rpm5 package verification and md5sum of config files
Jeffrey Johnson
n3npq at me.com
Tue Oct 16 09:38:30 CEST 2012
On Oct 16, 2012, at 2:57 AM, Adam Osuchowski <adwol at zonk.pl> wrote:
>
> FYI, I don't claim that my 1-liner is the best solution for first case.
> I only find it helps. Maybe there is more suitable one.
Actually your 1-liner deletion *is* the best patch.
(aside)
I dimly remember having to debug this issue. Because of negation,
my original attempt was flawed, and needed to be handled
more carefully, outside of the parsing loop. I managed to delete
the if but not what followed.
BTW, another goal adding HMAC support was a packaging
means to support FIPS 140-2: I dislike fipscheck using
an HMAC stored next to crypto libraries.
The salt used in the HMAC is likely exactly what was in use
by fipscheck in RHEL/Fedora back in 2009.
Checking … rpmdb/legacy.c has this from (almost certainly) RedHat fipscheck and NIST certification:
static const char hmackey[] = "orboDeJITITejsirpADONivirpUkvarP";
That string may need a macro value to configure for non- (or later) RedHat
NIST certification.
hth
73 de Jeff
> _______________________________________________
> pld-devel-en mailing list
> pld-devel-en at lists.pld-linux.org
> http://lists.pld-linux.org/mailman/listinfo/pld-devel-en
More information about the pld-devel-en
mailing list