You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The signature header contains (optional) information to verify package integrity.
So new tags are added when packages are signed, and a new signature header is created and inserted into a *.rpm package file.
However, the insertion forces a rewrite of the metadata header and payload, which for a distribution signing event, can rewrite a terabyte of information.
Another flaw with a variable sized signature header is that the metadata header and payload are not located at a constant offset, preventing, say, HTTP byte ranges from directly reading the header metadata blob.
One simple solution is to add a "free space" tag to the signature header to reserve space for a signature (or other data) to be added later. This would permit the new signature header to be rewritten in-place with an adjusted "free space" tag instead of rewriting entire packages when signing.
I will have a patch to add a "free space" tag to a signature header for rpm.org soon.
The text was updated successfully, but these errors were encountered:
The signature header contains (optional) information to verify package integrity.
So new tags are added when packages are signed, and a new signature header is created and inserted into a *.rpm package file.
However, the insertion forces a rewrite of the metadata header and payload, which for a distribution signing event, can rewrite a terabyte of information.
Another flaw with a variable sized signature header is that the metadata header and payload are not located at a constant offset, preventing, say, HTTP byte ranges from directly reading the header metadata blob.
One simple solution is to add a "free space" tag to the signature header to reserve space for a signature (or other data) to be added later. This would permit the new signature header to be rewritten in-place with an adjusted "free space" tag instead of rewriting entire packages when signing.
I will have a patch to add a "free space" tag to a signature header for rpm.org soon.
The text was updated successfully, but these errors were encountered: