From 14f55d6b2238ecb49c57a8a27db022a9d939637e Mon Sep 17 00:00:00 2001 From: Panu Matilainen Date: Aug 11 2017 06:51:16 +0000 Subject: Disable SHA256 header-only digest generation temporarily (#1480407) There's a bug in rpm 4.13.x rpmkeys -K signature checking that chokes on unknown tags it's supposed to ignore like older rpm versions do. Unfortunately that means all active Fedora versions are affected, so disabling the SHA256 header-only digest generation temporarily to give time to deal with the other versions. --- diff --git a/rpm-4.14-disable-sha256hdr.patch b/rpm-4.14-disable-sha256hdr.patch new file mode 100644 index 0000000..4b904f2 --- /dev/null +++ b/rpm-4.14-disable-sha256hdr.patch @@ -0,0 +1,32 @@ +diff --git a/lib/signature.c b/lib/signature.c +index b91baf628..ddfa969c9 100644 +--- a/lib/signature.c ++++ b/lib/signature.c +@@ -120,6 +120,7 @@ rpmRC rpmGenerateSignature(char *SHA256, char *SHA1, uint8_t *MD5, + int gpgSize = rpmExpandNumeric("%{__gpg_reserved_space}"); + + /* Prepare signature */ ++#if 0 /* rpm 4.13.x signature checking trips up on this, disable temporarily */ + if (SHA256) { + rpmtdReset(&td); + td.tag = RPMSIGTAG_SHA256; +@@ -128,6 +129,7 @@ rpmRC rpmGenerateSignature(char *SHA256, char *SHA1, uint8_t *MD5, + td.data = SHA256; + headerPut(sig, &td, HEADERPUT_DEFAULT); + } ++#endif + + if (SHA1) { + rpmtdReset(&td); +diff --git a/tests/rpmsigdig.at b/tests/rpmsigdig.at +index bf6bfd01a..75b9bc110 100644 +--- a/tests/rpmsigdig.at ++++ b/tests/rpmsigdig.at +@@ -123,7 +123,6 @@ runroot rpmkeys -Kv /build/RPMS/noarch/attrtest-1.0-1.noarch.rpm + [0], + [/build/RPMS/noarch/attrtest-1.0-1.noarch.rpm: + Header SHA1 digest: OK +- Header SHA256 digest: OK + Payload SHA256 digest: OK + MD5 digest: OK + ], diff --git a/rpm.spec b/rpm.spec index b9f9122..89277d6 100644 --- a/rpm.spec +++ b/rpm.spec @@ -29,7 +29,7 @@ Summary: The RPM package management system Name: rpm Version: %{rpmver} -Release: %{?snapver:0.%{snapver}.}1%{?dist} +Release: %{?snapver:0.%{snapver}.}2%{?dist} Group: System Environment/Base Url: http://www.rpm.org/ Source0: http://ftp.rpm.org/releases/%{srcdir}/%{name}-%{srcver}.tar.bz2 @@ -50,6 +50,9 @@ Patch3: rpm-4.9.90-no-man-dirs.patch Patch4: rpm-4.8.1-use-gpg2.patch # Temporary band-aid for rpm2cpio whining on payload size mismatch (#1142949) Patch5: rpm-4.12.0-rpm2cpio-hack.patch +# rpm 4.13 rpmkeys -K is buggy and chokes on the new sha256 header digest, +# disable its generation until fixed in other fedora versions (#1480407) +Patch6: rpm-4.14-disable-sha256hdr.patch # Patches already upstream: @@ -565,6 +568,9 @@ exit 0 %doc doc/librpm/html/* %changelog +* Fri Aug 11 2017 Panu Matilainen - 4.13.90-0.git14000.2 +- Disable SHA256 header-only digest generation temporarily (#1480407) + * Thu Aug 10 2017 Panu Matilainen - 4.13.90-0.git14000.1 - Rebase to rpm 4.13.90 aka 4.14.0-alpha (#1474836)