-
-
Notifications
You must be signed in to change notification settings - Fork 160
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: update protonmail/crypto #680
Conversation
Signed-off-by: Carlos Alexandro Becker <[email protected]>
Deploying with Cloudflare Pages
|
I am unsure why this would break contos, we are using sha256 for signing nor sha1 which GopenPGP still supports |
Signed-off-by: Carlos Alexandro Becker <[email protected]>
as far as I gathered, centos still uses an old version of the signature, which is supported by golang/x/crypto/openpgp, but not by the protonmail fork (because it is very old) |
Codecov Report
@@ Coverage Diff @@
## main #680 +/- ##
==========================================
+ Coverage 75.81% 75.86% +0.04%
==========================================
Files 14 14
Lines 2956 2962 +6
==========================================
+ Hits 2241 2247 +6
Misses 506 506
Partials 209 209
|
Signed-off-by: Carlos Alexandro Becker <[email protected]>
ProtonMail/go-crypto#164 maybe try |
hmmm still getting
so maybe there is something else wrong |
Okay, for reference:
RPM 4.18 seems to work, the older versions don't. |
4.18 changelog: https://rpm.org/wiki/Releases/4.18.0 there's a lot of signature and openpgp related changes and fixes. I'm leaning towards supporting RPM 4.18+ for signed packages for now on, and that's it 🤔 |
so it seems rpm 4.17+ is OK 🤔 |
Signed-off-by: Carlos Alexandro Becker <[email protected]>
Signed-off-by: Carlos Alexandro Becker <[email protected]>
okay, so, porting back to the deprecated crypto package works, as long as you don't need to set the signing key id, because apparently there is no way of setting it in that lib soo... I made a compromise:
which I think is pretty confusing... and not sure if whether or not is a good idea at all eager to hear what you all think @djgilcrease @erikgeiser |
|
interesting... rpm-software-management/rpm#2351 so, basically, the old package breaks new RPMs, the new version breaks old RPMs... so is just a matter of choosing which ones to break? :pain: |
Signed-off-by: Carlos Alexandro Becker <[email protected]>
another alternative (that honestly I almost think is better) is to copy the needed code from the versions that work to our codebase 🤔 |
continuing my investigation:
So, I think we can presume that's something related to the critical bit of the |
okay, this will do the trick: ProtonMail/go-crypto#175 |
This reverts commit 9c46a58.
Signed-off-by: Carlos Alexandro Becker <[email protected]>
Signed-off-by: Carlos Alexandro Becker <[email protected]>
Signed-off-by: Carlos Alexandro Becker <[email protected]>
As expected, this breaks signing for centos 8.
Not expected: it also broke it for centos 9.
Fedora seems to still work though.
Not sure what, if anything, we can do about this? Should we revert back to the main go/crypto package which supposedly still works?