Not to be fixed
Created: Mar 26, 2015
Updated: Apr 19, 2018
Resolved Date: Apr 17, 2018
Found In Version: 7.0.0.4
Severity: Standard
Applicable for: Wind River Linux 7
Component/s: Userspace
If secure-platform image is built with option --with-template=feature/openssl-fips , then all the rpms should use RSA/SHA256 signature.
But now it still use DSA/SHA1:
./host-cross/usr/bin/rpm -qpi export/RPMS/core2_64/bash-4.3-r0.0.core2_64.rpm | grep ^Signature
Signature : DSA/SHA1, Thu Mar 26 11:42:04 2015, Key ID f235a34abe3479c7
1, configure --enable-board=qemux86-64 --enable-kernel=secure --enable-rootfs=secure-platform --enable-bootimage=ext3 --with-init=sysvinit --enable-unsupported-config=yes --with-sstate-dir=/path/to/SSTATE --enable-patchresolve=noop --with-template=feature/openssl-fips
2, make fs
3, ./host-cross/usr/bin/rpm -qpi export/RPMS/core2_64/bash-4.3-r0.0.core2_64.rpm | grep ^Signature
Expected signature type: RSA/SHA256