Bug 479859
Summary: | Use SHA-2 in RPM signatures | |||
---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Miloslav Trmač <mitr> | |
Component: | distribution | Assignee: | Bill Nottingham <notting> | |
Status: | CLOSED RAWHIDE | QA Contact: | Bill Nottingham <notting> | |
Severity: | medium | Docs Contact: | ||
Priority: | medium | |||
Version: | rawhide | CC: | dcantrell, katzj, pinto.elia, pmatilai, rvokal | |
Target Milestone: | --- | |||
Target Release: | --- | |||
Hardware: | All | |||
OS: | Linux | |||
Whiteboard: | ||||
Fixed In Version: | Doc Type: | Bug Fix | ||
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 479863 (view as bug list) | Environment: | ||
Last Closed: | 2009-03-10 03:05:57 UTC | Type: | --- | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 461972, 479863 |
Description
Miloslav Trmač
2009-01-13 16:58:23 UTC
To generate such signatures using sigul, update to sigul-0.92 (from http://people.redhat.com/mitr/rpmsigner ) and configure it to use SHA-256: echo 'personal-digest-preferences sha256 sha1'> /var/lib/sigul/gnupg/gpg.conf (this affects all keys managed by this sigul installation, but the default 1024-bit DSA keys can only use a 160-bit hash, so SHA-1 will be used for 1024-bit DSA keys, the same as if this preference were not set.) When signing RPMs, use (sigul sign-rpm --v3-signature ...), which passes --force-v3-sigs to rpm --addsign. Our sign_unsigned code now is able to support the larger sigs. A 4096bit RSA gpg key has been created for Fedora 11 Test and packages are currently being signed. |