Initial "dgst" implementation for freebsd and alpine packages.#54
Open
oxpa wants to merge 1 commit intosassoftware:masterfrom
Open
Initial "dgst" implementation for freebsd and alpine packages.#54oxpa wants to merge 1 commit intosassoftware:masterfrom
oxpa wants to merge 1 commit intosassoftware:masterfrom
Conversation
Signed-off-by: Igor Ippolitov <iippolitov@gmail.com>
Author
|
Any updates? |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
I'm using relic to sign a bunch of linux packages. Deb, rpm, apk and (not quite linux:) freebsd pkg.
The two latter use openssl dgst or a wrapper for it
Here are sources for APK: https://github.com/alpinelinux/abuild/blob/292a03128e6c08dae5194f0794fe0d55450171ff/abuild-sign.in#L35
And here is a man page that describes BSD approach to signing repos: pkg-repo
The process is roughly the same: one needs an rsa key and pksc1v1.5 signature. Not quite sure if I'm correct in this naming but Crypto.Signer does exactly what's needed.
The implementation is quite straightforward: just get the key and sign. There is no filetype associated with the signer. Nor there is a way to verify the signature: if I get it right - currently there is no way to pass specific key to use for verification. But
openssl pkeyutldoes that for me.Let me know if there is anything I can improve in this code.