Concrete proposal:
- New-style signatures are _required_ in v6 packages.
- New-style signatures always cover both headers, including the entire main
header and all of the signature header except for the tag data entry containing
the new-style signatures.
- If a new-style signature is present, the signature header must be a single
contiguous region and its entries must be sorted.
- To compute the hash of the signature header:
- Hash the first 8 bytes.
- Hash all of the tag data entries until the one for the new-style signature
is reached. If the tag data entries are not sorted by increasing tag, the
package is malformed.
- If there are any remaining tag data entries:
- Create a copy of the remaining tag data entries.
- If the remaining tag data entries are not sorted by increasing tag, the
package is malformed.
- Subtract the length (in bytes) of the tag data entry for the new-style
signature, rounded up to the next multiple of 8, from the start position of the
remaining tag data entries.
- Hash the remaining tag data entries.
- Hash the first byte after the tag data entries (inclusive) until (but not
including) the first byte of the tag data entry for the new-style signature.
- Hash all data in the signature header after the new-style signature.
> It is not the best way to go as it may let implementations forget to check
> the hashes after the signature checking but it is an option to consider if it
> is simpler.
My thought was that the hash of the signature header would be computed during
installation and stored in the rpmdb. It would not be included in packages.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/2224#issuecomment-2515398517
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/issues/2224/2515398...@github.com>
_______________________________________________
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
https://lists.rpm.org/mailman/listinfo/rpm-maint
