@jessorensen commented on this pull request.

> +    }
+    rpmlog(RPMLOG_DEBUG, _("key: %s\n"), key);
+    rpmlog(RPMLOG_DEBUG, _("cert: %s\n"), cert);
+    compr = headerGetString(h, RPMTAG_PAYLOADCOMPRESSOR);
+    rpmio_flags = rstrscat(NULL, "r.", compr ? compr : "gzip", NULL);
+    gzdi = Fdopen(fdDup(Fileno(fd)), rpmio_flags);
+    free(rpmio_flags);
+    if (!gzdi)
+       rpmlog(RPMLOG_DEBUG, _("Fdopen() failed\n"));
+    files = rpmfilesNew(NULL, h, RPMTAG_BASENAMES, RPMFI_FLAGS_QUERY);
+    fi = rpmfiNewArchiveReader(gzdi, files,
+                              RPMFI_ITER_READ_ARCHIVE_OMIT_HARDLINKS);

I wish I could, but unfortunately I don't believe it is possible. fsverity 
generates a Merkle tree (basically a tree of digests) and signs the root hash, 
and we cannot derive the root sha from the file sha.

This is what I mentioned in here: 

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
Rpm-maint mailing list

Reply via email to