michal-grzedzicki / rpms / rpm

Forked from rpms/rpm 4 months ago
Clone

Blame 0011-rpm2extents-Perform-digest-computation-within-the-va.patch

2f13d7
From 86776bf17f1644c76fdf8b87042645cf77bd3873 Mon Sep 17 00:00:00 2001
2f13d7
From: chantra <chantr4@gmail.com>
2f13d7
Date: Wed, 2 Feb 2022 13:34:28 -0800
2f13d7
Subject: [PATCH 11/30] [rpm2extents] Perform digest computation within the
2f13d7
 validator
2f13d7
2f13d7
The validator calls `rpmcliVerifySignaturesFD` which under the hood
2f13d7
performs `Fread`. Digests are computed/updated for each `Fread`.
2f13d7
2f13d7
This diffs takes advantage of that by initializing the digest before
2f13d7
calling `rpmcliVerifySignaturesFD`. Once `rpmcliVerifySignaturesFD` as
2f13d7
returned and the file has been read, the digests are available.
2f13d7
2f13d7
This saves us from spawning a `digestor` process, as well as performing
2f13d7
an extra file read within it.
2f13d7
---
2f13d7
 rpm2extents.c | 234 +++++++++++++++++++++++---------------------------
2f13d7
 1 file changed, 106 insertions(+), 128 deletions(-)
2f13d7
2f13d7
diff --git a/rpm2extents.c b/rpm2extents.c
2f13d7
index 065a00306..e316a2834 100644
2f13d7
--- a/rpm2extents.c
2f13d7
+++ b/rpm2extents.c
2f13d7
@@ -64,38 +64,37 @@ static struct poptOption optionsTable[] = {
2f13d7
 };
2f13d7
 
2f13d7
 
2f13d7
-static int digestor(
2f13d7
+static void FDDigestInit(FD_t fdi, uint8_t algos[], uint32_t algos_len){
2f13d7
+    int algo;
2f13d7
+
2f13d7
+    for (algo = 0; algo < algos_len; algo++) {
2f13d7
+	fdInitDigest(fdi, algos[algo], 0);
2f13d7
+    }
2f13d7
+}
2f13d7
+
2f13d7
+static int FDWriteDigests(
2f13d7
     FD_t fdi,
2f13d7
     FD_t fdo,
2f13d7
-    FD_t validationo,
2f13d7
     uint8_t algos[],
2f13d7
-    uint32_t algos_len
2f13d7
-)
2f13d7
+    uint32_t algos_len)
2f13d7
 {
2f13d7
-    ssize_t fdilength;
2f13d7
     const char *filedigest, *algo_name;
2f13d7
     size_t filedigest_len, len;
2f13d7
     uint32_t algo_name_len, algo_digest_len;
2f13d7
     int algo;
2f13d7
     rpmRC rc = RPMRC_FAIL;
2f13d7
 
2f13d7
-    for (algo = 0; algo < algos_len; algo++) {
2f13d7
-	fdInitDigest(fdi, algos[algo], 0);
2f13d7
-    }
2f13d7
-    fdilength = ufdCopy(fdi, fdo);
2f13d7
-    if (fdilength == -1) {
2f13d7
-	fprintf(stderr, _("digest cat failed\n"));
2f13d7
-	goto exit;
2f13d7
-    }
2f13d7
+    ssize_t fdilength = fdOp(fdi, FDSTAT_READ)->bytes;
2f13d7
 
2f13d7
     len = sizeof(fdilength);
2f13d7
-    if (Fwrite(&fdilength, len, 1, validationo) != len) {
2f13d7
+    if (Fwrite(&fdilength, len, 1, fdo) != len) {
2f13d7
 	fprintf(stderr, _("Unable to write input length %zd\n"), fdilength);
2f13d7
 	goto exit;
2f13d7
     }
2f13d7
     len = sizeof(algos_len);
2f13d7
-    if (Fwrite(&algos_len, len, 1, validationo) != len) {
2f13d7
-	fprintf(stderr, _("Unable to write number of validation digests\n"));
2f13d7
+    if (Fwrite(&algos_len, len, 1, fdo) != len) {
2f13d7
+	algo_digest_len = (uint32_t)filedigest_len;
2f13d7
+	fprintf(stderr, _("Unable to write number of digests\n"));
2f13d7
 	goto exit;
2f13d7
     }
2f13d7
     for (algo = 0; algo < algos_len; algo++) {
2f13d7
@@ -106,24 +105,24 @@ static int digestor(
2f13d7
 	algo_digest_len = (uint32_t)filedigest_len;
2f13d7
 
2f13d7
 	len = sizeof(algo_name_len);
2f13d7
-	if (Fwrite(&algo_name_len, len, 1, validationo) != len) {
2f13d7
+	if (Fwrite(&algo_name_len, len, 1, fdo) != len) {
2f13d7
 	    fprintf(stderr,
2f13d7
-		    _("Unable to write validation algo name length\n"));
2f13d7
+		    _("Unable to write digest algo name length\n"));
2f13d7
 	    goto exit;
2f13d7
 	}
2f13d7
 	len = sizeof(algo_digest_len);
2f13d7
-	if (Fwrite(&algo_digest_len, len, 1, validationo) != len) {
2f13d7
+	if (Fwrite(&algo_digest_len, len, 1, fdo) != len) {
2f13d7
 	    fprintf(stderr,
2f13d7
-		    _("Unable to write number of bytes for validation digest\n"));
2f13d7
+		    _("Unable to write number of bytes for digest\n"));
2f13d7
 	     goto exit;
2f13d7
 	}
2f13d7
-	if (Fwrite(algo_name, algo_name_len, 1, validationo) != algo_name_len) {
2f13d7
-	    fprintf(stderr, _("Unable to write validation algo name\n"));
2f13d7
+	if (Fwrite(algo_name, algo_name_len, 1, fdo) != algo_name_len) {
2f13d7
+	    fprintf(stderr, _("Unable to write digest algo name\n"));
2f13d7
 	    goto exit;
2f13d7
 	}
2f13d7
-	if (Fwrite(filedigest, algo_digest_len, 1, validationo ) != algo_digest_len) {
2f13d7
+	if (Fwrite(filedigest, algo_digest_len, 1, fdo ) != algo_digest_len) {
2f13d7
 	    fprintf(stderr,
2f13d7
-		    _("Unable to write validation digest value %u, %zu\n"),
2f13d7
+		    _("Unable to write digest value %u, %zu\n"),
2f13d7
 		    algo_digest_len, filedigest_len);
2f13d7
 	    goto exit;
2f13d7
 	}
2f13d7
@@ -133,38 +132,66 @@ exit:
2f13d7
     return rc;
2f13d7
 }
2f13d7
 
2f13d7
-static rpmRC validator(FD_t fdi, FD_t fdo){
2f13d7
-    int rc;
2f13d7
-    char *msg = NULL;
2f13d7
-    rpmts ts = rpmtsCreate();
2f13d7
+static rpmRC FDWriteSignaturesValidation(FD_t fdo, int rpmvsrc, char *msg) {
2f13d7
     size_t len;
2f13d7
+    rpmRC rc = RPMRC_FAIL;
2f13d7
 
2f13d7
-    rpmtsSetRootDir(ts, rpmcliRootDir);
2f13d7
-    rc = rpmcliVerifySignaturesFD(ts, fdi, &msg;;
2f13d7
-    if(rc){
2f13d7
-	fprintf(stderr, _("Error validating package\n"));
2f13d7
+    if(rpmvsrc){
2f13d7
+	fprintf(stderr, _("Error verifying package signatures\n"));
2f13d7
     }
2f13d7
-    len = sizeof(rc);
2f13d7
-    if (Fwrite(&rc, len, 1, fdo) != len) {
2f13d7
-	fprintf(stderr, _("Unable to write validator RC code %d\n"), rc);
2f13d7
+
2f13d7
+    len = sizeof(rpmvsrc);
2f13d7
+    if (Fwrite(&rpmvsrc, len, 1, fdo) != len) {
2f13d7
+	fprintf(stderr, _("Unable to write signature verification RC code %d\n"), rpmvsrc);
2f13d7
+	goto exit;
2f13d7
+    }
2f13d7
+    size_t content_len = msg ? strlen(msg) : 0;
2f13d7
+    len = sizeof(content_len);
2f13d7
+    if (Fwrite(&content_len, len, 1, fdo) != len) {
2f13d7
+	fprintf(stderr, _("Unable to write signature verification output length %zd\n"), content_len);
2f13d7
 	goto exit;
2f13d7
     }
2f13d7
-    size_t validator_len = msg ? strlen(msg) : 0;
2f13d7
-    len = sizeof(validator_len);
2f13d7
-    if (Fwrite(&validator_len, len, 1, fdo) != len) {
2f13d7
-	fprintf(stderr, _("Unable to write validator output length code %zd\n"), validator_len);
2f13d7
+    if (Fwrite(msg, content_len, 1, fdo) != content_len) {
2f13d7
+	fprintf(stderr, _("Unable to write signature verification output %s\n"), msg);
2f13d7
 	goto exit;
2f13d7
     }
2f13d7
-    if (Fwrite(msg, validator_len, 1, fdo) != validator_len) {
2f13d7
-	fprintf(stderr, _("Unable to write validator output %s\n"), msg);
2f13d7
+
2f13d7
+    rc = RPMRC_OK;
2f13d7
+exit:
2f13d7
+
2f13d7
+    return rc;
2f13d7
+}
2f13d7
+
2f13d7
+static rpmRC validator(FD_t fdi, FD_t digesto, FD_t sigo,
2f13d7
+	uint8_t algos[],
2f13d7
+	uint32_t algos_len){
2f13d7
+    int rpmvsrc;
2f13d7
+    rpmRC rc = RPMRC_FAIL;
2f13d7
+    char *msg = NULL;
2f13d7
+    rpmts ts = rpmtsCreate();
2f13d7
+
2f13d7
+    rpmtsSetRootDir(ts, rpmcliRootDir);
2f13d7
+
2f13d7
+    FDDigestInit(fdi, algos, algos_len);
2f13d7
+
2f13d7
+    rpmvsrc = rpmcliVerifySignaturesFD(ts, fdi, &msg;;
2f13d7
+
2f13d7
+    // Write result of digest computation
2f13d7
+    if(FDWriteDigests(fdi, digesto, algos, algos_len) != RPMRC_OK) {
2f13d7
+	fprintf(stderr, _("Failed to write digests"));
2f13d7
 	goto exit;
2f13d7
     }
2f13d7
 
2f13d7
+    // Write result of signature validation.
2f13d7
+    if(FDWriteSignaturesValidation(sigo, rpmvsrc, msg)) {
2f13d7
+	goto exit;
2f13d7
+    }
2f13d7
+    rc = RPMRC_OK;
2f13d7
 exit:
2f13d7
     if(msg) {
2f13d7
 	free(msg);
2f13d7
     }
2f13d7
-    return rc ? RPMRC_FAIL : RPMRC_OK;
2f13d7
+    return rc;
2f13d7
 }
2f13d7
 
2f13d7
 static rpmRC process_package(FD_t fdi, FD_t digestori, FD_t validationi)
2f13d7
@@ -422,12 +449,16 @@ static off_t ufdTee(FD_t sfd, FD_t *fds, int len)
2f13d7
     return total;
2f13d7
 }
2f13d7
 
2f13d7
-static int teeRpm(FD_t fdi, FD_t digestori) {
2f13d7
-    rpmRC rc;
2f13d7
+static rpmRC teeRpm(FD_t fdi, uint8_t algos[], uint32_t algos_len) {
2f13d7
+    rpmRC rc = RPMRC_FAIL;
2f13d7
     off_t offt = -1;
2f13d7
+    // tee-ed stdin
2f13d7
     int processorpipefd[2];
2f13d7
     int validatorpipefd[2];
2f13d7
-    int rpmsignpipefd[2];
2f13d7
+    // metadata
2f13d7
+    int meta_digestpipefd[2];
2f13d7
+    int meta_rpmsignpipefd[2];
2f13d7
+
2f13d7
     pid_t cpids[2], w;
2f13d7
     int wstatus;
2f13d7
     FD_t fds[2];
2f13d7
@@ -442,8 +473,13 @@ static int teeRpm(FD_t fdi, FD_t digestori) {
2f13d7
 	return RPMRC_FAIL;
2f13d7
     }
2f13d7
 
2f13d7
-    if (pipe(rpmsignpipefd) == -1) {
2f13d7
-	fprintf(stderr, _("Validator pipe failure\n"));
2f13d7
+    if (pipe(meta_digestpipefd) == -1) {
2f13d7
+	fprintf(stderr, _("Meta digest pipe failure\n"));
2f13d7
+	return RPMRC_FAIL;
2f13d7
+    }
2f13d7
+
2f13d7
+    if (pipe(meta_rpmsignpipefd) == -1) {
2f13d7
+	fprintf(stderr, _("Meta rpm signature pipe failure\n"));
2f13d7
 	return RPMRC_FAIL;
2f13d7
     }
2f13d7
 
2f13d7
@@ -453,16 +489,20 @@ static int teeRpm(FD_t fdi, FD_t digestori) {
2f13d7
 	close(processorpipefd[0]);
2f13d7
 	close(processorpipefd[1]);
2f13d7
 	close(validatorpipefd[1]);
2f13d7
-	close(rpmsignpipefd[0]);
2f13d7
+	close(meta_digestpipefd[0]);
2f13d7
+	close(meta_rpmsignpipefd[0]);
2f13d7
 	FD_t fdi = fdDup(validatorpipefd[0]);
2f13d7
-	FD_t fdo = fdDup(rpmsignpipefd[1]);
2f13d7
-	close(rpmsignpipefd[1]);
2f13d7
-	rc = validator(fdi, fdo);
2f13d7
+	FD_t digesto = fdDup(meta_digestpipefd[1]);
2f13d7
+	FD_t sigo = fdDup(meta_rpmsignpipefd[1]);
2f13d7
+	close(meta_digestpipefd[1]);
2f13d7
+	close(meta_rpmsignpipefd[1]);
2f13d7
+	rc = validator(fdi, digesto, sigo, algos, algos_len);
2f13d7
 	if(rc != RPMRC_OK) {
2f13d7
 	    fprintf(stderr, _("Validator failed\n"));
2f13d7
 	}
2f13d7
 	Fclose(fdi);
2f13d7
-	Fclose(fdo);
2f13d7
+	Fclose(digesto);
2f13d7
+	Fclose(sigo);
2f13d7
 	if (rc != RPMRC_OK) {
2f13d7
 	    exit(EXIT_FAILURE);
2f13d7
 	}
2f13d7
@@ -475,18 +515,21 @@ static int teeRpm(FD_t fdi, FD_t digestori) {
2f13d7
 	    close(validatorpipefd[0]);
2f13d7
 	    close(validatorpipefd[1]);
2f13d7
 	    close(processorpipefd[1]);
2f13d7
-	    close(rpmsignpipefd[1]);
2f13d7
+	    close(meta_digestpipefd[1]);
2f13d7
+	    close(meta_rpmsignpipefd[1]);
2f13d7
 	    FD_t fdi = fdDup(processorpipefd[0]);
2f13d7
 	    close(processorpipefd[0]);
2f13d7
-	    FD_t validatori = fdDup(rpmsignpipefd[0]);
2f13d7
-	    close(rpmsignpipefd[0]);
2f13d7
+	    FD_t sigi = fdDup(meta_rpmsignpipefd[0]);
2f13d7
+	    close(meta_rpmsignpipefd[0]);
2f13d7
+	    FD_t digestori = fdDup(meta_digestpipefd[0]);
2f13d7
+	    close(meta_digestpipefd[0]);
2f13d7
 
2f13d7
-	    rc = process_package(fdi, digestori, validatori);
2f13d7
+	    rc = process_package(fdi, digestori, sigi);
2f13d7
 	    if(rc != RPMRC_OK) {
2f13d7
 		fprintf(stderr, _("Validator failed\n"));
2f13d7
 	    }
2f13d7
 	    Fclose(digestori);
2f13d7
-	    Fclose(validatori);
2f13d7
+	    Fclose(sigi);
2f13d7
 	    /* fdi is normally closed through the stacked file gzdi in the
2f13d7
 	     * function
2f13d7
 	     */
2f13d7
@@ -505,8 +548,10 @@ static int teeRpm(FD_t fdi, FD_t digestori) {
2f13d7
 	    fds[1] = fdDup(validatorpipefd[1]);
2f13d7
 	    close(validatorpipefd[1]);
2f13d7
 	    close(processorpipefd[1]);
2f13d7
-	    close(rpmsignpipefd[0]);
2f13d7
-	    close(rpmsignpipefd[1]);
2f13d7
+	    close(meta_digestpipefd[0]);
2f13d7
+	    close(meta_digestpipefd[1]);
2f13d7
+	    close(meta_rpmsignpipefd[0]);
2f13d7
+	    close(meta_rpmsignpipefd[1]);
2f13d7
 
2f13d7
 	    rc = RPMRC_OK;
2f13d7
 	    offt = ufdTee(fdi, fds, 2);
2f13d7
@@ -534,16 +579,10 @@ static int teeRpm(FD_t fdi, FD_t digestori) {
2f13d7
 
2f13d7
 int main(int argc, char *argv[]) {
2f13d7
     rpmRC rc;
2f13d7
-    int cprc = 0;
2f13d7
     poptContext optCon = NULL;
2f13d7
     const char **args = NULL;
2f13d7
     int nb_algos = 0;
2f13d7
 
2f13d7
-    int mainpipefd[2];
2f13d7
-    int metapipefd[2];
2f13d7
-    pid_t cpid, w;
2f13d7
-    int wstatus;
2f13d7
-
2f13d7
     xsetprogname(argv[0]);	/* Portability call -- see system.h */
2f13d7
     rpmReadConfigFiles(NULL, NULL);
2f13d7
     optCon = rpmcliInit(argc, argv, optionsTable);
2f13d7
@@ -570,69 +609,8 @@ int main(int argc, char *argv[]) {
2f13d7
 	}
2f13d7
     }
2f13d7
 
2f13d7
-    if (pipe(mainpipefd) == -1) {
2f13d7
-	fprintf(stderr, _("Main pipe failure\n"));
2f13d7
-	exit(EXIT_FAILURE);
2f13d7
-    }
2f13d7
-    if (pipe(metapipefd) == -1) {
2f13d7
-	fprintf(stderr, _("Meta pipe failure\n"));
2f13d7
-	exit(EXIT_FAILURE);
2f13d7
-    }
2f13d7
-
2f13d7
-    cpid = fork();
2f13d7
-    if (cpid == 0) {
2f13d7
-	/* child: digestor */
2f13d7
-	close(mainpipefd[0]);
2f13d7
-	close(metapipefd[0]);
2f13d7
-	FD_t fdi = fdDup(STDIN_FILENO);
2f13d7
-	FD_t fdo = fdDup(mainpipefd[1]);
2f13d7
-	FD_t validationo = fdDup(metapipefd[1]);
2f13d7
-	rc = digestor(fdi, fdo, validationo, algos, nb_algos);
2f13d7
-	Fclose(validationo);
2f13d7
-	Fclose(fdo);
2f13d7
-	Fclose(fdi);
2f13d7
-    } else {
2f13d7
-	/* parent: main program */
2f13d7
-	close(mainpipefd[1]);
2f13d7
-	close(metapipefd[1]);
2f13d7
-	FD_t fdi = fdDup(mainpipefd[0]);
2f13d7
-	FD_t digestori = fdDup(metapipefd[0]);
2f13d7
-	rc = teeRpm(fdi, digestori);
2f13d7
-	Fclose(digestori);
2f13d7
-	/* Wait for child process (digestor for stdin) to complete.
2f13d7
-	 */
2f13d7
-	if (rc != RPMRC_OK) {
2f13d7
-	    if (kill(cpid, SIGTERM) != 0) {
2f13d7
-		fprintf(stderr,
2f13d7
-		        _("Failed to kill digest process when main process failed: %s\n"),
2f13d7
-			strerror(errno));
2f13d7
-	    }
2f13d7
-	}
2f13d7
-	w = waitpid(cpid, &wstatus, 0);
2f13d7
-	if (w == -1) {
2f13d7
-	    fprintf(stderr, _("waitpid %d failed %s\n"), cpid, strerror(errno));
2f13d7
-	    cprc = EXIT_FAILURE;
2f13d7
-	} else if (WIFEXITED(wstatus)) {
2f13d7
-	    cprc = WEXITSTATUS(wstatus);
2f13d7
-	    if (cprc != 0) {
2f13d7
-		fprintf(stderr,
2f13d7
-			_("Digest process non-zero exit code %d\n"),
2f13d7
-			cprc);
2f13d7
-	    }
2f13d7
-	} else if (WIFSIGNALED(wstatus)) {
2f13d7
-	    fprintf(stderr,
2f13d7
-		    _("Digest process was terminated with a signal: %d\n"),
2f13d7
-		    WTERMSIG(wstatus));
2f13d7
-	    cprc = EXIT_FAILURE;
2f13d7
-	} else {
2f13d7
-	    /* Don't think this can happen, but covering all bases */
2f13d7
-	    fprintf(stderr, _("Unhandled circumstance in waitpid\n"));
2f13d7
-	    cprc = EXIT_FAILURE;
2f13d7
-	}
2f13d7
-	if (cprc != EXIT_SUCCESS) {
2f13d7
-	    rc = RPMRC_FAIL;
2f13d7
-	}
2f13d7
-    }
2f13d7
+    FD_t fdi = fdDup(STDIN_FILENO);
2f13d7
+    rc = teeRpm(fdi, algos, nb_algos);
2f13d7
     if (rc != RPMRC_OK) {
2f13d7
 	/* translate rpmRC into generic failure return code. */
2f13d7
 	return EXIT_FAILURE;
2f13d7
-- 
2f13d7
2.35.1
2f13d7