Reserving space in the signature header

[n3npq]

The signature header contains (optional) information to verify package integrity.

So new tags are added when packages are signed, and a new signature header is created and inserted into a *.rpm package file.

However, the insertion forces a rewrite of the metadata header and payload, which for a distribution signing event, can rewrite a terabyte of information.

Another flaw with a variable sized signature header is that the metadata header and payload are not located at a constant offset, preventing, say, HTTP byte ranges from directly reading the header metadata blob.

One simple solution is to add a "free space" tag to the signature header to reserve space for a signature (or other data) to be added later. This would permit the new signature header to be rewritten in-place with an adjusted "free space" tag instead of rewriting entire packages when signing.

I will have a patch to add a "free space" tag to a signature header for rpm.org soon.

[pmatilai]

We've had that for almost three years now so don't bother.