/rpmsigdig.at b/tests/rpmsigdig.at
|
||||
index bf6bfd01a..75b9bc110 100644
|
||||
--- a/tests/rpmsigdig.at
|
||||
+++ b/tests/rpmsigdig.at
|
||||
@@ -123,7 +123,6 @@ runroot rpmkeys -Kv /build/RPMS/noarch/attrtest-1.0-1.noarch.rpm
|
||||
[0],
|
||||
[/build/RPMS/noarch/attrtest-1.0-1.noarch.rpm:
|
||||
Header SHA1 digest: OK
|
||||
- Header SHA256 digest: OK
|
||||
Payload SHA256 digest: OK
|
||||
MD5 digest: OK
|
||||
],
|
||||
8
rpm.spec
8
rpm.spec
@ -29,7 +29,7 @@
|
||||
Summary: The RPM package management system
|
||||
Name: rpm
|
||||
Version: %{rpmver}
|
||||
Release: %{?snapver:0.%{snapver}.}1%{?dist}
|
||||
Release: %{?snapver:0.%{snapver}.}2%{?dist}
|
||||
Group: System Environment/Base
|
||||
Url: http://www.rpm.org/
|
||||
Source0: http://ftp.rpm.org/releases/%{srcdir}/%{name}-%{srcver}.tar.bz2
|
||||
@ -50,6 +50,9 @@ Patch3: rpm-4.9.90-no-man-dirs.patch
|
||||
Patch4: rpm-4.8.1-use-gpg2.patch
|
||||
# Temporary band-aid for rpm2cpio whining on payload size mismatch (#1142949)
|
||||
Patch5: rpm-4.12.0-rpm2cpio-hack.patch
|
||||
# rpm 4.13 rpmkeys -K is buggy and chokes on the new sha256 header digest,
|
||||
# disable its generation until fixed in other fedora versions (#1480407)
|
||||
Patch6: rpm-4.14-disable-sha256hdr.patch
|
||||
|
||||
# Patches already upstream:
|
||||
|
||||
@ -565,6 +568,9 @@ exit 0
|
||||
%doc doc/librpm/html/*
|
||||
|
||||
%changelog
|
||||
* Fri Aug 11 2017 Panu Matilainen <pmatilai@redhat.com> - 4.13.90-0.git14000.2
|
||||
- Disable SHA256 header-only digest generation temporarily (#1480407)
|
||||
|
||||
* Thu Aug 10 2017 Panu Matilainen <pmatilai@redhat.com> - 4.13.90-0.git14000.1
|
||||
- Rebase to rpm 4.13.90 aka 4.14.0-alpha (#1474836)
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user