From 1e0850cf7649578e1d7da815751efaa8101773e7 Mon Sep 17 00:00:00 2001
From: chantra <chantr4@gmail.com>
Date: Fri, 18 Feb 2022 11:29:06 -0800
Subject: [PATCH 27/30] [rpmchecksig] Refactor rpmpkgVerifySigs with custom
verify callback
The current `rpmpkgVerifySigs` was conflating logging and the actual
package verification.
This change makes it possible to pass the verify callback and its data to
`rpmpkgVerifySigs` so callers can customize how they handle the outcome
of signature verifications.
---
lib/rpmchecksig.c | 78 ++++++++++++++++++++++-------------------------
lib/rpmextents.c | 1 -
2 files changed, 36 insertions(+), 43 deletions(-)
diff --git a/lib/rpmchecksig.c b/lib/rpmchecksig.c
index 7ad4e7034..c9fc3bbc9 100644
--- a/lib/rpmchecksig.c
+++ b/lib/rpmchecksig.c
@@ -222,16 +222,11 @@ exit:
}
static int rpmpkgVerifySigs(rpmKeyring keyring, int vfylevel, rpmVSFlags flags,
- FD_t fd, const char *fn)
+ FD_t fd, rpmsinfoCb cb, void *cbdata)
{
char *msg = NULL;
- struct vfydata_s vd = { .seen = 0,
- .bad = 0,
- .verbose = rpmIsVerbose(),
- };
int rc;
- rpmlog(RPMLOG_NOTICE, "%s:%s", fn, vd.verbose ? "\n" : "");
if(isTranscodedRpm(fd) == RPMRC_OK){
return extentsVerifySigs(fd);
@@ -244,19 +239,7 @@ static int rpmpkgVerifySigs(rpmKeyring keyring, int vfylevel, rpmVSFlags flags,
if (rc)
goto exit;
- rc = rpmvsVerify(vs, RPMSIG_VERIFIABLE_TYPE, vfyCb, &vd);
-
- if (!vd.verbose) {
- if (vd.seen & RPMSIG_DIGEST_TYPE) {
- rpmlog(RPMLOG_NOTICE, " %s", (vd.bad & RPMSIG_DIGEST_TYPE) ?
- _("DIGESTS") : _("digests"));
- }
- if (vd.seen & RPMSIG_SIGNATURE_TYPE) {
- rpmlog(RPMLOG_NOTICE, " %s", (vd.bad & RPMSIG_SIGNATURE_TYPE) ?
- _("SIGNATURES") : _("signatures"));
- }
- rpmlog(RPMLOG_NOTICE, " %s\n", rc ? _("NOT OK") : _("OK"));
- }
+ rc = rpmvsVerify(vs, RPMSIG_VERIFIABLE_TYPE, cb, cbdata);
exit:
if (rc && msg)
@@ -266,38 +249,39 @@ exit:
return rc;
}
-static int rpmpkgVerifySigsFD(rpmKeyring keyring, int vfylevel, rpmVSFlags flags,
- FD_t fd, rpmsinfoCb cb, void *cbdata)
-{
- char *msg = NULL;
- int rc;
- struct rpmvs_s *vs = rpmvsCreate(vfylevel, flags, keyring);
-
- rc = rpmpkgRead(vs, fd, NULL, NULL, &msg);
-
- if (rc)
- goto exit;
-
- rc = rpmvsVerify(vs, RPMSIG_VERIFIABLE_TYPE, cb, cbdata);
-
-exit:
- if (rc && msg)
- rpmlog(RPMLOG_ERR, "%s\n", msg);
- rpmvsFree(vs);
- free(msg);
- return rc;
+static void rpmkgVerifySigsPreLogging(struct vfydata_s *vd, const char *fn){
+ rpmlog(RPMLOG_NOTICE, "%s:%s", fn, vd->verbose ? "\n" : "");
}
+static void rpmkgVerifySigsPostLogging(struct vfydata_s *vd, int rc){
+ if (!vd->verbose) {
+ if (vd->seen & RPMSIG_DIGEST_TYPE) {
+ rpmlog(RPMLOG_NOTICE, " %s", (vd->bad & RPMSIG_DIGEST_TYPE) ?
+ _("DIGESTS") : _("digests"));
+ }
+ if (vd->seen & RPMSIG_SIGNATURE_TYPE) {
+ rpmlog(RPMLOG_NOTICE, " %s", (vd->bad & RPMSIG_SIGNATURE_TYPE) ?
+ _("SIGNATURES") : _("signatures"));
+ }
+ rpmlog(RPMLOG_NOTICE, " %s\n", rc ? _("NOT OK") : _("OK"));
+ }
+}
/* Wrapper around rpmkVerifySigs to preserve API */
int rpmVerifySignatures(QVA_t qva, rpmts ts, FD_t fd, const char * fn)
{
int rc = 1; /* assume failure */
+ struct vfydata_s vd = { .seen = 0,
+ .bad = 0,
+ .verbose = rpmIsVerbose(),
+ };
if (ts && qva && fd && fn) {
rpmKeyring keyring = rpmtsGetKeyring(ts, 1);
rpmVSFlags vsflags = rpmtsVfyFlags(ts);
int vfylevel = rpmtsVfyLevel(ts);
- rc = rpmpkgVerifySigs(keyring, vfylevel, vsflags, fd, fn);
+ rpmkgVerifySigsPreLogging(&vd, fn);
+ rc = rpmpkgVerifySigs(keyring, vfylevel, vsflags, fd, vfyCb, &vd);
+ rpmkgVerifySigsPostLogging(&vd, rc);
rpmKeyringFree(keyring);
}
return rc;
@@ -319,12 +303,22 @@ int rpmcliVerifySignatures(rpmts ts, ARGV_const_t argv)
while ((arg = *argv++) != NULL) {
FD_t fd = Fopen(arg, "r.ufdio");
+ struct vfydata_s vd = { .seen = 0,
+ .bad = 0,
+ .verbose = rpmIsVerbose(),
+ };
if (fd == NULL || Ferror(fd)) {
rpmlog(RPMLOG_ERR, _("%s: open failed: %s\n"),
arg, Fstrerror(fd));
res++;
- } else if (rpmpkgVerifySigs(keyring, vfylevel, vsflags, fd, arg)) {
+ } else {
+ rpmkgVerifySigsPreLogging(&vd, arg);
+ int rc = rpmpkgVerifySigs(keyring, vfylevel, vsflags, fd,
+ vfyCb, &vd);
+ rpmkgVerifySigsPostLogging(&vd, rc);
+ if (rc) {
res++;
+ }
}
Fclose(fd);
@@ -373,7 +367,7 @@ int rpmcliVerifySignaturesFD(rpmts ts, FD_t fdi, char **msg)
rpmtsSetVfyLevel(ts, vfylevel);
}
- if (!rpmpkgVerifySigsFD(keyring, vfylevel, vsflags, fdi, vfyFDCb, &vd)) {
+ if (!rpmpkgVerifySigs(keyring, vfylevel, vsflags, fdi, vfyFDCb, &vd)) {
rc = RPMRC_OK;
}
*msg = strdup(vd.msg);
diff --git a/lib/rpmextents.c b/lib/rpmextents.c
index f28596f0b..59ba427a4 100644
--- a/lib/rpmextents.c
+++ b/lib/rpmextents.c
@@ -89,7 +89,6 @@ rpmRC extentsFooterFromFD(FD_t fd, struct extents_footer_t *footer) {
goto exit;
}
if (footer->magic != EXTENTS_MAGIC) {
- rpmlog(RPMLOG_ERR, _("isTranscodedRpm: not transcoded\n"));
rc = RPMRC_NOTFOUND;
goto exit;
}
--
2.35.1