diff --git a/sign/rpmgensig.cc b/sign/rpmgensig.cc index e27d3d1369..c07ac535ed 100644 --- a/sign/rpmgensig.cc +++ b/sign/rpmgensig.cc @@ -636,7 +636,8 @@ static int rpmSign(const char *rpm, int deleting, int flags) struct sigTarget_s sigt_v4; unsigned int origSigSize; int insSig = 0; - rpmTagVal reserveTag = RPMSIGTAG_RESERVEDSPACE; + int rpmformat = 0; + rpmTagVal reserveTag = 0; if (manageFile(&fd, rpm, O_RDWR)) goto exit; @@ -666,7 +667,9 @@ static int rpmSign(const char *rpm, int deleting, int flags) goto exit; } - if (!headerIsEntry(h, RPMTAG_HEADERIMMUTABLE)) { + rpmformat = headerGetNumber(h, RPMTAG_RPMFORMAT); + + if (rpmformat < 4) { rpmlog(RPMLOG_ERR, _("Cannot sign RPM v3 packages: %s\n"), rpm); goto exit; } @@ -677,8 +680,7 @@ static int rpmSign(const char *rpm, int deleting, int flags) flags |= RPMSIGN_FLAG_RPMV3; } - /* Only v6 packages have this */ - if (headerIsEntry(sigh, RPMSIGTAG_RESERVED)) { + if (rpmformat >= 6) { flags |= RPMSIGN_FLAG_RPMV6; reserveTag = RPMSIGTAG_RESERVED; /* v3 signatures are not welcome in v6 packages */ @@ -689,6 +691,7 @@ static int rpmSign(const char *rpm, int deleting, int flags) } } else { flags |= RPMSIGN_FLAG_RPMV4; + reserveTag = RPMSIGTAG_RESERVEDSPACE; /* Ensure only one legacy signature is added if adding v6 signatures */ if ((flags & RPMSIGN_FLAG_RPMV6) && haveLegacySig(sigh)) flags &= ~(RPMSIGN_FLAG_RPMV4|RPMSIGN_FLAG_RPMV3);