@jessorensen commented on this pull request.
> + }
+
+ rpmlog(RPMLOG_DEBUG, _("key: %s\n"), key);
+ rpmlog(RPMLOG_DEBUG, _("cert: %s\n"), cert);
+
+ compr = headerGetString(h, RPMTAG_PAYLOADCOMPRESSOR);
+ rpmio_flags = rstrscat(NULL, "r.", compr ? compr : "gzip", NULL);
+
+ gzdi = Fdopen(fdDup(Fileno(fd)), rpmio_flags);
+ free(rpmio_flags);
+ if (!gzdi)
+ rpmlog(RPMLOG_DEBUG, _("Fdopen() failed\n"));
+
+ files = rpmfilesNew(NULL, h, RPMTAG_BASENAMES, RPMFI_FLAGS_QUERY);
+ fi = rpmfiNewArchiveReader(gzdi, files,
+ RPMFI_ITER_READ_ARCHIVE_OMIT_HARDLINKS);
I wish I could, but unfortunately I don't believe it is possible. fsverity
generates a Merkle tree (basically a tree of digests) and signs the root hash,
and we cannot derive the root sha from the file sha.
This is what I mentioned in here:
https://github.com/rpm-software-management/rpm/issues/1121#issuecomment-621421288
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1203#discussion_r431335773_______________________________________________
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint
