rpm 5.4.15 creates invalid rpms

Jeffrey Johnson n3npq at me.com
Tue Nov 4 18:00:58 CET 2014 

On Nov 4, 2014, at 11:50 AM, Elan Ruusamäe wrote:

> On 04.11.2014 09:31, Jan Rękorajski wrote:
>>>> The RSA v4 keyid is not correctly implementedin rpm-4.5. Use DSA or go fix rpm-4.5.
>>> >baggins: we probably should revert it then.
>> I'd leave it in test for now, but I'm ok with the downgrade you did on
>> builders.
> i  failed to downgrade actually... still trying
>>>> > >All packages produced by rpmbuild-5.4.15 are signed automatically. Been that way
>>>> > >for several years.
>>> >yep. that's what i recalled problem being familiar.
>> If it's been there for years, then why the problems started on 5.4.15?
> as i understand, then it's because it started to create RSAv4 not RSAv3 headers.
> 

Yes. But there multiple obscure issues that were fixed, not just generating
a V4 keyid correctly.

E.g. rpm-4.5 did not get bit counts correct and assumed 8 * byte count
was "gud enuf".

The assumption is true for DSA but not RSA. So 1 out of 256 RSA parameters
will have 8 bits of leading zeroes and the byte count will be wrong.

Adjust your testing accoringly: 255 out of 256 RSA signatures will Just Work.

> 
> i'm still looking for code diffs, so it's either one of  these rpm defines:
> 
> #
> +# Choose the non-repudiable signature algorithm:
> +#     DSA        (default)
> +#     RSA        (implies SHA1)
> +#     ECDSA        (implies SHA256)
> +#     DSA/SHA1
> +#     DSA/SHA224
> +#     DSA/SHA256
> +#     DSA/SHA384
> +#     DSA/SHA512
> +#     RSA/SHA1
> +#     RSA/SHA224
> +#     RSA/SHA256
> +#     RSA/SHA384
> +#     RSA/SHA512
> +#     ECDSA/SHA224    (using NIST P-224)
> +#     ECDSA/SHA256    (using NIST P-256)
> +#     ECDSA/SHA384    (using NIST P-384)
> +#     ECDSA/SHA512    (using NIST P-521)
> +#
> +%_build_sign    RSA/SHA1
> 

Change to "DSA" for maximum compatibility with rpm-4.5. Note
that rpm-5.4.15 was deliberately released with "RSA/SHA1" default
to flush out problems as you have reported as early as possible.

FYI: rpm-5.4.16 switches from BeeCrypt to LibTomCrypt and uses ECDSA
in
	RPMTAG_ECDSAHEADER          = RPMTAG_SIG_BASE+16,   /* x */
which avoids (because that tag isn't known) in all legacy and competing versions of RPM.

> 
> @@ -281,9 +303,13 @@
> #    109    Jenkins lookup3.c hashlittle()
> #    111    RIPEMD-256
> #    112    RIPEMD-320
> +#    188    BLAKE2B
> +#    189    BLAKE2BP
> +#    190    BLAKE2S
> +#    191    BLAKE2SP
> #
> -# Note: choosing anything but MD5 introduces instant legacy incompatibility.
> -%_build_file_digest_algo    1
> +#%_build_file_digest_algo    1
> 

And BLAKE2BP (with 256bit protection and faster than MD5) is the preferred
default in RPM5 releases.

73 de Jeff
> 
> 
> -- 
> glen
> 
> _______________________________________________
> pld-devel-en mailing list
> pld-devel-en at lists.pld-linux.org
> http://lists.pld-linux.org/mailman/listinfo/pld-devel-en

More information about the pld-devel-en mailing list