Stronger Hashes

Dominik 'Rathann' Mierzejewski dominik at greysector.net
Wed Mar 25 22:14:12 CET 2009 

On Wednesday, 25 March 2009 at 18:54, Thorsten Leemhuis wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On 15.03.2009 16:40, Thorsten Leemhuis wrote:
> | On 13.03.2009 17:13, Nicolas Chauvet wrote:
> |> According to the 23/02/2009 commit's of redhat-rpm-config, theses
> |> macros are added.
> |> [...]
> |> So I don't think we need to tweak anything from our
> |> configuration. Furthermore packages built since this new
> |> redhat-rpm-config already use strongerhash.
> | Maybe not for the Feature "StrongerHash" directly, but for related
> | things; quoting a part from
> |
> https://www.redhat.com/archives/fedora-announce-list/2009-March/msg00004.html
> | here:
> | """
> |> At the same time, Rel-Eng was attempting to get the Fedora 11 Beta
> packages
> |> signed with a newly generated f11-test key that is much larger in
> size (this
> |> is related to the Stronger Hashes Feature that is coming with F11).
> The use
> |> of the larger GPG key requires some different arguments to be passed
> to rpm
> |> for the signing phase, including using --digest-algo sha256.  The signing
> |> script was being reworked to invoke rpm correctly for this Feature,
> as well
> |> as still work for the current release's GPG keys.
> | """
> 
> Okay, mschwendt updated the push scripts (many thanks for your support
> Michael!) to support different signing commands for different repos. I
> created a new key and new release packages and everything afaics works
> now as it's supposed to be.
> 
> The public key for the new signing key is part of the new release
> packages that are available in RPM Fusion {non,}free for Fedora rawhide
> since a few days now. Find the fingerprints as clearsigned file attached.
> 
> All new packages get signed with the new key. That means: If you don't
> update regularly then you might need to update rpmfusion-free-release
> and rpmfusion-nonfree-release first, then everything else -- otherwise
> yum will complain that is has no key to verify. Also please make sure
> that your merge /etc/yum.repos.d/rpmfusion*free*.repo.rpmnew files if
> they get created during install of the new release packages, as those
> files will contain the path to the new key.
> 
> We afaics could start a mass-rebuild now if we want to, but I guess it
> might make sense to wait for the ffmpeg update. Dominik?

Did you mean faad2/x264 update? FFmpeg is up-to-date already. I'm not
planning to have anything newer than 0.5 in F-11 at this point. Current
FFmpeg SVN is still a bit unstable API and ABI-wise.

If so, then I think we're ready. I've successfully rebuilt all packages
that depend on x264 and faad2, so I can build faad2-2.7 in rawhide anytime.

Regards,
R.

-- 
Fedora http://fedoraproject.org/wiki/User:Rathann
RPMFusion http://rpmfusion.org | MPlayer http://mplayerhq.hu
"Faith manages."
        -- Delenn to Lennier in Babylon 5:"Confessions and Lamentations"

More information about the rpmfusion-developers mailing list