From dc53b002bd3d03a21e9af406a9aff5e588710b5b Mon Sep 17 00:00:00 2001

From: chantra <chantr4@gmail.com>

Date: Mon, 28 Mar 2022 19:42:39 -0700

Subject: [PATCH 30/30] [rpmcow] Make rpm -i install package without the need

 of --nodigest

When using transcoded files, the logic to check signature is different

and was done while the file was transcoded. This change the code path

used by `rpm -{i,U}` to check if the file is transcoded, and in such

cases, assume it was already verified.

---

 lib/transaction.c    | 29 ++++++++++++++++++-----------

 tests/rpm2extents.at |  6 +++---

 2 files changed, 21 insertions(+), 14 deletions(-)

diff --git a/lib/transaction.c b/lib/transaction.c

index 36c2a7a64..703e4140c 100644

--- a/lib/transaction.c

+++ b/lib/transaction.c

@@ -37,6 +37,7 @@

 #include "lib/rpmfi_internal.h"	/* only internal apis */

 #include "lib/rpmte_internal.h"	/* only internal apis */

 #include "lib/rpmts_internal.h"

+#include "lib/rpmextents_internal.h"

 #include "lib/rpmvs.h"

 #include "rpmio/rpmhook.h"

 #include "lib/rpmtriggers.h"

@@ -1286,19 +1287,25 @@ static int verifyPackageFiles(rpmts ts, rpm_loff_t total)

 	rpmtsNotify(ts, p, RPMCALLBACK_VERIFY_PROGRESS, oc++, total);

 	FD_t fd = rpmtsNotify(ts, p, RPMCALLBACK_INST_OPEN_FILE, 0, 0);

-	if (fd != NULL) {

-	    prc = rpmpkgRead(vs, fd, NULL, NULL, &vd.msg);

-	    rpmtsNotify(ts, p, RPMCALLBACK_INST_CLOSE_FILE, 0, 0);

+	if(fd != NULL && isTranscodedRpm(fd) == RPMRC_OK) {

+	    /* Transcoded RPMs are validated at transcoding time */

+	    prc = RPMRC_OK;

+	    verified = 1;

+	} else {

+	    if (fd != NULL) {

+		prc = rpmpkgRead(vs, fd, NULL, NULL, &vd.msg);

+		rpmtsNotify(ts, p, RPMCALLBACK_INST_CLOSE_FILE, 0, 0);

+	    }

+	    if (prc == RPMRC_OK)

+		prc = rpmvsVerify(vs, RPMSIG_VERIFIABLE_TYPE, vfyCb, &vd);

+

+	    /* Record verify result */

+	    if (vd.type[RPMSIG_SIGNATURE_TYPE] == RPMRC_OK)

+		verified |= RPMSIG_SIGNATURE_TYPE;

+	    if (vd.type[RPMSIG_DIGEST_TYPE] == RPMRC_OK)

+		verified |= RPMSIG_DIGEST_TYPE;

 	}

-	if (prc == RPMRC_OK)

-	    prc = rpmvsVerify(vs, RPMSIG_VERIFIABLE_TYPE, vfyCb, &vd);

-

-	/* Record verify result */

-	if (vd.type[RPMSIG_SIGNATURE_TYPE] == RPMRC_OK)

-	    verified |= RPMSIG_SIGNATURE_TYPE;

-	if (vd.type[RPMSIG_DIGEST_TYPE] == RPMRC_OK)

-	    verified |= RPMSIG_DIGEST_TYPE;

 	rpmteSetVerified(p, verified);

 	if (prc)

diff --git a/tests/rpm2extents.at b/tests/rpm2extents.at

index 5c66de7f6..5135c9cf8 100644

--- a/tests/rpm2extents.at

+++ b/tests/rpm2extents.at

@@ -102,7 +102,7 @@ AT_CHECK([

 RPMDB_INIT

 runroot_other cat /data/RPMS/hello-2.0-1.x86_64.rpm | runroot_other rpm2extents SHA256 > ${RPMTEST}/tmp/hello-2.0-1.x86_64.rpm 2> /dev/null

-runroot_plugins rpm -i --nodigest --nodeps --undefine=%__transaction_dbus_announce /tmp/hello-2.0-1.x86_64.rpm

+runroot_plugins rpm -i --nodeps --undefine=%__transaction_dbus_announce /tmp/hello-2.0-1.x86_64.rpm

 test -f ${RPMTEST}/usr/bin/hello

 ],

 [0],

@@ -115,7 +115,7 @@ AT_KEYWORDS([reflink])

 AT_CHECK([

 RPMDB_INIT

-runroot_plugins rpm -i --nodigest --nodeps --undefine=%__transaction_dbus_announce /data/RPMS/hello-2.0-1.x86_64.rpm && exit $?

+runroot_plugins rpm -i --nodeps --undefine=%__transaction_dbus_announce /data/RPMS/hello-2.0-1.x86_64.rpm && exit $?

 # Check that the file is properly installed in chroot

 test -f ${RPMTEST}/usr/bin/hello

 ],

@@ -132,7 +132,7 @@ RPMDB_INIT

 PKG=hlinktest-1.0-1.noarch.rpm

 runroot_other cat /data/RPMS/${PKG} | runroot_other rpm2extents SHA256 > ${RPMTEST}/tmp/${PKG} 2> /dev/null

-runroot_plugins rpm -i --nodigest --nodeps --undefine=%__transaction_dbus_announce /tmp/${PKG}

+runroot_plugins rpm -i --nodeps --undefine=%__transaction_dbus_announce /tmp/${PKG}

 ],

 [0],

 [],

-- 

2.35.1