Skip to content
Snippets Groups Projects

pmb.chroot.apk_static: use sha256 sig for verification

Merged Imported pmb.chroot.apk_static: use sha256 sig for verification
craftyguy/apktools256 into master
All threads resolved!
Merged Imported Administrator requested to merge craftyguy/apktools256 into master
All threads resolved!
Compare
and
1 file
+ 2
2
Compare changes
  • Side-by-side
  • Inline
pmb/chroot/apk_static.py
+ 2
2
@@ -28,7 +28,7 @@ def read_signature_info(tar):
:returns: (sigfilename, sigkey_path)
"""
# Get signature filename and key
prefix = "sbin/apk.static.SIGN.RSA."
prefix = "sbin/apk.static.SIGN.RSA.sha256."
sigfilename = None
for filename in tar.getnames():
if filename.startswith(prefix):
@@ -88,7 +88,7 @@ def verify_signature(files, sigkey_path):
[
"openssl",
"dgst",
"-sha1",
+4
"-sha256",
"-verify",
sigkey_path,
"-signature",