On Mon, Dec 13, 2021 at 07:32:34PM -0000, Boris Burkov via devel wrote:
Sorry this wasn't clear.
The rpm carries just 'c' (as well as some small, fixed-size metadata for
interpreting it, like hash algorithm)
Just to explain that comment which suggested 'a': we have to compute the Merkle
tree at build time in order to get a root hash to sign. The Merkle tree is then fully
re-computed by the fs-verity code in the kernel for storage by the local filesystem when
the rpm is ultimately installed.
OK, so please adjust the change page not to say "it", but "the
signature" or something like that.
Zbyszek