From dc53b002bd3d03a21e9af406a9aff5e588710b5b Mon Sep 17 00:00:00 2001

From: chantra <chantr4@gmail.com>

Date: Mon, 28 Mar 2022 19:42:39 -0700

Subject: [PATCH 30/30] [rpmcow] Make rpm -i install package without the need

 of --nodigest

When using transcoded files, the logic to check signature is different

and was done while the file was transcoded. This change the code path

used by `rpm -{i,U}` to check if the file is transcoded, and in such

cases, assume it was already verified.

---

 lib/transaction.c    | 29 ++++++++++++++++++-----------

 tests/rpm2extents.at |  6 +++---

 2 files changed, 21 insertions(+), 14 deletions(-)

diff --git a/lib/transaction.c b/lib/transaction.c

index 36c2a7a64..703e4140c 100644

--- a/lib/transaction.c

+++ b/lib/transaction.c

@@ -37,6 +37,7 @@

 #include "lib/rpmfi_internal.h"	/* only internal apis */

 #include "lib/rpmte_internal.h"	/* only internal apis */

 #include "lib/rpmts_internal.h"

+#include "lib/rpmextents_internal.h"

 #include "lib/rpmvs.h"

 #include "rpmio/rpmhook.h"

 #include "lib/rpmtriggers.h"

@@ -1255,10 +1256,16 @@ static int verifyPackageFiles(rpmts ts, rpm_loff_t total)

 	    .signature = RPMRC_NOTFOUND,

 	    .vfylevel = vfylevel,

 	};

+	int verified = 0;

 	rpmRC prc = RPMRC_FAIL;

 	rpmtsNotify(ts, p, RPMCALLBACK_VERIFY_PROGRESS, oc++, total);

 	FD_t fd = rpmtsNotify(ts, p, RPMCALLBACK_INST_OPEN_FILE, 0, 0);

+	if (fd != NULL && isTranscodedRpm(fd) == RPMRC_OK) {

+	    /* Transcoded RPMs are validated at transcoding time */

+	    prc = RPMRC_OK;

+	    verified = 1;

+	} else {

 	if (fd != NULL) {

 	    prc = rpmpkgRead(vs, fd, NULL, NULL, &vd.msg);

 	    rpmtsNotify(ts, p, RPMCALLBACK_INST_CLOSE_FILE, 0, 0);

@@ -1267,8 +1274,11 @@ static int verifyPackageFiles(rpmts ts, rpm_loff_t total)

 	if (prc == RPMRC_OK)

 	    prc = rpmvsVerify(vs, RPMSIG_VERIFIABLE_TYPE, vfyCb, &vd);

+	    verified = vd.signature == RPMRC_OK;

+	}

+

 	/* Record verify result, signatures only for now */

-	rpmteSetVerified(p, vd.signature == RPMRC_OK);

+	rpmteSetVerified(p, verified);

 	if (prc)

 	    rpmteAddProblem(p, RPMPROB_VERIFY, NULL, vd.msg, 0);

diff --git a/tests/rpm2extents.at b/tests/rpm2extents.at

index 5c66de7f6..5135c9cf8 100644

--- a/tests/rpm2extents.at

+++ b/tests/rpm2extents.at

@@ -102,7 +102,7 @@ AT_CHECK([

 RPMDB_INIT

 runroot_other cat /data/RPMS/hello-2.0-1.x86_64.rpm | runroot_other rpm2extents SHA256 > ${RPMTEST}/tmp/hello-2.0-1.x86_64.rpm 2> /dev/null

-runroot_plugins rpm -i --nodigest --nodeps --undefine=%__transaction_dbus_announce /tmp/hello-2.0-1.x86_64.rpm

+runroot_plugins rpm -i --nodeps --undefine=%__transaction_dbus_announce /tmp/hello-2.0-1.x86_64.rpm

 test -f ${RPMTEST}/usr/bin/hello

 ],

 [0],

@@ -115,7 +115,7 @@ AT_KEYWORDS([reflink])

 AT_CHECK([

 RPMDB_INIT

-runroot_plugins rpm -i --nodigest --nodeps --undefine=%__transaction_dbus_announce /data/RPMS/hello-2.0-1.x86_64.rpm && exit $?

+runroot_plugins rpm -i --nodeps --undefine=%__transaction_dbus_announce /data/RPMS/hello-2.0-1.x86_64.rpm && exit $?

 # Check that the file is properly installed in chroot

 test -f ${RPMTEST}/usr/bin/hello

 ],

@@ -132,7 +132,7 @@ RPMDB_INIT

 PKG=hlinktest-1.0-1.noarch.rpm

 runroot_other cat /data/RPMS/${PKG} | runroot_other rpm2extents SHA256 > ${RPMTEST}/tmp/${PKG} 2> /dev/null

-runroot_plugins rpm -i --nodigest --nodeps --undefine=%__transaction_dbus_announce /tmp/${PKG}

+runroot_plugins rpm -i --nodeps --undefine=%__transaction_dbus_announce /tmp/${PKG}

 ],

 [0],

 [],

-- 

2.35.1