Bug 1728031

Summary: backport of sha256 checksum headers to rhel7
Product: Red Hat Enterprise Linux 7 Reporter: Justin Sherrill <jsherril>
Component: rpmAssignee: Packaging Maintenance Team <packaging-team-maint>
Status: CLOSED WONTFIX QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.7CC: ffesti, packaging-team-maint
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-07-18 12:02:22 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1713401    

Description Justin Sherrill 2019-07-08 20:21:48 UTC 
Description of problem:

rpm 4.14 introduced sha256 checksums for rpm headers here: 

https://github.com/rpm-software-management/rpm/commit/6eeb2f2963cb4ab5f7c24b0c7165336581e53117

RHEL 8 with OSPP mode will not install rpms that are built without a sha256 header checksum:

'package X does not verify: no digest'

The result is that its not possible to build an rpm on el7 that will install on el8 with ospp mode enabled.  

Version-Release number of selected component (if applicable):

rpm-4.11.3-35.el7.x86_64

How reproducible:
always

Steps to Reproduce:
1.  rpm --querytags | grep -i SHA256HEADER 

Actual results:
no query tag, because rpm does not support sha256 checksums for header

Expected results:
supports query tag, and sha256 checksum on header


Additional info:
Comment 2 Justin Sherrill 2019-07-08 20:23:27 UTC 
I've come to the conclusions stated above while investigating a product issue with Satellite 6, if anything i said is incorrect, please feel free to correct me.
Comment 4 Daniel Mach 2019-07-18 12:02:22 UTC 
This bug is not planned to be addressed during Red Hat Enterprise Linux 7 life-cycle.
Please contact Red Hat support if you wish to have it reconsidered.
Comment 5 Florian Festi 2019-11-21 09:53:17 UTC 
Clear needinfo