Some minor wrinkles to sort out on both sides, but this indeed makes a world of
difference for understanding what's going on:
> [pmatilai🎩︎localhost brpm]$ ./rpmkeys -Kv
> ~/Downloads/anydesk-6.2.1-1.el8.x86_64.rpm
/home/pmatilai/Downloads/anydesk-6.2.1-1.el8.x86_64.rpm:
error: Error verifying signature: Verifying a signature using certificate
D56311E5FF3B6F39D5A16ABE18DF3741CDFFDE29:
Signature is OK, but key is not trusted: verification relies on legacy crypto
error: Error verifying signature: Verifying a signature using certificate
D56311E5FF3B6F39D5A16ABE18DF3741CDFFDE29:
Signature is OK, but key is not trusted: verification relies on legacy crypto
Header V3 RSA/SHA1 Signature, key ID cdffde29: BAD
Header SHA1 digest: OK
V3 RSA/SHA1 Signature, key ID cdffde29: BAD
MD5 digest: OK
> [pmatilai🎩︎localhost brpm]$ ./rpmkeys -Kv
> ~/Downloads/anydesk-6.1.1-1.el8.x86_64.rpm
/home/pmatilai/Downloads/anydesk-6.1.1-1.el8.x86_64.rpm:
error: Error verifying signature: Verifying a signature using certificate
D56311E5FF3B6F39D5A16ABE18DF3741CDFFDE29:
No binding signature at time 2021-04-13T11:08:37Z
error: Error verifying signature: Verifying a signature using certificate
D56311E5FF3B6F39D5A16ABE18DF3741CDFFDE29:
No binding signature at time 2021-04-13T11:08:37Z
Header V3 RSA/SHA1 Signature, key ID cdffde29: BAD
Header SHA1 digest: OK
V3 RSA/SHA1 Signature, key ID cdffde29: BAD
MD5 digest: OK
This seems more than adequate for 4.18.x but I'm now wondering if we shouldn't
go ahead and wire this up all the way through in 4.19, there's a long-standing
need for a saner package verification public API anyway... (#2041) Mind you,
I'm not expecting you to do that work, just thinking out loud.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/2453#issuecomment-1491451359
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/pull/2453/c1491451...@github.com>
_______________________________________________
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint