michal-grzedzicki / rpms / rpm

Forked from rpms/rpm 4 months ago
Clone

Blame 0017-rpmsign-Add-helper-to-indicate-file-signing-enabled.patch

45e748
From dbb4f464d177e2c3bfa13b1b2bb511fa6fde40d9 Mon Sep 17 00:00:00 2001
45e748
From: Jes Sorensen <jsorensen@fb.com>
45e748
Date: Wed, 27 May 2020 16:49:03 -0400
45e748
Subject: [PATCH 17/33] rpmsign: Add helper to indicate file signing enabled
45e748
45e748
Helper function returning true if either IMA or VERITY signatures are
45e748
to be applied. This simplifies the code and makes it easier to read.
45e748
45e748
Signed-off-by: Jes Sorensen <jsorensen@fb.com>
45e748
---
45e748
 rpmsign.c | 10 +++++++---
45e748
 1 file changed, 7 insertions(+), 3 deletions(-)
45e748
45e748
diff --git a/rpmsign.c b/rpmsign.c
45e748
index 8861c2c59..94cbf1d1a 100644
45e748
--- a/rpmsign.c
45e748
+++ b/rpmsign.c
45e748
@@ -67,6 +67,11 @@ static struct poptOption optionsTable[] = {
45e748
 };
45e748
 
45e748
 #if defined(WITH_IMAEVM) || defined(WITH_FSVERITY)
45e748
+static int flags_sign_files(int flags)
45e748
+{
45e748
+	return (flags & (RPMSIGN_FLAG_IMA | RPMSIGN_FLAG_FSVERITY) ? 1 : 0);
45e748
+}
45e748
+
45e748
 static char *get_fskpass(void)
45e748
 {
45e748
     struct termios flags, tmp_flags;
45e748
@@ -118,7 +123,7 @@ static int doSign(poptContext optCon, struct rpmSignArgs *sargs)
45e748
 	rpmPushMacro(NULL, "_file_signing_key", NULL, fileSigningKey, RMIL_GLOBAL);
45e748
     }
45e748
 
45e748
-    if (sargs->signflags & (RPMSIGN_FLAG_IMA | RPMSIGN_FLAG_FSVERITY)) {
45e748
+    if (flags_sign_files(sargs->signflags)) {
45e748
 	char *fileSigningKeyPassword = NULL;
45e748
 	char *key = rpmExpand("%{?_file_signing_key}", NULL);
45e748
 	if (rstreq(key, "")) {
45e748
@@ -173,8 +178,7 @@ int main(int argc, char *argv[])
45e748
     }
45e748
 
45e748
 #if defined(WITH_IMAEVM) || defined(WITH_FSVERITY)
45e748
-    if (fileSigningKey &&
45e748
-	!(sargs.signflags & (RPMSIGN_FLAG_IMA | RPMSIGN_FLAG_FSVERITY))) {
45e748
+    if (fileSigningKey && !(flags_sign_files(sargs.signflags))) {
45e748
 	argerror(_("--fskpath may only be specified when signing files"));
45e748
     }
45e748
 #endif
45e748
-- 
45e748
2.27.0
45e748