rpm 5.4.15 creates invalid rpms

Elan Ruusamäe glen at pld-linux.org
Tue Nov 4 17:50:09 CET 2014


On 04.11.2014 09:31, Jan Rękorajski wrote:
>>> The RSA v4 keyid is not correctly implementedin rpm-4.5. Use DSA or go fix rpm-4.5.
>> >baggins: we probably should revert it then.
> I'd leave it in test for now, but I'm ok with the downgrade you did on
> builders.
i  failed to downgrade actually... still trying
>>> > >All packages produced by rpmbuild-5.4.15 are signed automatically. Been that way
>>> > >for several years.
>> >yep. that's what i recalled problem being familiar.
> If it's been there for years, then why the problems started on 5.4.15?
as i understand, then it's because it started to create RSAv4 not RSAv3 
headers.


i'm still looking for code diffs, so it's either one of  these rpm defines:

  #
+# Choose the non-repudiable signature algorithm:
+#     DSA        (default)
+#     RSA        (implies SHA1)
+#     ECDSA        (implies SHA256)
+#     DSA/SHA1
+#     DSA/SHA224
+#     DSA/SHA256
+#     DSA/SHA384
+#     DSA/SHA512
+#     RSA/SHA1
+#     RSA/SHA224
+#     RSA/SHA256
+#     RSA/SHA384
+#     RSA/SHA512
+#     ECDSA/SHA224    (using NIST P-224)
+#     ECDSA/SHA256    (using NIST P-256)
+#     ECDSA/SHA384    (using NIST P-384)
+#     ECDSA/SHA512    (using NIST P-521)
+#
+%_build_sign    RSA/SHA1


@@ -281,9 +303,13 @@
  #    109    Jenkins lookup3.c hashlittle()
  #    111    RIPEMD-256
  #    112    RIPEMD-320
+#    188    BLAKE2B
+#    189    BLAKE2BP
+#    190    BLAKE2S
+#    191    BLAKE2SP
  #
-# Note: choosing anything but MD5 introduces instant legacy 
incompatibility.
-%_build_file_digest_algo    1
+#%_build_file_digest_algo    1



-- 
glen



More information about the pld-devel-en mailing list