b1aeafef49
On packages where a separate payload digest exists (ie those built with rpm >= 4.14), rpm v3 header+payload signatures are nothing but expensive legacy baggage, as the payload digest will be signed by a header-only signature already, without having to recalculate the entire file. Automatically detect the payload digest presence and only add V3 signatures on packages that need it, but also add an override switch to force their addition if needed for compatibility or so. A particular use-case would be ability to signature-level verify the entire package on rpm older than 4.14. Fixes: #863 |
||
|---|---|---|
| .. | ||
| Makefile.am | ||
| rpmgensig.c | ||
| rpmsign.h | ||
| rpmsignfiles.c | ||
| rpmsignfiles.h | ||