[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Preliminary rpm-4.1 test release

There's a (very) preliminary version of rpm-4.1 available for testing at

	ftp://ftp.rpm.org/pub/rpm/test-4.1

There's a src.rpm and binary packages compiled against Red Hat 7.2
that should work on all 7x platforms.

These packages are entirely incompatible with everything linked against
rpmlib, so, if you need/use rpmfind, rpm2html, gnorpm, kpackage, up2date,
red-carpet or anything else that uses rpmlib, these packages are not for
you.

The point of this test release is to get feedback on the API changes.

If you think you have better ideas than mine, or are otherwise concerned
about the API changes, then now would be a very good time to let me
know, as 4 weeks from now I'm not going to care too much. Well I'll
care, but there won't be too much that I will be able to do.

There are several goals in rpm-4.1:

1) a new, header-only, digital signature for packages.
2) replacing headers with smaller data structures.
3) enriching and stabilizing the rpmlib API.
4) generally eliminating a lot of aging and no longer necessary
crufty code.

Both 2) and 3) are gonna be quite painful for developers, as the
entire rpmlib API has changed. What's good is that I can now expose
more of the internals of rpmlib opaquely. What's bad is that everything
has changed. Here's a couple of hints, I'll be happy to answer questions
as needed, there's not a whole lot of rocket science here.

For better or worse, I'm trying to follow Slovak naming conventions. That
means that a function "rpmtsFoo" is permitted to access "rpmts". I'm
unsure whether this is a good idea or not, but that's the rule I'm trying
to follow.

The basic data types in rpmlib have been
	rpmTransactionSet
	Header
	rpmdb		rpm databasee

In rpm-4.1 there are the following types
	rpmts		transaction set
	rpmte		transactinion element
	rpmds		dependency set
	rpmfi		file info
	rpmdb		rpm databasee

There are toy, mostly readonly, methods to get at the innards, sufficient
to export the data structures opaquely. What's still needed is to add
more useful methods, particularly for transactions, as that is most
likely what

The python bindings are also changing to reflect more closely the above
structure.

Below is a short description of the signature changes.

Oh yeah, if you have the rpmdb-redhat package installed, rpm will actually
try to suggest a package that solves a dependency. That's sure to be
a popular CLI feature. :-)

==========================================================================
Both DSA/RSA signature verification using RFC-2440 OpenPGP V3
packets are now implemented directly in rpm. The signature,
if available, is always verified when reading a package.

Signing is done with gpg/pgp helpers as always, and both a new,
header-only, as well as the Good Old header+payload signature
are generated. In fact, all of Red Hat 7.3 was signed with rpm-4.1,
so both signatures should be present in 7.3 packages.

What's also new is pubkey management using --import. Basically
	rpm --import /usr/lib/rpm/RPM-GPG-KEY
(or any ascii armored OpenPGP pubkey) will wrap the binary OpenPGP
packet in a header, and install much like any other package.

Here's what you see if you have not imported the correct pubkey(s):

bash$ sudo rpm -Uvh /B/7.3/rpm/4.0.4-7x.18/i386/*
warning: /B/7.3/rpm/4.0.4-7x.18/i386/popt-1.6.4-7x.18.i386.rpm: Header V3 DSA signature: NOKEY, key ID db42a60e
...

Here's what the Red Hat pubkeys look like when imported:
==========================================================================
bash$ rpm -qa | grep pubkey
gpg-pubkey-0352860f-3c3cb5e4
gpg-pubkey-db42a60e-37ea5438

bash$ rpm -qi gpg-pubkey-db42a60e
Name        : gpg-pubkey                   Relocations: (not relocateable)
Version     : db42a60e                          Vendor: (none)
Release     : 37ea5438                      Build Date: Sat 16 Mar 2002 10:47:53 AM EST
Install date: Sat 16 Mar 2002 10:47:53 AM EST      Build Host: localhost
Group       : Public Keys                   Source RPM: (none)
Size        : 0                                License: pubkey
Summary     : gpg(Red Hat, Inc <security@redhat.com>)
Description :
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: rpm-4.1 (beecrypt-2.2.0)

mQGiBDfqVDgRBADBKr3Bl6PO8BQ0H8sJoD6p9U7Yyl7pjtZqioviPwXP+DCWd4u8HQzcxAZ5
7m8ssA1LK1Fx93coJhDzM130+p5BG9mYSWShLabR3N1KXdXQYYcowTOMGxdwYRGr1Spw8Qyd
LhjVfU1VSl4xt6bupPbWJbyjkg5Z3P7BlUOUJmrx3wCgobNVEDGaWYJcch5z5B1of/41G8kE
AKii6q7Gu/vhXXnLS6m15oNnPVybyngiw/23dKjSZVG7rKANEK2mxg1VB+vc/uUc4k49UxJJ
fCZg1gu1sPFV3GSa+Y/7jsiLktQvCiLPlncQt1dV+ENmHR5BdIDPWDzKBVbgWnSDnqQ6KrZ7
T6AlZ74VMpjGxxkWU6vV2xsWXCLPA/9P/vtImA8CZN3jxGgtK5GGtDNJ/cMhhuv5tnfwFg4b
/VGo2Jr8mhLUqoIbE6zeGAmZbUpdckDco8D5fiFmqTf5+++pCEpJLJkkzel/32N2w4qzPrcR
MCiBURESPjCLd4Y5rPoU8E4kOHc/4BuHN903tiCsCPloCrWsQZ7UdxfQ5LQiUmVkIEhhdCwg
SW5jIDxzZWN1cml0eUByZWRoYXQuY29tPohVBBMRAgAVBQI36lQ4AwsKAwMVAwIDFgIBAheA
AAoJECGRgM3bQqYOsBQAnRVtg7B25Hm11PHcpa8FpeddKiq2AJ9aO8sBXmLDmPOEFI75mpTr
KYHF6rkCDQQ36lRyEAgAokgI2xJ+3bZsk8jRA8ORIX8DH05UlMH27qFYzLbT6npXwXYIOtVn
0K2/iMDj+oEB1Aa2au4OnddYaLWp06v3d+XyS0t+5ab2ZfIQzdh7wCwxqRkzR+/H5TLYbMG+
hvtTdylfqIX0WEfoOXMtWEGSVwyUsnM3Jy3LOi48rQQSCKtCAUdV20FoIGWhwnb/gHU1BnmE
S6UdQujFBE6EANqPhp0coYoIhHJ2oIO8ujQItvvNaU88j/s/izQv5e7MXOgVSjKe/WX3s2Jt
B/tW7utpy12wh1J+JsFdbLV/t8CozUTpJgx5mVA3RKlxjTA+On+1IEUWioB+iVfT7Ov/0kcA
zwADBQf9E4SKCWRand8K0XloMYgmipxMhJNnWDMLkokvbMNTUoNpSfRoQJ9EheXDxwMpTPwK
ti/PYrrL2J11P2ed0x7zm8v3gLrY0cue1iSba+8glY+p31ZPOr5ogaJw7ZARgoS8BwjyRymX
Qp+8Dete0TELKOL2/itDOPGHW07SsVWOR6cmX4VlRRcWB5KejaNvdrE54XFtOd04NMgWI63u
qZc4zkRa+kwEZtmbz3tHSdRCCE+Y7YVP6IUf/w6YPQFQriWYFiA6fD10eB+BlIUqIw80Vgjs
BKmCwvKkn4jg8kibXgj4/TzQSx77uYokw1EqQ2wkOZoaEtcubsNMquuLCMWijYhGBBgRAgAG
BQI36lRyAAoJECGRgM3bQqYOhyYAnj7hVDY/FJAGqmtZpwVp9IlitW5tAJ4xQApr/jNFZCTk
snI+4O1765F7tA==
=3AHZ
-----END PGP PUBLIC KEY BLOCK-----
==========================================================================

For the extremely security conscious and the overly curious, I note the
following limitations:

	1) there's no attempt (yet) to verify the signature on the
	pubkey before verifying the package signature.

	2) there's no attempt (yet) to implement any trust model using
	OpenPGP packets.

	3) only V3 signatures are implemented ATM.

If that's not to your taste, then you can export the signature from a
package and verify using gpg outside of rpm. For example, here's a
short script that verifies good old header+payload signatures of
a package using gpg:

==========================================================================
#!/bin/sh

for pkg in $*
do
    if [ "$pkg" = "" -o ! -e "$pkg" ]; then
        echo "no package supplied" 1>&2
        exit 1
    fi

    plaintext=`mktemp $0-$$.XXXXXX`
    detached=`mktemp $0-$$.XXXXXX`

# --- Extract detached signature
    rpm -qp -vv --qf '%{siggpg:armor}' $pkg > $detached

# --- Figger the offset of header+payload in the package
    leadsize=96
    o=`expr $leadsize + 8`

    set `od -j $o -N 8 -t u1 $pkg`
    il=`expr 256 \* \( 256 \* \( 256 \* $2 + $3 \) + $4 \) + $5`
    dl=`expr 256 \* \( 256 \* \( 256 \* $6 + $7 \) + $8 \) + $9`

    sigsize=`expr 8 + 16 \* $il + $dl`
    o=`expr $o + $sigsize + \( 8 - \( $sigsize \% 8 \) \) \% 8`

# --- Extract header+payload
    dd if=$pkg ibs=$o skip=1 2>/dev/null > $plaintext

# --- Verify DSA signature using gpg
    gpg --batch -vv --debug 0xfc02 --verify $detached $plaintext

# --- Clean up
    rm -f $detached $plaintext
done
==========================================================================

73 de Jeff

-- 
Jeff Johnson	ARS N3NPQ
jbj@redhat.com (jbj@jbj.org)
Chapel Hill, NC
[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []