From 9e1a49197a6ddd0e984c12c9dc15fe7af435b611 Mon Sep 17 00:00:00 2001
From: Panu Matilainen <pmatilai@redhat.com>
Date: Mon, 2 Mar 2020 13:56:33 +0200
Subject: [PATCH 11/33] Generalize file signing to use a generic flags field in
signing arguments
There will be any number of signing flags in the future, and we don't
want to break the ABI for every single one of them by adding new
fields to the sign argument struct. Replace the signfiles field
with a bitfield in the common rpm style. No functional changes.
This is an API change of course, but we'll have to bump the soname for
the next release anyway so might as well do it now.
---
rpmsign.c | 11 ++++++-----
sign/rpmgensig.c | 8 ++++----
sign/rpmsign.h | 8 +++++++-
3 files changed, 17 insertions(+), 10 deletions(-)
diff --git a/rpmsign.c b/rpmsign.c
index 1a5cd59c2..57cb36919 100644
--- a/rpmsign.c
+++ b/rpmsign.c
@@ -19,7 +19,7 @@ enum modes {
static int mode = MODE_NONE;
#ifdef WITH_IMAEVM
-static int signfiles = 0, fskpass = 0;
+static int fskpass = 0;
static char * fileSigningKey = NULL;
#endif
@@ -33,7 +33,8 @@ static struct poptOption signOptsTable[] = {
{ "delsign", '\0', (POPT_ARG_VAL|POPT_ARGFLAG_OR), &mode, MODE_DELSIGN,
N_("delete package signatures"), NULL },
#ifdef WITH_IMAEVM
- { "signfiles", '\0', POPT_ARG_NONE, &signfiles, 0,
+ { "signfiles", '\0', (POPT_ARG_VAL|POPT_ARGFLAG_OR),
+ &sargs.signflags, RPMSIGN_FLAG_IMA,
N_("sign package(s) files"), NULL},
{ "fskpath", '\0', POPT_ARG_STRING, &fileSigningKey, 0,
N_("use file signing key <key>"),
@@ -107,7 +108,7 @@ static int doSign(poptContext optCon, struct rpmSignArgs *sargs)
rpmPushMacro(NULL, "_file_signing_key", NULL, fileSigningKey, RMIL_GLOBAL);
}
- if (signfiles) {
+ if (sargs->signflags & RPMSIGN_FLAG_IMA) {
char *fileSigningKeyPassword = NULL;
char *key = rpmExpand("%{?_file_signing_key}", NULL);
if (rstreq(key, "")) {
@@ -126,7 +127,7 @@ static int doSign(poptContext optCon, struct rpmSignArgs *sargs)
free(fileSigningKeyPassword);
}
- sargs->signfiles = 1;
+ sargs->signflags |= RPMSIGN_FLAG_IMA;
free(key);
}
#endif
@@ -163,7 +164,7 @@ int main(int argc, char *argv[])
}
#ifdef WITH_IMAEVM
- if (fileSigningKey && !signfiles) {
+ if (fileSigningKey && !(sargs.signflags & RPMSIGN_FLAG_IMA)) {
argerror(_("--fskpath may only be specified when signing files"));
}
#endif
diff --git a/sign/rpmgensig.c b/sign/rpmgensig.c
index 5fddb56ea..1981981f4 100644
--- a/sign/rpmgensig.c
+++ b/sign/rpmgensig.c
@@ -472,10 +472,10 @@ static int checkPkg(FD_t fd, char **msg)
* Create/modify elements in signature header.
* @param rpm path to package
* @param deleting adding or deleting signature?
- * @param signfiles sign files if non-zero
+ * @param flags
* @return 0 on success, -1 on error
*/
-static int rpmSign(const char *rpm, int deleting, int signfiles)
+static int rpmSign(const char *rpm, int deleting, int flags)
{
FD_t fd = NULL;
FD_t ofd = NULL;
@@ -531,7 +531,7 @@ static int rpmSign(const char *rpm, int deleting, int signfiles)
unloadImmutableRegion(&sigh, RPMTAG_HEADERSIGNATURES);
origSigSize = headerSizeof(sigh, HEADER_MAGIC_YES);
- if (signfiles) {
+ if (flags & RPMSIGN_FLAG_IMA) {
if (includeFileSignatures(&sigh, &h))
goto exit;
}
@@ -682,7 +682,7 @@ int rpmPkgSign(const char *path, const struct rpmSignArgs * args)
}
}
- rc = rpmSign(path, 0, args ? args->signfiles : 0);
+ rc = rpmSign(path, 0, args ? args->signflags : 0);
if (args) {
if (args->hashalgo) {
diff --git a/sign/rpmsign.h b/sign/rpmsign.h
index bed8d6245..545e80d2d 100644
--- a/sign/rpmsign.h
+++ b/sign/rpmsign.h
@@ -13,10 +13,16 @@
extern "C" {
#endif
+enum rpmSignFlags_e {
+ RPMSIGN_FLAG_NONE = 0,
+ RPMSIGN_FLAG_IMA = (1 << 0),
+};
+typedef rpmFlags rpmSignFlags;
+
struct rpmSignArgs {
char *keyid;
pgpHashAlgo hashalgo;
- int signfiles;
+ rpmSignFlags signflags;
/* ... what else? */
};
--
2.27.0