@jessorensen commented on this pull request.


> +    }
+
+    rpmlog(RPMLOG_DEBUG, _("key: %s\n"), key);
+    rpmlog(RPMLOG_DEBUG, _("cert: %s\n"), cert);
+
+    compr = headerGetString(h, RPMTAG_PAYLOADCOMPRESSOR);
+    rpmio_flags = rstrscat(NULL, "r.", compr ? compr : "gzip", NULL);
+
+    gzdi = Fdopen(fdDup(Fileno(fd)), rpmio_flags);
+    free(rpmio_flags);
+    if (!gzdi)
+       rpmlog(RPMLOG_DEBUG, _("Fdopen() failed\n"));
+
+    files = rpmfilesNew(NULL, h, RPMTAG_BASENAMES, RPMFI_FLAGS_QUERY);
+    fi = rpmfiNewArchiveReader(gzdi, files,
+                              RPMFI_ITER_READ_ARCHIVE_OMIT_HARDLINKS);

I wish I could, but unfortunately I don't believe it is possible. fsverity 
generates a Merkle tree (basically a tree of digests) and signs the root hash, 
and we cannot derive the root sha from the file sha.

This is what I mentioned in here: 
https://github.com/rpm-software-management/rpm/issues/1121#issuecomment-621421288

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1203#discussion_r431335773
_______________________________________________
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Reply via email to