rpm 5.4.15 creates invalid rpms
Elan Ruusamäe
glen at pld-linux.org
Tue Nov 4 17:50:09 CET 2014
On 04.11.2014 09:31, Jan Rękorajski wrote:
>>> The RSA v4 keyid is not correctly implementedin rpm-4.5. Use DSA or go fix rpm-4.5.
>> >baggins: we probably should revert it then.
> I'd leave it in test for now, but I'm ok with the downgrade you did on
> builders.
i failed to downgrade actually... still trying
>>> > >All packages produced by rpmbuild-5.4.15 are signed automatically. Been that way
>>> > >for several years.
>> >yep. that's what i recalled problem being familiar.
> If it's been there for years, then why the problems started on 5.4.15?
as i understand, then it's because it started to create RSAv4 not RSAv3
headers.
i'm still looking for code diffs, so it's either one of these rpm defines:
#
+# Choose the non-repudiable signature algorithm:
+# DSA (default)
+# RSA (implies SHA1)
+# ECDSA (implies SHA256)
+# DSA/SHA1
+# DSA/SHA224
+# DSA/SHA256
+# DSA/SHA384
+# DSA/SHA512
+# RSA/SHA1
+# RSA/SHA224
+# RSA/SHA256
+# RSA/SHA384
+# RSA/SHA512
+# ECDSA/SHA224 (using NIST P-224)
+# ECDSA/SHA256 (using NIST P-256)
+# ECDSA/SHA384 (using NIST P-384)
+# ECDSA/SHA512 (using NIST P-521)
+#
+%_build_sign RSA/SHA1
@@ -281,9 +303,13 @@
# 109 Jenkins lookup3.c hashlittle()
# 111 RIPEMD-256
# 112 RIPEMD-320
+# 188 BLAKE2B
+# 189 BLAKE2BP
+# 190 BLAKE2S
+# 191 BLAKE2SP
#
-# Note: choosing anything but MD5 introduces instant legacy
incompatibility.
-%_build_file_digest_algo 1
+#%_build_file_digest_algo 1
--
glen
More information about the pld-devel-en
mailing list