Bug 1066494
Summary: | rpm doesn't understand SHA224 signature, but is possible to add sha224 signature | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Patrik Kis <pkis> |
Component: | rpm | Assignee: | Panu Matilainen <pmatilai> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Patrik Kis <pkis> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 7.0 | CC: | emaldona, jkastner, ksrot, mvadkert, pknirsch, pmatilai, sgrubb, syeghiay |
Target Milestone: | rc | Keywords: | Regression |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | rpm-4.11.1-15.el7 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | 608599 | Environment: | |
Last Closed: | 2014-06-13 12:47:27 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 608599, 608611 | ||
Bug Blocks: | 582655 |
Description
Patrik Kis
2014-02-18 14:25:28 UTC
Heh. It looks like a regression from the outset but is more twisted than that. In bug 608599 rpm permitted signing with a digest which it didn't support (because NSS did not support SHA-224) but now it is supported, only that support is buggy in the path that rpm -Kv signature verification hits: http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=85b62554d2632d06f975f90697c4c11c3f180931 Dunno whether I should laugh or cry, but devel_ack+ anyway :) Fixed in rpm-4.11.1-15.el7, FWIW (this isn't exactly a critical bug really) Verified with: /CoreOS/rpm/Regression/bz608599-rpm-doesnt-accept-signatures-it-cannot-use OLD: rpm-4.11.1-14.el7 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: Test :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ PASS ] :: Running 'gpg --batch --gen-key batch' (Expected 0, got 0) :: [ PASS ] :: Running 'gpg --armor --export '<joe>' > joepub.ascii' (Expected 0, got 0) :: [ PASS ] :: Running 'rpm --import joepub.ascii' (Expected 0, got 0) :: [ PASS ] :: Running 'wget http://download.lab.bos.redhat.com/qa/rhts/lookaside/redhat-lsb-3.1-12.3.EL.i386.rpm' (Expected 0, got 0) :: [ PASS ] :: Running 'rpm -v --checksig redhat-lsb-3.1-12.3.EL.i386.rpm &>checksig.log' (Expected 1, got 1) :: [ PASS ] :: File 'checksig.log' should contain 'V3 DSA/SHA1 Signature' :: [ PASS ] :: Running './rpm_addsign.exp redhat-lsb-3.1-12.3.EL.i386.rpm abc' (Expected 0, got 0) :: [ PASS ] :: Running 'rpm -v --checksig redhat-lsb-3.1-12.3.EL.i386.rpm &>checksig.log' (Expected 1, got 1) :: [ FAIL ] :: File 'checksig.log' should contain 'V4 DSA/SHA224 Signature' :: [ FAIL ] :: File 'checksig.log' should not contain 'BAD PARAMETERS' :: [ LOG ] :: Duration: 5s :: [ LOG ] :: Assertions: 8 good, 2 bad :: [ FAIL ] :: RESULT: Test NEW: rpm-4.11.1-15.el7 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: Test :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ PASS ] :: Running 'gpg --batch --gen-key batch' (Expected 0, got 0) :: [ PASS ] :: Running 'gpg --armor --export '<joe>' > joepub.ascii' (Expected 0, got 0) :: [ PASS ] :: Running 'rpm --import joepub.ascii' (Expected 0, got 0) :: [ PASS ] :: Running 'wget http://download.lab.bos.redhat.com/qa/rhts/lookaside/redhat-lsb-3.1-12.3.EL.i386.rpm' (Expected 0, got 0) :: [ PASS ] :: Running 'rpm -v --checksig redhat-lsb-3.1-12.3.EL.i386.rpm &>checksig.log' (Expected 1, got 1) :: [ PASS ] :: File 'checksig.log' should contain 'V3 DSA/SHA1 Signature' :: [ PASS ] :: Running './rpm_addsign.exp redhat-lsb-3.1-12.3.EL.i386.rpm abc' (Expected 0, got 0) :: [ PASS ] :: Running 'rpm -v --checksig redhat-lsb-3.1-12.3.EL.i386.rpm &>checksig.log' (Expected 1, got 1) :: [ PASS ] :: File 'checksig.log' should contain 'V4 DSA/SHA224 Signature' :: [ PASS ] :: File 'checksig.log' should not contain 'BAD PARAMETERS' :: [ LOG ] :: Duration: 3s :: [ LOG ] :: Assertions: 10 good, 0 bad :: [ PASS ] :: RESULT: Test This request was resolved in Red Hat Enterprise Linux 7.0. Contact your manager or support representative in case you have further questions about the request. |