On Mar 10, 2015, at 2:15 AM, srinivasan j v wrote: > hello all > > I'm supposed to you use X509 format for signing . > > I'm trying to sign the CPIO archive of a rpm . I need to package this > signature inside the RPM. I can't add this part of CPIO archive as the > generated signature varies from the signature of newly formed CPIO archive . >
The easiest way to do this is with a detached (or concatenated) X509 signature outside of RPM. > I Tried adding the signature to the Signature tags in the Spec file (for > testing purpose) but it did not work , Do i need to use any arbitary tag for > this ? > Note that signing the CPIO payload has never been done by rpm, and that the header+payload signing/verification was deprecated in 2007 and is not generated by current RPM5, and that X509 format has never been supported by RPM. Much more than a Signature: tag is needed. > Is there any way that i keep these signatures as part of RPM but not as part > of its CPIO archive ? > You can attempt rewriting the *.rpm and adding whatever you wish as additional tag content in the signature header. I'd again suggest that signing the entire *.rpm package, including the cpio payload, and prepending the signature to the *.rpm, and then writing the verification and public key retrieval tool as the best way to achieve your goal of "X509 format for signing". 73 de Jeff > thanks in advance > > regards > srinivasan ______________________________________________________________________ RPM Package Manager http://rpm5.org Developer Communication List rpm-devel@rpm5.org
