emo/xbps
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

lib/, bin/: fix signature type, now called *.sig2

Browse Source 
Since 8d5c48b, xbps has used a sha1 ASN1 prefix with a sha256 hash, and
as of openssl v3, openssl cares about this. This works around that in a
compatible way by moving to a second sig file, binpkg.sig2.

For xbps-remove -O and xbps-rindex -r, also clean up obselete .sig files.
This commit is contained in:
classabbyamp
2023-08-08 00:36:10 -04:00
committed by Duncan Overbruck
parent e2ab72082e
commit 406f109100
7 changed files with 31 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/verifysig.c
View File

@@ -63,7 +63,7 @@ rsa_verify_hash(struct xbps_repo *repo, xbps_data_t pubkey,
return false;
}
rv = RSA_verify(NID_sha1, sha256, SHA256_DIGEST_LENGTH, sig, siglen, rsa);
rv = RSA_verify(NID_sha256, sha256, SHA256_DIGEST_LENGTH, sig, siglen, rsa);
RSA_free(rsa);
BIO_free(bio);
ERR_free_strings();
@@ -144,7 +144,7 @@ xbps_verify_file_signature(struct xbps_repo *repo, const char *fname)
return false;
}
snprintf(sig, sizeof sig, "%s.sig", fname);
snprintf(sig, sizeof sig, "%s.sig2", fname);
val = xbps_verify_signature(repo, sig, digest);
return val;