From 6d6da23ec100cf513930b06a9e28cacee74002ec Mon Sep 17 00:00:00 2001
From: Dj Gilcrease <d.gilcrease@f5.com>
Date: Wed, 2 Oct 2019 15:34:25 -0700
Subject: [PATCH] Add the payload digest so that on fedora you do not need to
 install the rpm with the `--nodigest` flags

Before change
```
$ rpm -Kv test.rpm
test.rpm:
    Header SHA256 digest: OK
    Payload SHA256 digest: NOTFOUND
    MD5 digest: NOTFOUND
```

After Changes
```
$ rpm -Kv test.rpm
test.rpm:
    Header SHA256 digest: OK
    Payload SHA256 digest: OK
```
---
 rpm.go  | 5 +++--
 tags.go | 5 +++++
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/rpm.go b/rpm.go
index 9fe1d7e..e7eb29a 100644
--- a/rpm.go
+++ b/rpm.go
@@ -211,6 +211,8 @@ func (r *RPM) writeGenIndexes(h *index) {
 	h.Add(tagLicence, entry(r.Licence))
 	h.Add(tagPackager, entry(r.Packager))
 	h.Add(tagURL, entry(r.URL))
+	h.Add(tagPayloadDigest, entry([]string{fmt.Sprintf("%x", sha256.Sum256(r.payload.Bytes()))}))
+	h.Add(tagPayloadDigestAlgo, entry([]int32{hashAlgoSHA256}))
 
 	// A package must provide itself...
 	h.Add(tagProvides, entry([]string{r.Name}))
@@ -260,8 +262,7 @@ func (r *RPM) writeFileIndexes(h *index) {
 	for ii := range inodes {
 		// is inodes just a range from 1..len(dirindexes)? maybe different with hard links
 		inodes[ii] = int32(ii + 1)
-		// We only use the sha256 digest algo, tag=8
-		digestAlgo[ii] = int32(8)
+		digestAlgo[ii] = hashAlgoSHA256
 		// With regular files, it seems like we can always enable all of the verify flags
 		verifyFlags[ii] = int32(-1)
 		fileFlags[ii] = int32(0)
diff --git a/tags.go b/tags.go
index 74bacad..311aa90 100644
--- a/tags.go
+++ b/tags.go
@@ -22,6 +22,9 @@ const (
 	sigSize        = 0x03e8 // 1000
 	sigPayloadSize = 0x03ef // 1007
 
+	// https://github.com/rpm-software-management/rpm/blob/92eadae94c48928bca90693ad63c46ceda37d81f/rpmio/rpmpgp.h#L258
+	hashAlgoSHA256 = 0x0008 // 8
+
 	tagName     = 0x03e8 // 1000
 	tagVersion  = 0x03e9 // 1001
 	tagRelease  = 0x03ea // 1002
@@ -65,4 +68,6 @@ const (
 	tagPayloadCompressor = 0x0465 // 1125
 	tagPayloadFlags      = 0x0466 // 1126
 	tagFileDigestAlgo    = 0x1393 // 5011
+	tagPayloadDigest     = 0x13e4 // 5092
+	tagPayloadDigestAlgo = 0x13e5 // 5093
 )