signFile() in sign/rpmsignfiles.c creates an array of zeroes
(https://github.com/rpm-software-management/rpm/blob/master/sign/rpmsignfiles.c#L44)
and then passes those zeroes unmodified as the input to imv-evm-util's
sign_hash()
(https://github.com/rpm-software-management/rpm/blob/master/sign/r
The point of that commit is that those digests are already in the desired
binary format inside the file objects, so there's no need to do it again.
AFAICS the problem is that it's still passing digest and diglen to sign_hash()
when it should pass fdigest instead:
```
--- a/sign/rpmsignfiles.c
+
Oh and thanks for spotting and reporting, shipping regressions is never nice.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/723#issuecomment-498586931___
Should be fixed in PR #734 , but I'd still appreciate if you can verify, and
also for a full reproducer, like said I'm not at all convinced I'm doing the
right thing with these tools.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on
https://gist.github.com/dashea/ffe49cb5703d3e44870d71006bfeedd0 is a script
that will create an rpm and all of the necessary keys, run rpmsign --signfiles,
and verify the results. I ran it against
https://github.com/rpm-software-management/rpm/pull/734 and the signature is
correct.
--
You ar
Closed #723 via 143b9ead7ffd7ab234ace05f25c6d1de1d700a7e.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/723#event-2390339867_
Thanks for verifying, and for the script! I'll try to make a test-case out of
that as time permits.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/723#issuecomment-49897
