From dbb4f464d177e2c3bfa13b1b2bb511fa6fde40d9 Mon Sep 17 00:00:00 2001

From: Jes Sorensen <jsorensen@fb.com>

Date: Wed, 27 May 2020 16:49:03 -0400

Subject: [PATCH 17/33] rpmsign: Add helper to indicate file signing enabled

Helper function returning true if either IMA or VERITY signatures are

to be applied. This simplifies the code and makes it easier to read.

Signed-off-by: Jes Sorensen <jsorensen@fb.com>

---

 rpmsign.c | 10 +++++++---

 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/rpmsign.c b/rpmsign.c

index 8861c2c59..94cbf1d1a 100644

--- a/rpmsign.c

+++ b/rpmsign.c

@@ -67,6 +67,11 @@ static struct poptOption optionsTable[] = {

 };

 #if defined(WITH_IMAEVM) || defined(WITH_FSVERITY)

+static int flags_sign_files(int flags)

+{

+	return (flags & (RPMSIGN_FLAG_IMA | RPMSIGN_FLAG_FSVERITY) ? 1 : 0);

+}

+

 static char *get_fskpass(void)

 {

     struct termios flags, tmp_flags;

@@ -118,7 +123,7 @@ static int doSign(poptContext optCon, struct rpmSignArgs *sargs)

 	rpmPushMacro(NULL, "_file_signing_key", NULL, fileSigningKey, RMIL_GLOBAL);

     }

-    if (sargs->signflags & (RPMSIGN_FLAG_IMA | RPMSIGN_FLAG_FSVERITY)) {

+    if (flags_sign_files(sargs->signflags)) {

 	char *fileSigningKeyPassword = NULL;

 	char *key = rpmExpand("%{?_file_signing_key}", NULL);

 	if (rstreq(key, "")) {

@@ -173,8 +178,7 @@ int main(int argc, char *argv[])

     }

 #if defined(WITH_IMAEVM) || defined(WITH_FSVERITY)

-    if (fileSigningKey &&

-	!(sargs.signflags & (RPMSIGN_FLAG_IMA | RPMSIGN_FLAG_FSVERITY))) {

+    if (fileSigningKey && !(flags_sign_files(sargs.signflags))) {

 	argerror(_("--fskpath may only be specified when signing files"));

     }

 #endif

-- 

2.27.0