You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
RPM traditionally used MD5 file digests, long since generalized to use SHA256 (or other) digest from rpmbuild macro configuration. Digest verification can also be enabled/disabled using %verify/%defverify.
Adding a string->value table for known/implemented algorithm names that also set the digest algorithm to use in RPMTAG_FILEDIGESTALGOS would permit packager specification of the desired digest algorithm in %verify/%defverify, with a %verify parsing extension to permit the names in the table to appear within %verify() option attributes.
The table of permitted algorithms -- which might be different than the implemented algorithms -- would be specified by a colon separated tuple in a macro. And if absolutely essential to control for whether the build master or the packager determines what algorithm to use, the search precedence of build master or specfile to determine algorithm can be done in another macro.
For verification display purposes, the name of the verify algorithm used could/would be prepended to the hex output, like "sha1:12345...". If preserving EXACTLY COMPATIBLE output for scripts etc, there would need to be Yet Another macro disabler to preserve legacy compatibility.
Been on my todo list for a long time. I can supply code if interested.
The text was updated successfully, but these errors were encountered:
Another lurking/lingering RFE digest issue
RPM traditionally used MD5 file digests, long since generalized to use SHA256 (or other) digest from rpmbuild macro configuration. Digest verification can also be enabled/disabled using %verify/%defverify.
Adding a string->value table for known/implemented algorithm names that also set the digest algorithm to use in RPMTAG_FILEDIGESTALGOS would permit packager specification of the desired digest algorithm in %verify/%defverify, with a %verify parsing extension to permit the names in the table to appear within %verify() option attributes.
The table of permitted algorithms -- which might be different than the implemented algorithms -- would be specified by a colon separated tuple in a macro. And if absolutely essential to control for whether the build master or the packager determines what algorithm to use, the search precedence of build master or specfile to determine algorithm can be done in another macro.
For verification display purposes, the name of the verify algorithm used could/would be prepended to the hex output, like "sha1:12345...". If preserving EXACTLY COMPATIBLE output for scripts etc, there would need to be Yet Another macro disabler to preserve legacy compatibility.
Been on my todo list for a long time. I can supply code if interested.
The text was updated successfully, but these errors were encountered: