diff options
author | Neal H. Walfield <neal@pep.foundation> | 2022-03-24 14:05:41 +0100 |
---|---|---|
committer | Panu Matilainen <pmatilai@redhat.com> | 2022-04-13 10:53:41 +0300 |
commit | 3c64a599f68ec40dcfaf6338e45cc8d4984039c7 (patch) | |
tree | 439163bc1b63137f10f5818656fe2280ad26bfd5 | |
parent | 8c28f5c1f5c7f24e010dae0bae7bed15120a48f0 (diff) | |
download | rpm-3c64a599f68ec40dcfaf6338e45cc8d4984039c7.tar.gz |
Force gpg to use SHA256 when generating signatures.
Some versions of gpg appear to default to using SHA512. This breaks
several tests' assumption that gpg generates a SHA256 hash. Force gpg
to use SHA256 by passing `--digest-algo sha256` to rpmsign.
Fixes #2002.
(cherry picked from commit 4814bc84c5948d52998f6e33869d53ace9a0e753)
-rw-r--r-- | tests/rpmsigdig.at | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/tests/rpmsigdig.at b/tests/rpmsigdig.at index ce0a6dafb..364eafb86 100644 --- a/tests/rpmsigdig.at +++ b/tests/rpmsigdig.at @@ -577,7 +577,7 @@ AT_CHECK([ RPMDB_INIT cp "${RPMTEST}"/data/RPMS/hello-2.0-1.x86_64.rpm "${RPMTEST}"/tmp/ -run rpmsign --key-id 1964C5FC --addsign "${RPMTEST}"/tmp/hello-2.0-1.x86_64.rpm > /dev/null +run rpmsign --key-id 1964C5FC --digest-algo sha256 --addsign "${RPMTEST}"/tmp/hello-2.0-1.x86_64.rpm > /dev/null echo PRE-IMPORT runroot rpmkeys -Kv /tmp/hello-2.0-1.x86_64.rpm|grep -v digest echo POST-IMPORT @@ -604,7 +604,7 @@ AT_CHECK([ RPMDB_INIT cp "${RPMTEST}"/data/RPMS/hello-2.0-1.x86_64-signed.rpm "${RPMTEST}"/tmp/ -run rpmsign --key-id 1964C5FC --addsign "${RPMTEST}"/tmp/hello-2.0-1.x86_64-signed.rpm 2>&1 |grep -q "already contains identical signature, skipping" +run rpmsign --key-id 1964C5FC --digest-algo sha256 --addsign "${RPMTEST}"/tmp/hello-2.0-1.x86_64-signed.rpm 2>&1 |grep -q "already contains identical signature, skipping" ], [0], [], @@ -618,7 +618,7 @@ pkg="hello-2.0-1.x86_64.rpm" cp "${RPMTEST}"/data/RPMS/${pkg} "${RPMTEST}"/tmp/${pkg} dd if=/dev/zero of="${RPMTEST}"/tmp/${pkg} \ conv=notrunc bs=1 seek=333 count=4 2> /dev/null -run rpmsign --key-id 1964C5FC --addsign "${RPMTEST}/tmp/${pkg}" >/dev/null 2> stderr +run rpmsign --key-id 1964C5FC --digest-algo sha256 --addsign "${RPMTEST}/tmp/${pkg}" >/dev/null 2> stderr echo $? grep -c "error: not signing corrupt package " stderr runroot rpmkeys -Kv /tmp/hello-2.0-1.x86_64.rpm |