@pmatilai commented on this pull request.


> +    }
+
+    rpmlog(RPMLOG_DEBUG, _("key: %s\n"), key);
+    rpmlog(RPMLOG_DEBUG, _("cert: %s\n"), cert);
+
+    compr = headerGetString(h, RPMTAG_PAYLOADCOMPRESSOR);
+    rpmio_flags = rstrscat(NULL, "r.", compr ? compr : "gzip", NULL);
+
+    gzdi = Fdopen(fdDup(Fileno(fd)), rpmio_flags);
+    free(rpmio_flags);
+    if (!gzdi)
+       rpmlog(RPMLOG_DEBUG, _("Fdopen() failed\n"));
+
+    files = rpmfilesNew(NULL, h, RPMTAG_BASENAMES, RPMFI_FLAGS_QUERY);
+    fi = rpmfiNewArchiveReader(gzdi, files,
+                              RPMFI_ITER_READ_ARCHIVE_OMIT_HARDLINKS);

Right, silly me. I plead ignorance and amnesia on what little I know about the 
Merkle tree stuff... but now that you remind me, it makes me think there's 
quite a bit of mutual interest here.

There are multiple places in rpm that would benefit from gradually verifiable 
content, starting with the file digests themselves. If rpm stored the Merkle 
hashes for the files at build time, I suppose you could then just sign those? 
And when available, rpm could use those instead of the traditional digests for 
its verify operation for quicker identification of modified content.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1203#discussion_r431652462
_______________________________________________
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Reply via email to