Re: [Rpm-maint] [rpm-software-management/rpm] Add pgpVerifySignature2 (PR #2453)

Fri, 31 Mar 2023 00:38:46 -0700 

Some minor wrinkles to sort out on both sides, but this indeed makes a world of 
difference for understanding what's going on:

> [pmatilai🎩︎localhost brpm]$ ./rpmkeys -Kv 
> ~/Downloads/anydesk-6.2.1-1.el8.x86_64.rpm 
/home/pmatilai/Downloads/anydesk-6.2.1-1.el8.x86_64.rpm:
error: Error verifying signature: Verifying a signature using certificate 
D56311E5FF3B6F39D5A16ABE18DF3741CDFFDE29:
  Signature is OK, but key is not trusted: verification relies on legacy crypto
  error: Error verifying signature: Verifying a signature using certificate 
D56311E5FF3B6F39D5A16ABE18DF3741CDFFDE29:
  Signature is OK, but key is not trusted: verification relies on legacy crypto
      Header V3 RSA/SHA1 Signature, key ID cdffde29: BAD
    Header SHA1 digest: OK
    V3 RSA/SHA1 Signature, key ID cdffde29: BAD
    MD5 digest: OK

> [pmatilai🎩︎localhost brpm]$ ./rpmkeys -Kv 
> ~/Downloads/anydesk-6.1.1-1.el8.x86_64.rpm 
/home/pmatilai/Downloads/anydesk-6.1.1-1.el8.x86_64.rpm:
error: Error verifying signature: Verifying a signature using certificate 
D56311E5FF3B6F39D5A16ABE18DF3741CDFFDE29:
  No binding signature at time 2021-04-13T11:08:37Z
  error: Error verifying signature: Verifying a signature using certificate 
D56311E5FF3B6F39D5A16ABE18DF3741CDFFDE29:
  No binding signature at time 2021-04-13T11:08:37Z
      Header V3 RSA/SHA1 Signature, key ID cdffde29: BAD
    Header SHA1 digest: OK
    V3 RSA/SHA1 Signature, key ID cdffde29: BAD
    MD5 digest: OK

This seems more than adequate for 4.18.x but I'm now wondering if we shouldn't 
go ahead and wire this up all the way through in 4.19, there's a long-standing 
need for a saner package verification public API anyway... (#2041) Mind you, 
I'm not expecting you to do that work, just thinking out loud.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/2453#issuecomment-1491451359
You are receiving this because you are subscribed to this thread.

Message ID: <rpm-software-management/rpm/pull/2453/c1491451...@github.com>
_______________________________________________
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Reply via email to