libdnf icon indicating copy to clipboard operation
libdnf copied to clipboard

Published 20 hours ago verified publisher icon rpm-software-management

Require that deltarpms be v3 and signed

Open DemiMarie opened this issue 3 years ago • 2 comments

v3 deltarpms can be signed, and libdnf should verify the signature before passing them to drpm. The payload digest will be wrong, but that is okay since the header+payload signature can still be validated. This means that header+payload signatures will be required for deltarpms.

DemiMarie avatar Mar 11 '22 19:03 DemiMarie

I am really sorry but I do not know what we can do with it or what plans are for deltarpm in future. We believe that verification will be not easy and we would prefer if a library or deltarpm will do it for us.

j-mracek avatar Mar 14 '22 12:03 j-mracek

@j-mracek deltarpm does not have any signature verification functionality. Verification can be handled by librpm itself, as with normal RPMs.

DemiMarie avatar Mar 14 '22 16:03 DemiMarie