RPM file format changes to support SHA-256

From FedoraProject

Jump to: navigation, search

Using SHA-256 for verifying payload files

RPMTAG_FILEMD5S has a new name, RPMTAG_FILEDIGESTS. A new tag, RPMTAG_FILEDIGESTALGO, specifies the algorithm used for payload file digests, as a number, using the OpenPGP (RFC4880) hash algorithm numbering; if this tag is not present, the default digest algorithm is MD5.

RPMTAG_FILEDIGESTS is a list of strings, each string containing a hash of the type specified by RPMTAG_FILEDIGESTALGO, same as original RPMTAG_FILEMD5S except for the used algorithm and the size of each hash.

When building RPMs, the digest algorithm can be specified using the %_source_filedigest_algorithm and %_binary_filedigest_algorithm macros.


Using SHA-256 in signatures

Instead of DSA/SHA1 signatures, RSA/SHA256 signatures are used. RPM stores RSA signatures in the old SIGTAG_PGP and SIGTAG_RSA tags instead of the SIGTAG_GPG and SIGTAG_DSA tags used for DSA. ("PGP" really means "uses RSA"; the signature is still created using gpg, and %_signature is still gpg.)

In any case, the signature is a simple "detached signature" OpenPGP (RFC4880) packet.

rpm currently cannot handle "version 4" signatures using RSA, and gnupg > 1.4.7 defaults to "version 4" signatures, so

--define '__gpg_sign_cmd %{__gpg} gpg --force-v3-sigs --batch --no-verbose --no-armor --passphrase-fd 3 --no-secmem-warning -u "%{_gpg_name}" -sbo %{__signature_filename} %{__plaintext_filename}'

must be used when signing packages on Fedora >= 9.

If the signer's gnupg configuration is not set to use SHA-256 by default,

--digest-algo sha256

needs to be added to the above macro.