diff options
| author | Panu Matilainen <pmatilai@redhat.com> | 2017-05-12 11:48:16 +0300 |
|---|---|---|
| committer | Panu Matilainen <pmatilai@redhat.com> | 2017-05-12 12:16:11 +0300 |
| commit | 3ccd9ccf50c8d643f9dcd956155720018429beed (patch) | |
| tree | c4eedb3cc413937e8d8ea92723793f4d47d0f8ef /tests/rpmi.at | |
| parent | 101cba0c07df5a8996a9154ba87594348ea642f6 (diff) | |
| download | rpm-3ccd9ccf50c8d643f9dcd956155720018429beed.tar.gz | |
Use the signature checking code to read all package files
Both read package files and verify signatures, it only makes sense
to use the same code for both.
This does have significant consequences of course: we are now validating
ALL non-disabled header-only signatures and digests when reading
packages with rpmReadPackageFile() instead of just one that we figured
might be the best, if available. On one hand, it's a bit wasteful
since a good signature could be considered to make digests moot,
but then once we have real signature policies we might need to process
more than one signature to come to a conclusion anyway. For now,
just let it waste a few more cycles verifying redundancies.
Diffstat (limited to 'tests/rpmi.at')
| -rw-r--r-- | tests/rpmi.at | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/tests/rpmi.at b/tests/rpmi.at index b14e46341..8d20283f9 100644 --- a/tests/rpmi.at +++ b/tests/rpmi.at @@ -162,6 +162,8 @@ runroot rpm -U --ignorearch --ignoreos --nodeps \ [1], [], [error: /tmp/hello-2.0-1.x86_64-signed.rpm: Header V4 RSA/SHA256 Signature, key ID 1964c5fc: BAD +error: /tmp/hello-2.0-1.x86_64-signed.rpm: Header SHA1 digest: BAD Expected(5cd9874c510b67b44483f9e382a1649ef7743bac) != (4261b2c1eb861a4152c2239bce20bfbcaa8971ba) +error: /tmp/hello-2.0-1.x86_64-signed.rpm: Header SHA256 digest: BAD Expected(ef920781af3bf072ae9888eec3de1c589143101dff9cc0b561468d395fb766d9) != (29fdfe92782fb0470a9a164a6c94af87d3b138c63b39d4c30e0223ca1202ba82) error: /tmp/hello-2.0-1.x86_64-signed.rpm cannot be installed ]) AT_CLEANUP |