Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Require that deltarpms be v3 and signed #1466

Open
DemiMarie opened this issue Mar 11, 2022 · 2 comments
Open

Require that deltarpms be v3 and signed #1466

DemiMarie opened this issue Mar 11, 2022 · 2 comments

Comments

@DemiMarie
Copy link

v3 deltarpms can be signed, and libdnf should verify the signature before passing them to drpm. The payload digest will be wrong, but that is okay since the header+payload signature can still be validated. This means that header+payload signatures will be required for deltarpms.

@j-mracek
Copy link
Contributor

I am really sorry but I do not know what we can do with it or what plans are for deltarpm in future. We believe that verification will be not easy and we would prefer if a library or deltarpm will do it for us.

@DemiMarie
Copy link
Author

@j-mracek deltarpm does not have any signature verification functionality. Verification can be handled by librpm itself, as with normal RPMs.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants