diff options
author | Panu Matilainen <pmatilai@redhat.com> | 2017-03-01 15:03:55 +0200 |
---|---|---|
committer | Panu Matilainen <pmatilai@redhat.com> | 2017-03-01 15:38:34 +0200 |
commit | 91aa0786cf3b2e34de01c586427952de6d0d9b40 (patch) | |
tree | dc4f64f4764d3f3d46b14a742a48258ab598620f /tests/rpmgeneral.at | |
parent | 7d1a303c456ce459cf550e8154fa4b6f29012b05 (diff) | |
download | rpm-91aa0786cf3b2e34de01c586427952de6d0d9b40.tar.gz |
Implement a digest on the compressed payload content (#163)
There needs to be a way to verify the payload before trying to uncompress
and unpack it:
- We have digests on the contents of individual files, but detecting
corruption in middle of installation, after all sorts of scripts might
have already run, is no good at all
- Compresssion libraries have vulnerabilities of their own
- The RPMv3 digest covering the payload is the obsolete MD5, and furthermore
it covers the header AND the payload, which is extremely cumbersome
to begin with but also vulnerable because it's in the unprotected
signature header.
This adds two tags: one for the actual digest, and another for the
algorithm, much like with filedigests. The digest tag is specified
as a string array to leave room for future expansion: the idea is
that there could be intermediate snapshots over the payload, and
the last one is always on the entire payload, so an array of just
one is compatible with this specification.
Getting the digest into the main header is fairly complicated since the
package format on-disk is exactly in the opposite order of how we need
to write things there, add a lenghty comment to writeRPM() to explain.
The MD5 digest needs to die, really - it forces a second read over
the entire header + payload for what is practically worthless hash.
Note that there's no code to actually verify this digest at the moment,
nor is there a way to configure the used algorithm, SHA256 is used as the
default for now.
Diffstat (limited to 'tests/rpmgeneral.at')
-rw-r--r-- | tests/rpmgeneral.at | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/tests/rpmgeneral.at b/tests/rpmgeneral.at index 22c483e3a..60f5efe70 100644 --- a/tests/rpmgeneral.at +++ b/tests/rpmgeneral.at @@ -189,6 +189,8 @@ PATCHESFLAGS PATCHESNAME PATCHESVERSION PAYLOADCOMPRESSOR +PAYLOADDIGEST +PAYLOADDIGESTALGO PAYLOADFLAGS PAYLOADFORMAT PKGID |