Wind River Support Network

HomeDefectsSCP7-68
Not to be fixed

SCP7-68 : rpm should use RSA/SHA256 signature if built with --with-template=feature/openssl-fips

Created: Mar 26, 2015    Updated: Apr 19, 2018
Resolved Date: Apr 17, 2018
Found In Version: 7.0.0.4
Severity: Standard
Applicable for: Wind River Linux 7
Component/s: Userspace

Description

If secure-platform image is built with option --with-template=feature/openssl-fips , then all the rpms should use RSA/SHA256 signature.
But now it still use DSA/SHA1:

./host-cross/usr/bin/rpm -qpi export/RPMS/core2_64/bash-4.3-r0.0.core2_64.rpm  | grep ^Signature
Signature   : DSA/SHA1, Thu Mar 26 11:42:04 2015, Key ID f235a34abe3479c7

Steps to Reproduce

1, configure --enable-board=qemux86-64 --enable-kernel=secure --enable-rootfs=secure-platform --enable-bootimage=ext3 --with-init=sysvinit --enable-unsupported-config=yes --with-sstate-dir=/path/to/SSTATE --enable-patchresolve=noop --with-template=feature/openssl-fips

2, make fs

3, ./host-cross/usr/bin/rpm -qpi export/RPMS/core2_64/bash-4.3-r0.0.core2_64.rpm  | grep ^Signature

Expected signature type: RSA/SHA256
Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube