PR review cleanups

rpm-rs · Jul 10, 2023 · b6853cf · b6853cf
1 parent 2ee219a
commit b6853cf
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 14 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,19 +7,24 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
-## Breaking Change
+### Breaking Change
 
 - Removed `RPM` prefix from type names, e.g. `RPMPackage` is renamed to `Package`.
 - `RPMBuilder` is renamed to `PackageBuilder`.
 - The `PackageBuilder::build_time` method is removed. Package build time is now
   included by default and can be clamped using the `PackageBuilder::source_date` method.
+- Several of the signer and verifier trait APIs were changed
 
-## Added
+### Added
 
 - `PackageBuilder::source_date` method for clamping modification time of files,
   build time of the package, and signature timestamp. This functionality is required for
   reproducible generation of packages.
-- `Package::sign_with_timestamp` method.s
+- `Package::sign_with_timestamp` method for signing a package while using a specific
+  timestamp. This is needed to reproducibly sign packages.
+- `PackageMetadata::signature_key_id` method for getting the signing key ID (superset
+  of the fingerprint) of the key used to sign a package as a hex-encoded string.
+  Key fingerprints can be easily extracted from this value.
 - The "rpmversion" tag is now populated so that packages know which library (and version)
   they were built with.
 - Support for signing and verification with EdDSA signatures
@@ -29,10 +34,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Build time metadata is now included in the built package by default
 - The algorithm type is no longer baked into the Signing and Verifying APIs as it is unnecessary.
 
-### Breaking Changes
-
-- Several of the signer and verifier trait APIs were changed
-
 ### Fixed
 
 - CentOS 7 support by using long sizes only for packages bigger than 4 GiB.

diff --git a/src/rpm/builder.rs b/src/rpm/builder.rs
@@ -517,8 +517,8 @@ impl PackageBuilder {
         } = Package::create_sig_header_digests(header.as_slice(), content.as_slice())?;
 
         let now = Timestamp::now();
-        let t = match source_date {
-            Some(sde) if sde < now => sde,
+        let signature_timestamp = match source_date {
+            Some(source_date_epoch) if source_date_epoch < now => source_date_epoch,
             _ => now,
         };
 
@@ -528,17 +528,18 @@ impl PackageBuilder {
             header_and_content_digest_md5.as_slice(),
         );
 
-        let sig_header_only = signer.sign(header.as_slice(), t)?;
+        let sig_header_only = signer.sign(header.as_slice(), signature_timestamp)?;
 
         let builder = match signer.algorithm() {
-            crate::signature::AlgorithmType::RSA => {
+            signature::AlgorithmType::RSA => {
                 let mut header_and_content_cursor =
                     io::Cursor::new(header.as_slice()).chain(io::Cursor::new(content.as_slice()));
 
-                let sig_header_and_archive = signer.sign(&mut header_and_content_cursor, t)?;
+                let sig_header_and_archive =
+                    signer.sign(&mut header_and_content_cursor, signature_timestamp)?;
                 builder.add_rsa_signature(sig_header_only.as_ref(), sig_header_and_archive.as_ref())
             }
-            crate::signature::AlgorithmType::EdDSA => {
+            signature::AlgorithmType::EdDSA => {
                 builder.add_eddsa_signature(sig_header_only.as_ref())
             }
         };

diff --git a/src/rpm/signature/pgp.rs b/src/rpm/signature/pgp.rs
@@ -103,7 +103,7 @@ impl Signer {
                 secret_key,
                 algorithm: AlgorithmType::EdDSA,
             }),
-            a => Err(Error::UnsupportedPGPKeyType(a)),
+            algorithm => Err(Error::UnsupportedPGPKeyType(algorithm)),
         }
     }
 }