|
 |
45afda |
From 9e1a49197a6ddd0e984c12c9dc15fe7af435b611 Mon Sep 17 00:00:00 2001
|
|
|
45afda |
From: Panu Matilainen <pmatilai@redhat.com>
|
|
|
45afda |
Date: Mon, 2 Mar 2020 13:56:33 +0200
|
|
|
45afda |
Subject: [PATCH 11/33] Generalize file signing to use a generic flags field in
|
|
|
45afda |
signing arguments
|
|
|
45afda |
|
|
|
45afda |
There will be any number of signing flags in the future, and we don't
|
|
|
45afda |
want to break the ABI for every single one of them by adding new
|
|
|
45afda |
fields to the sign argument struct. Replace the signfiles field
|
|
|
45afda |
with a bitfield in the common rpm style. No functional changes.
|
|
|
45afda |
|
|
|
45afda |
This is an API change of course, but we'll have to bump the soname for
|
|
|
45afda |
the next release anyway so might as well do it now.
|
|
|
45afda |
---
|
|
|
45afda |
rpmsign.c | 11 ++++++-----
|
|
|
45afda |
sign/rpmgensig.c | 8 ++++----
|
|
|
45afda |
sign/rpmsign.h | 8 +++++++-
|
|
|
45afda |
3 files changed, 17 insertions(+), 10 deletions(-)
|
|
|
45afda |
|
|
|
45afda |
diff --git a/rpmsign.c b/rpmsign.c
|
|
|
45afda |
index 1a5cd59c2..57cb36919 100644
|
|
|
45afda |
--- a/rpmsign.c
|
|
|
45afda |
+++ b/rpmsign.c
|
|
|
45afda |
@@ -19,7 +19,7 @@ enum modes {
|
|
|
45afda |
static int mode = MODE_NONE;
|
|
|
45afda |
|
|
|
45afda |
#ifdef WITH_IMAEVM
|
|
|
45afda |
-static int signfiles = 0, fskpass = 0;
|
|
|
45afda |
+static int fskpass = 0;
|
|
|
45afda |
static char * fileSigningKey = NULL;
|
|
|
45afda |
#endif
|
|
|
45afda |
|
|
|
45afda |
@@ -33,7 +33,8 @@ static struct poptOption signOptsTable[] = {
|
|
|
45afda |
{ "delsign", '\0', (POPT_ARG_VAL|POPT_ARGFLAG_OR), &mode, MODE_DELSIGN,
|
|
|
45afda |
N_("delete package signatures"), NULL },
|
|
|
45afda |
#ifdef WITH_IMAEVM
|
|
|
45afda |
- { "signfiles", '\0', POPT_ARG_NONE, &signfiles, 0,
|
|
|
45afda |
+ { "signfiles", '\0', (POPT_ARG_VAL|POPT_ARGFLAG_OR),
|
|
|
45afda |
+ &sargs.signflags, RPMSIGN_FLAG_IMA,
|
|
|
45afda |
N_("sign package(s) files"), NULL},
|
|
|
45afda |
{ "fskpath", '\0', POPT_ARG_STRING, &fileSigningKey, 0,
|
|
|
45afda |
N_("use file signing key <key>"),
|
|
|
45afda |
@@ -107,7 +108,7 @@ static int doSign(poptContext optCon, struct rpmSignArgs *sargs)
|
|
|
45afda |
rpmPushMacro(NULL, "_file_signing_key", NULL, fileSigningKey, RMIL_GLOBAL);
|
|
|
45afda |
}
|
|
|
45afda |
|
|
|
45afda |
- if (signfiles) {
|
|
|
45afda |
+ if (sargs->signflags & RPMSIGN_FLAG_IMA) {
|
|
|
45afda |
char *fileSigningKeyPassword = NULL;
|
|
|
45afda |
char *key = rpmExpand("%{?_file_signing_key}", NULL);
|
|
|
45afda |
if (rstreq(key, "")) {
|
|
|
45afda |
@@ -126,7 +127,7 @@ static int doSign(poptContext optCon, struct rpmSignArgs *sargs)
|
|
|
45afda |
free(fileSigningKeyPassword);
|
|
|
45afda |
}
|
|
|
45afda |
|
|
|
45afda |
- sargs->signfiles = 1;
|
|
|
45afda |
+ sargs->signflags |= RPMSIGN_FLAG_IMA;
|
|
|
45afda |
free(key);
|
|
|
45afda |
}
|
|
|
45afda |
#endif
|
|
|
45afda |
@@ -163,7 +164,7 @@ int main(int argc, char *argv[])
|
|
|
45afda |
}
|
|
|
45afda |
|
|
|
45afda |
#ifdef WITH_IMAEVM
|
|
|
45afda |
- if (fileSigningKey && !signfiles) {
|
|
|
45afda |
+ if (fileSigningKey && !(sargs.signflags & RPMSIGN_FLAG_IMA)) {
|
|
|
45afda |
argerror(_("--fskpath may only be specified when signing files"));
|
|
|
45afda |
}
|
|
|
45afda |
#endif
|
|
|
45afda |
diff --git a/sign/rpmgensig.c b/sign/rpmgensig.c
|
|
|
45afda |
index 5fddb56ea..1981981f4 100644
|
|
|
45afda |
--- a/sign/rpmgensig.c
|
|
|
45afda |
+++ b/sign/rpmgensig.c
|
|
|
45afda |
@@ -472,10 +472,10 @@ static int checkPkg(FD_t fd, char **msg)
|
|
|
45afda |
* Create/modify elements in signature header.
|
|
|
45afda |
* @param rpm path to package
|
|
|
45afda |
* @param deleting adding or deleting signature?
|
|
|
45afda |
- * @param signfiles sign files if non-zero
|
|
|
45afda |
+ * @param flags
|
|
|
45afda |
* @return 0 on success, -1 on error
|
|
|
45afda |
*/
|
|
|
45afda |
-static int rpmSign(const char *rpm, int deleting, int signfiles)
|
|
|
45afda |
+static int rpmSign(const char *rpm, int deleting, int flags)
|
|
|
45afda |
{
|
|
|
45afda |
FD_t fd = NULL;
|
|
|
45afda |
FD_t ofd = NULL;
|
|
|
45afda |
@@ -531,7 +531,7 @@ static int rpmSign(const char *rpm, int deleting, int signfiles)
|
|
|
45afda |
unloadImmutableRegion(&sigh, RPMTAG_HEADERSIGNATURES);
|
|
|
45afda |
origSigSize = headerSizeof(sigh, HEADER_MAGIC_YES);
|
|
|
45afda |
|
|
|
45afda |
- if (signfiles) {
|
|
|
45afda |
+ if (flags & RPMSIGN_FLAG_IMA) {
|
|
|
45afda |
if (includeFileSignatures(&sigh, &h))
|
|
|
45afda |
goto exit;
|
|
|
45afda |
}
|
|
|
45afda |
@@ -682,7 +682,7 @@ int rpmPkgSign(const char *path, const struct rpmSignArgs * args)
|
|
|
45afda |
}
|
|
|
45afda |
}
|
|
|
45afda |
|
|
|
45afda |
- rc = rpmSign(path, 0, args ? args->signfiles : 0);
|
|
|
45afda |
+ rc = rpmSign(path, 0, args ? args->signflags : 0);
|
|
|
45afda |
|
|
|
45afda |
if (args) {
|
|
|
45afda |
if (args->hashalgo) {
|
|
|
45afda |
diff --git a/sign/rpmsign.h b/sign/rpmsign.h
|
|
|
45afda |
index bed8d6245..545e80d2d 100644
|
|
|
45afda |
--- a/sign/rpmsign.h
|
|
|
45afda |
+++ b/sign/rpmsign.h
|
|
|
45afda |
@@ -13,10 +13,16 @@
|
|
|
45afda |
extern "C" {
|
|
|
45afda |
#endif
|
|
|
45afda |
|
|
|
45afda |
+enum rpmSignFlags_e {
|
|
|
45afda |
+ RPMSIGN_FLAG_NONE = 0,
|
|
|
45afda |
+ RPMSIGN_FLAG_IMA = (1 << 0),
|
|
|
45afda |
+};
|
|
|
45afda |
+typedef rpmFlags rpmSignFlags;
|
|
|
45afda |
+
|
|
|
45afda |
struct rpmSignArgs {
|
|
|
45afda |
char *keyid;
|
|
|
45afda |
pgpHashAlgo hashalgo;
|
|
|
45afda |
- int signfiles;
|
|
|
45afda |
+ rpmSignFlags signflags;
|
|
|
45afda |
/* ... what else? */
|
|
|
45afda |
};
|
|
|
45afda |
|
|
|
45afda |
--
|
|
|
45afda |
2.27.0
|
|
|
45afda |
|