Replies: 3 comments
-
Yeah I was just looking at the document a few days ago and thinking this is so confusing we'd probably be better off without it 😅 The details are more complicated than this, but in broad stokes, the header immutable region (there's only one) is mostly about header-only hashes and signatures. It's a marker in the header that says anything before it is original and anything after it is not. And knowing that, it's possible to calculate the hash of the original header content even after more stuff (such as install time) was added. There's obviously no way to prevent somebody from changing the header content of eg an on-disk file, but doing so will break the hashes and signatures. As per the document, the main driver was to allow verifying signatures (and hashes) of installed packages. |
Beta Was this translation helpful? Give feedback.
-
This is now covered in a bit more detail here: https://rpm-software-management.github.io/rpm/manual/format_header.html#immutable-regions |
Beta Was this translation helpful? Give feedback.
-
The offset in the region trailer in the Data section is supposed to be negative for some reason. I.e. the description of the offset in the second table is not correct. Btw, does deleting of tags via dribbles really work? I didn't think it was possible... |
Beta Was this translation helpful? Give feedback.
-
There is a document introducing the immutable header regions here, But it's hard for someone who is unfamiliar with the history to understand, my question how to understand the immutable header regions? How to make it immutable as the whole package can be re-assembled/packaged. Is there any document to explain the detail? Thanks.
Beta Was this translation helpful? Give feedback.
All reactions