Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

go-rpm does not support newer signature tags #1569

Open
mstg opened this issue Jun 27, 2023 · 0 comments
Open

go-rpm does not support newer signature tags #1569

mstg opened this issue Jun 27, 2023 · 0 comments
Labels
enhancement New feature or request

Comments

@mstg
Copy link

mstg commented Jun 27, 2023

Description

Currently Rekor uses version v0.0.0-20200122174316-8cb9fd9c31a8 of go-rpm. Neither this or newer version of this RPM library supports newer signature tags like RSAHEADER or DSAHEADERrpm docs.

This can be problematic as after rpm 4.14 the default behavior is to not populate the older signature tags (header+payload signature vs header only signature)rpmsign.

Since Rekor is already using an older version, I'm not opposed to forking the package and adding support for the new signature tags. I've already tried it locally and was able to log and verify RSAHEADER/DSAHEADER only RPMs.

Wanted to hear some opinions if that would be a viable strategy or not.

Thanks!
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mstg