Re: signing RPM packages with SHA256

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 01/20/2016 01:37 AM, Alice Wonder wrote:
> hi,
> 
> I noticed that RPM packages I sign use SHA1
> 
> Signature   : RSA/SHA1, Fri 08 Jan 2016 10:50:58 AM PST, Key ID
> ad3b591d147abf59
> 
> Signatures from CentOS 7 use SHA256
> 
> Signature   : RSA/SHA256, Wed 06 Jan 2016 08:54:58 AM PST, Key ID
> 24c6a8a7f4a80eb5
> 
> I'm trying to find where / how to use sha256 when I sign packages but I
> am not having much luck. Closest I have found is this :
> 
> https://fedoraproject.org/wiki/RPM_file_format_changes_to_support_SHA-256
> 
> That page appears to be from 2009 and six years is a really long time,
> things change a lot.
> 
> Is there an up to date reference somewhere on RPM package signing that I
> haven't stumbled upon yet?
> 
> SHA1 is broken. I shouldn't be using it.
> 
> CentOS 7 is all I build packages for.
> 

In your .rpmmacros file .. try setting:

_binary_filedigest_algorithm SHA256

or from the command line:

rpm --define '_binary_filedigest_algorithm SHA256' <current_line>

=====

if some some reason it does not like the SAH256 value .. try 8 instead.  So:

rpm --define '_binary_filedigest_algorithm 8'

or in .rpmmacros:

_binary_filedigest_algorithm 8

Thanks,
Johnny Hughes



Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux