|
 |
83a7c7 |
From 362c4401979f896de1e69a3e18d33954953912cc Mon Sep 17 00:00:00 2001
|
|
|
83a7c7 |
Message-Id: <362c4401979f896de1e69a3e18d33954953912cc.1554983588.git.pmatilai@redhat.com>
|
|
|
83a7c7 |
From: Panu Matilainen <pmatilai@redhat.com>
|
|
|
83a7c7 |
Date: Tue, 11 Dec 2018 13:21:47 +0200
|
|
|
83a7c7 |
Subject: [PATCH] Only read through payload on verify if actually needed
|
|
|
83a7c7 |
|
|
|
83a7c7 |
If none of our verify items ranges over the payload, then why bother?
|
|
|
83a7c7 |
|
|
|
83a7c7 |
To do this, add an internal rpmvs API to get it's range, and use
|
|
|
83a7c7 |
that to decide whether trip over the payload is needed or not.
|
|
|
83a7c7 |
In addition, the payload digest tag needs to be grabbed outside of the
|
|
|
83a7c7 |
condition to avoid depending on other values. The details including
|
|
|
83a7c7 |
RPMVSF_NEEDPAYLOAD will be handled internally to rpmvs which makes it
|
|
|
83a7c7 |
actually nicer code-wise too.
|
|
|
83a7c7 |
---
|
|
|
83a7c7 |
lib/rpmchecksig.c | 8 ++++----
|
|
|
83a7c7 |
lib/rpmvs.c | 12 ++++++++++++
|
|
|
83a7c7 |
lib/rpmvs.h | 3 +++
|
|
|
83a7c7 |
3 files changed, 19 insertions(+), 4 deletions(-)
|
|
|
83a7c7 |
|
|
|
83a7c7 |
diff --git a/lib/rpmchecksig.c b/lib/rpmchecksig.c
|
|
|
83a7c7 |
index 1ba72a45e..810f7153d 100644
|
|
|
83a7c7 |
--- a/lib/rpmchecksig.c
|
|
|
83a7c7 |
+++ b/lib/rpmchecksig.c
|
|
|
83a7c7 |
@@ -187,11 +187,11 @@ rpmRC rpmpkgRead(struct rpmvs_s *vs, FD_t fd,
|
|
|
83a7c7 |
/* Finalize header range */
|
|
|
83a7c7 |
rpmvsFiniRange(vs, RPMSIG_HEADER);
|
|
|
83a7c7 |
|
|
|
83a7c7 |
- /* Unless disabled, read the payload, generating digest(s) on the fly. */
|
|
|
83a7c7 |
- if (!(rpmvsFlags(vs) & RPMVSF_NEEDPAYLOAD)) {
|
|
|
83a7c7 |
- /* Fish interesting tags from the main header. This is a bit hacky... */
|
|
|
83a7c7 |
- rpmvsAppendTag(vs, blob, RPMTAG_PAYLOADDIGEST);
|
|
|
83a7c7 |
+ /* Fish interesting tags from the main header. This is a bit hacky... */
|
|
|
83a7c7 |
+ rpmvsAppendTag(vs, blob, RPMTAG_PAYLOADDIGEST);
|
|
|
83a7c7 |
|
|
|
83a7c7 |
+ /* If needed and not explicitly disabled, read the payload as well. */
|
|
|
83a7c7 |
+ if (rpmvsRange(vs) & RPMSIG_PAYLOAD) {
|
|
|
83a7c7 |
/* Initialize digests ranging over the payload only */
|
|
|
83a7c7 |
rpmvsInitRange(vs, RPMSIG_PAYLOAD);
|
|
|
83a7c7 |
|
|
|
83a7c7 |
diff --git a/lib/rpmvs.c b/lib/rpmvs.c
|
|
|
83a7c7 |
index 622e48011..0d475af86 100644
|
|
|
83a7c7 |
--- a/lib/rpmvs.c
|
|
|
83a7c7 |
+++ b/lib/rpmvs.c
|
|
|
83a7c7 |
@@ -396,6 +396,18 @@ void rpmvsFiniRange(struct rpmvs_s *sis, int range)
|
|
|
83a7c7 |
}
|
|
|
83a7c7 |
}
|
|
|
83a7c7 |
|
|
|
83a7c7 |
+int rpmvsRange(struct rpmvs_s *vs)
|
|
|
83a7c7 |
+{
|
|
|
83a7c7 |
+ int range = 0;
|
|
|
83a7c7 |
+ for (int i = 0; i < vs->nsigs; i++) {
|
|
|
83a7c7 |
+ if (rpmsinfoDisabled(&vs->sigs[i], vs->vsflags))
|
|
|
83a7c7 |
+ continue;
|
|
|
83a7c7 |
+ range |= vs->sigs[i].range;
|
|
|
83a7c7 |
+ }
|
|
|
83a7c7 |
+
|
|
|
83a7c7 |
+ return range;
|
|
|
83a7c7 |
+}
|
|
|
83a7c7 |
+
|
|
|
83a7c7 |
static int sinfoCmp(const void *a, const void *b)
|
|
|
83a7c7 |
{
|
|
|
83a7c7 |
const struct rpmsinfo_s *sa = a;
|
|
|
35cbef |
--- rpm-4.14.3/lib/rpmvs.h.orig 2020-04-28 10:57:19.727347211 +0200
|
|
|
35cbef |
+++ rpm-4.14.3/lib/rpmvs.h 2020-04-28 10:57:43.622612015 +0200
|
|
|
35cbef |
@@ -66,6 +66,8 @@
|
|
|
35cbef |
|
|
|
83a7c7 |
void rpmvsFiniRange(struct rpmvs_s *sis, int range);
|
|
|
83a7c7 |
|
|
|
35cbef |
+int rpmvsRange(struct rpmvs_s *vs);
|
|
|
83a7c7 |
+
|
|
|
83a7c7 |
int rpmvsVerify(struct rpmvs_s *sis, int type,
|
|
|
83a7c7 |
rpmsinfoCb cb, void *cbdata);
|
|
|
35cbef |
|
|
|
83a7c7 |
--
|
|
|
83a7c7 |
2.20.1
|