-
Notifications
You must be signed in to change notification settings - Fork 32
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Be able to Sign existing RPM file #75
Comments
Hm, this can be tricky. I know this topic came up once or twice. And I am glad the code could help you learn :) I think it should be possible to build something. As there are two header sections, one "only" needs to take the existing file, and write a new signature header, including the signature. All the rest can probably stay as is. Having said that, there currently is no functionality in the code-base to perform this task. Reading and writing back an RPM file could work, but is not a non-destructive process, as the RPM library involved doesn't implement 100% of the RPM "spec". It can read and understand what is required, and write a file with the expected outcome. But, there is not 100% model of "an RPM" internally. But I also think that you don't really need to read and understand the full RPM. The basic structure is:
One can simply copy 1, 3, and 4. Digest 3 + 4, sign the digest, and then write 1, new 2, 3, and 4. If you are interested in working on this, I might be able to guide you into the right direction. It might also be better to take the base feature to the base library: https://github.com/eclipse/packager … adding a Maven command for this later on in this project. |
I'm working on https://github.com/groupe-edf/packager/tree/feature_sign_existing_rpm. |
I think this is heading in the right direction. I don't think you need to implement the |
I think using |
I think I am close to the solution. |
I get an error when I try to parse the file again after signature. I got : I checked and it is because RpmInputStream is not reading completely the signature header... In the writeSignatureHeader method of RpmWriter, I see a "padding" is written into the file but I don't know what it is. Do you have any idea? |
Right, the signature header must be a size that can be divided by 8. If that's not the case, then you need to add more zero bytes until this is true. |
It is working now. After import the public key :
But I would like to develop a "SignatureChecker" directly in packager. |
Yay :) Cool, great achievement. Implementing a validation tool would be cool indeed. But would also be much more complicated. I don't want to discourage you :) I a nutshell, you need to:
That would give you:
And I probably missed something here :) |
Thanks for your help ! I'm trying to implement signature check at least for the units tests. |
Hello @ctron,
I'm looking for a way to sign existing RPM files with Java and to include the signature in the header.
Reading your code really help me to understand how RPM is built and how rpm-packager works.
Actually I didn't find any way to sign an existing RPM. So I would like to know your opinion to make this, or if there is a simplier way that I don't know.
For the moment, I was thinking about a Class RpmOutputStream wich would be construct with a RpmInputStream and allows to modify somes part of the file like metadatas ...
The text was updated successfully, but these errors were encountered: