From 1afb1b5f5711e70a0806d041c57d35ac2456d6de Mon Sep 17 00:00:00 2001

From: Panu Matilainen <pmatilai@redhat.com>

Date: Mon, 2 Mar 2020 13:56:33 +0200

Subject: [PATCH 12/33] Generalize file signing to use a generic flags field in

 signing arguments

There will be any number of signing flags in the future, and we don't

want to break the ABI for every single one of them by adding new

fields to the sign argument struct. Replace the signfiles field

with a bitfield in the common rpm style. No functional changes.

This is an API change of course, but we'll have to bump the soname for

the next release anyway so might as well do it now.

---

 rpmsign.c        | 11 ++++++-----

 sign/rpmgensig.c |  8 ++++----

 sign/rpmsign.h   |  8 +++++++-

 3 files changed, 17 insertions(+), 10 deletions(-)

diff --git a/rpmsign.c b/rpmsign.c

index 1a5cd59c2..57cb36919 100644

--- a/rpmsign.c

+++ b/rpmsign.c

@@ -19,7 +19,7 @@ enum modes {

 static int mode = MODE_NONE;

 #ifdef WITH_IMAEVM

-static int signfiles = 0, fskpass = 0;

+static int fskpass = 0;

 static char * fileSigningKey = NULL;

 #endif

@@ -33,7 +33,8 @@ static struct poptOption signOptsTable[] = {

     { "delsign", '\0', (POPT_ARG_VAL|POPT_ARGFLAG_OR), &mode, MODE_DELSIGN,

 	N_("delete package signatures"), NULL },

 #ifdef WITH_IMAEVM

-    { "signfiles", '\0', POPT_ARG_NONE, &signfiles, 0,

+    { "signfiles", '\0', (POPT_ARG_VAL|POPT_ARGFLAG_OR),

+	&sargs.signflags, RPMSIGN_FLAG_IMA,

 	N_("sign package(s) files"), NULL},

     { "fskpath", '\0', POPT_ARG_STRING, &fileSigningKey, 0,

 	N_("use file signing key <key>"),

@@ -107,7 +108,7 @@ static int doSign(poptContext optCon, struct rpmSignArgs *sargs)

 	rpmPushMacro(NULL, "_file_signing_key", NULL, fileSigningKey, RMIL_GLOBAL);

     }

-    if (signfiles) {

+    if (sargs->signflags & RPMSIGN_FLAG_IMA) {

 	char *fileSigningKeyPassword = NULL;

 	char *key = rpmExpand("%{?_file_signing_key}", NULL);

 	if (rstreq(key, "")) {

@@ -126,7 +127,7 @@ static int doSign(poptContext optCon, struct rpmSignArgs *sargs)

 	    free(fileSigningKeyPassword);

 	}

-	sargs->signfiles = 1;

+	sargs->signflags |= RPMSIGN_FLAG_IMA;

 	free(key);

     }

 #endif

@@ -163,7 +164,7 @@ int main(int argc, char *argv[])

     }

 #ifdef WITH_IMAEVM

-    if (fileSigningKey && !signfiles) {

+    if (fileSigningKey && !(sargs.signflags & RPMSIGN_FLAG_IMA)) {

 	argerror(_("--fskpath may only be specified when signing files"));

     }

 #endif

diff --git a/sign/rpmgensig.c b/sign/rpmgensig.c

index 875b96078..6ab8c23fa 100644

--- a/sign/rpmgensig.c

+++ b/sign/rpmgensig.c

@@ -465,10 +465,10 @@ static int checkPkg(FD_t fd, char **msg)

  * Create/modify elements in signature header.

  * @param rpm		path to package

  * @param deleting	adding or deleting signature?

- * @param signfiles	sign files if non-zero

+ * @param flags

  * @return		0 on success, -1 on error

  */

-static int rpmSign(const char *rpm, int deleting, int signfiles)

+static int rpmSign(const char *rpm, int deleting, int flags)

 {

     FD_t fd = NULL;

     FD_t ofd = NULL;

@@ -524,7 +524,7 @@ static int rpmSign(const char *rpm, int deleting, int signfiles)

     unloadImmutableRegion(&sigh, RPMTAG_HEADERSIGNATURES);

     origSigSize = headerSizeof(sigh, HEADER_MAGIC_YES);

-    if (signfiles) {

+    if (flags & RPMSIGN_FLAG_IMA) {

 	if (includeFileSignatures(&sigh, &h))

 	    goto exit;

     }

@@ -675,7 +675,7 @@ int rpmPkgSign(const char *path, const struct rpmSignArgs * args)

 	}

     }

-    rc = rpmSign(path, 0, args ? args->signfiles : 0);

+    rc = rpmSign(path, 0, args ? args->signflags : 0);

     if (args) {

 	if (args->hashalgo) {

diff --git a/sign/rpmsign.h b/sign/rpmsign.h

index bed8d6245..545e80d2d 100644

--- a/sign/rpmsign.h

+++ b/sign/rpmsign.h

@@ -13,10 +13,16 @@

 extern "C" {

 #endif

+enum rpmSignFlags_e {

+    RPMSIGN_FLAG_NONE		= 0,

+    RPMSIGN_FLAG_IMA		= (1 << 0),

+};

+typedef rpmFlags rpmSignFlags;

+

 struct rpmSignArgs {

     char *keyid;

     pgpHashAlgo hashalgo;

-    int signfiles;

+    rpmSignFlags signflags;

     /* ... what else? */

 };

-- 

2.13.5