You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
74 lines
3.7 KiB
74 lines
3.7 KiB
7 years ago
|
diff -up yum-3.4.3/docs/yum.conf.5.orig yum-3.4.3/docs/yum.conf.5
|
||
|
--- yum-3.4.3/docs/yum.conf.5.orig 2017-10-26 11:13:52.013324456 +0200
|
||
|
+++ yum-3.4.3/docs/yum.conf.5 2017-10-26 11:15:37.733858789 +0200
|
||
|
@@ -106,28 +106,34 @@ default for all repositories. The defaul
|
||
|
|
||
|
.IP
|
||
|
\fBpayload_gpgcheck\fR
|
||
|
-Either `1' or `0'. This tells yum whether or not it should also perform a GPG
|
||
|
-signature check on the payload (part of a package holding the actual files that
|
||
|
-comprise the package).
|
||
|
-
|
||
|
-By default, yum only performs GPG signature checks on package headers.
|
||
|
-Thus, if the payload data has been tampered with or corrupted, yum will fail in
|
||
|
-the middle of the transaction due to an RPM unpacking error, after some
|
||
|
-unverified scriptlets might have already run, and possibly leave the package in
|
||
|
-question partly installed.
|
||
|
-
|
||
|
-To prevent all of that, you can enable this option to extend the signature
|
||
|
-check to also include the payload, so that yum can avoid running the
|
||
|
-transaction in case of payload corruption.
|
||
|
-This slightly improves security, however at the expense of significantly
|
||
|
-increased transaction time, so you may want to only use this option when
|
||
|
-package corruption is a concern.
|
||
|
+Either `1' or `0'. This tells yum whether or not it should perform a v3
|
||
|
+signature check on packages when \fBgpgcheck\fR (or \fBlocalpkg_gpgcheck\fR for
|
||
|
+local packages) is enabled.
|
||
|
+
|
||
|
+There are two types of GPG signatures generated by rpm: v3 (on header+payload)
|
||
|
+and v4 (on header only). When rpm signs a package, it creates both types. Yum
|
||
|
+can verify any of them before the transaction, depending on which options are
|
||
|
+set. When \fBgpgcheck\fR is enabled and this option is disabled, yum will
|
||
|
+verify v4 signatures only. When both \fBgpgcheck\fR and this option are
|
||
|
+enabled, yum will verify both v4 and v3 signatures (equivalent to running "rpm
|
||
|
+\-\-checksig"). The same rules apply to local packages and the
|
||
|
+\fBlocalpkg_gpgcheck\fR option accordingly.
|
||
|
+
|
||
|
+Since the header contains sha256 digests of individual files in the payload (a
|
||
|
+gzip-compressed cpio archive of files used in the package), verifying the
|
||
|
+header signature (v4) is sufficient to ensure authenticity and integrity of the
|
||
|
+whole package. After rpm unpacks the payload, it moves the files to their
|
||
|
+destination paths one by one after they pass the digest check. If a file
|
||
|
+doesn't pass, it won't be moved and the transaction will abort. However,
|
||
|
+because no rollback is done in such a case, the package may end up in the
|
||
|
+partially installed state.
|
||
|
+
|
||
|
+By verifying v3 signatures, yum will detect payload tamper before the
|
||
|
+transaction. While this will slightly increase processing time for big
|
||
|
+transactions and/or packages, it will prevent such broken installs and enhance
|
||
|
+security.
|
||
|
|
||
|
-For this option to have effect, make sure to also enable gpgcheck (or
|
||
|
-localpkg_gpgcheck for local packages).
|
||
|
-
|
||
|
-When this option is set in the [main] section it sets the default for all
|
||
|
-repositories. The default is `0'.
|
||
|
+The default is `0'.
|
||
|
|
||
|
.IP
|
||
|
\fBskip_broken\fR
|
||
|
diff -up yum-3.4.3/rpmUtils/miscutils.py.orig yum-3.4.3/rpmUtils/miscutils.py
|
||
|
--- yum-3.4.3/rpmUtils/miscutils.py.orig 2017-10-26 11:13:49.637334921 +0200
|
||
|
+++ yum-3.4.3/rpmUtils/miscutils.py 2017-10-26 11:15:43.141834969 +0200
|
||
|
@@ -61,8 +61,8 @@ def compareVerOnly(v1, v2):
|
||
|
def checkSig(ts, package, payload=False):
|
||
|
"""Takes a transaction set and a package, check it's sigs.
|
||
|
|
||
|
- By default, only RPMv4 sigs (header-only) will be verified (faster). By
|
||
|
- setting payload to True, RPMv3 sigs (header+payload) will also be verified
|
||
|
+ By default, only v4 sigs (header-only) will be verified (faster). By
|
||
|
+ setting payload to True, v3 sigs (header+payload) will also be verified
|
||
|
(slower).
|
||
|
|
||
|
return 0 if they are all fine
|