diff options
author | Neal H. Walfield <neal@pep.foundation> | 2022-03-24 14:05:41 +0100 |
---|---|---|
committer | Michal Domonkos <mdomonko@redhat.com> | 2022-07-01 10:52:14 +0200 |
commit | 1c16ac8e1a732619f0f9cfb9f0076010d1174219 (patch) | |
tree | 536f312109c081a346ccb9b13cf5939d67589fd0 | |
parent | 832326978f88c3d3b434271b5e465af6b80a8390 (diff) | |
download | rpm-1c16ac8e1a732619f0f9cfb9f0076010d1174219.tar.gz |
Force gpg to use SHA256 when generating signatures.
Some versions of gpg appear to default to using SHA512. This breaks
several tests' assumption that gpg generates a SHA256 hash. Force gpg
to use SHA256 by passing `--digest-algo sha256` to rpmsign.
Fixes #2002.
(cherry picked from commit 4814bc84c5948d52998f6e33869d53ace9a0e753)
-rw-r--r-- | tests/rpmsigdig.at | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/tests/rpmsigdig.at b/tests/rpmsigdig.at index 7fab79b1a..d5478080f 100644 --- a/tests/rpmsigdig.at +++ b/tests/rpmsigdig.at @@ -533,7 +533,7 @@ AT_CHECK([ RPMDB_INIT cp "${RPMTEST}"/data/RPMS/hello-2.0-1.x86_64.rpm "${RPMTEST}"/tmp/ -run rpmsign --key-id 1964C5FC --addsign "${RPMTEST}"/tmp/hello-2.0-1.x86_64.rpm > /dev/null +run rpmsign --key-id 1964C5FC --digest-algo sha256 --addsign "${RPMTEST}"/tmp/hello-2.0-1.x86_64.rpm > /dev/null echo PRE-IMPORT runroot rpmkeys -Kv /tmp/hello-2.0-1.x86_64.rpm|grep -v digest echo POST-IMPORT @@ -560,7 +560,7 @@ AT_CHECK([ RPMDB_INIT cp "${RPMTEST}"/data/RPMS/hello-2.0-1.x86_64-signed.rpm "${RPMTEST}"/tmp/ -run rpmsign --key-id 1964C5FC --addsign "${RPMTEST}"/tmp/hello-2.0-1.x86_64-signed.rpm 2>&1 |grep -q "already contains identical signature, skipping" +run rpmsign --key-id 1964C5FC --digest-algo sha256 --addsign "${RPMTEST}"/tmp/hello-2.0-1.x86_64-signed.rpm 2>&1 |grep -q "already contains identical signature, skipping" ], [0], [], @@ -574,7 +574,7 @@ pkg="hello-2.0-1.x86_64.rpm" cp "${RPMTEST}"/data/RPMS/${pkg} "${RPMTEST}"/tmp/${pkg} dd if=/dev/zero of="${RPMTEST}"/tmp/${pkg} \ conv=notrunc bs=1 seek=333 count=4 2> /dev/null -run rpmsign --key-id 1964C5FC --addsign "${RPMTEST}/tmp/${pkg}" >/dev/null 2> stderr +run rpmsign --key-id 1964C5FC --digest-algo sha256 --addsign "${RPMTEST}/tmp/${pkg}" >/dev/null 2> stderr echo $? grep -c "error: not signing corrupt package " stderr runroot rpmkeys -Kv /tmp/hello-2.0-1.x86_64.rpm |