Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update(build): Switch from RSA/SHA1 to RSA/SHA256 signature in the RPM package #2044

Merged
merged 1 commit into from
Jun 10, 2022
Merged

update(build): Switch from RSA/SHA1 to RSA/SHA256 signature in the RPM package #2044

merged 1 commit into from
Jun 10, 2022

Conversation

vjjmiras
Copy link
Contributor

@vjjmiras vjjmiras commented Jun 7, 2022
edited by FedeDP
Loading

Signed-off-by: Vicente J. Jiménez Miras [email protected]

What type of PR is this?

Uncomment one (or more) /kind <> lines:

/kind bug

/kind cleanup

/kind design

/kind documentation

/kind failing-test

/kind feature

If contributing rules or changes to rules, please make sure to also uncomment one of the following line:

/kind rule-update

/kind rule-create

Any specific area of the project related to this PR?

Uncomment one (or more) /area <> lines:

/area build

/area engine

/area rules

/area tests

/area proposals

What this PR does / why we need it:

Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

update(build): Switch from RSA/SHA1 to RSA/SHA256 signature in the RPM package

@poiana
Copy link
Contributor

poiana commented Jun 7, 2022

Welcome @vjjmiras! It looks like this is your first PR to falcosecurity/falco 🎉

@poiana poiana added the size/XS label Jun 7, 2022
@poiana poiana requested review from jonahjon and mfdii June 7, 2022 21:19
@vjjmiras
Copy link
Contributor Author

vjjmiras commented Jun 8, 2022
edited
Loading

There are 3 options to add this flag:

  1. The one used in this commit, adding a macro to pass --digest-algo sha256 to the gpg binary, in the ~/.rpmmacros file.
  2. In the Expect script, adding "--digest-algo sha256" between the 'rpm sign --addsign' and the '{*}$argv', like 'rpm sign --addsign --digest-algo sha256 {*}$argv'
  3. In the .circle/config.yml file, as a parameter to the Expect script, like ./sign --digest-algo sha256 *rpm

I tried the 3 options locally inside a falcosecurit/falco-builder based container, and they all gave me the same results:

# rpm --qf '%{SIGPGP:pgpsig}\n' -q -p test.rpm
warning: test.rpm: Header V4 RSA/SHA256 Signature, key ID a2559cf9: NOKEY
RSA/SHA256, Wed Jun 8 07:59:54 2022, Key ID f27799c2a2559cf9

The warning responds to the lack of the public key imported to the RPM database.

@jasondellaluce
Copy link
Contributor

/milestone 0.33.0

@poiana poiana added this to the 0.33.0 milestone Jun 8, 2022
@FedeDP
Copy link
Contributor

FedeDP commented Jun 10, 2022

LGTM :) thank you very much!

@poiana poiana added the lgtm label Jun 10, 2022
@poiana
Copy link
Contributor

poiana commented Jun 10, 2022

LGTM label has been added.

Git tree hash: c878d627589a24fbbd4a700a6592444f7cfc58db

@poiana poiana requested a review from leogr June 10, 2022 15:10
@poiana poiana added the lgtm label Jun 10, 2022
@poiana
Copy link
Contributor

poiana commented Jun 10, 2022

LGTM label has been added.

Git tree hash: c878d627589a24fbbd4a700a6592444f7cfc58db

jasondellaluce
jasondellaluce approved these changes Jun 10, 2022
View reviewed changes
Copy link
Contributor

@jasondellaluce jasondellaluce left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/approve

@poiana
Copy link
Contributor

poiana commented Jun 10, 2022

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jasondellaluce, vjjmiras

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@poiana poiana merged commit 83700d6 into falcosecurity:master Jun 10, 2022
@jasondellaluce jasondellaluce modified the milestones: 0.33.0, 0.32.1 Jun 17, 2022
@vjjmiras vjjmiras deleted the rpm-sha256 branch January 26, 2023 09:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jasondellaluce jasondellaluce jasondellaluce approved these changes

@leogr leogr leogr approved these changes

@jonahjon jonahjon Awaiting requested review from jonahjon

@mfdii mfdii Awaiting requested review from mfdii

Assignees

@leogr leogr

@jasondellaluce jasondellaluce

Labels
approved area/build dco-signoff: yes kind/feature lgtm release-note size/XS
Projects
None yet
Milestone
0.32.1
Development

Successfully merging this pull request may close these issues.
5 participants
@vjjmiras @poiana @jasondellaluce @FedeDP @leogr