@pmatilai commented on this pull request.

> +    }
+    rpmlog(RPMLOG_DEBUG, _("key: %s\n"), key);
+    rpmlog(RPMLOG_DEBUG, _("cert: %s\n"), cert);
+    compr = headerGetString(h, RPMTAG_PAYLOADCOMPRESSOR);
+    rpmio_flags = rstrscat(NULL, "r.", compr ? compr : "gzip", NULL);
+    gzdi = Fdopen(fdDup(Fileno(fd)), rpmio_flags);
+    free(rpmio_flags);
+    if (!gzdi)
+       rpmlog(RPMLOG_DEBUG, _("Fdopen() failed\n"));
+    files = rpmfilesNew(NULL, h, RPMTAG_BASENAMES, RPMFI_FLAGS_QUERY);
+    fi = rpmfiNewArchiveReader(gzdi, files,
+                              RPMFI_ITER_READ_ARCHIVE_OMIT_HARDLINKS);

Mmh. Reading through the entire archive unpacking things as we go is expensive 
and very much out of the ordinary for signing. 

Could you instead use rpm's file hash algorithm for the purpose, ie if rpm's 
file digests are sha256 then use that for verity too so you don't need to 

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
Rpm-maint mailing list

Reply via email to