michal-grzedzicki / rpms / rpm

Forked from rpms/rpm 4 months ago
Clone

Blame 0027-rpmchecksig-Refactor-rpmpkgVerifySigs-with-custom-ve.patch

2f13d7
From 1e0850cf7649578e1d7da815751efaa8101773e7 Mon Sep 17 00:00:00 2001
2f13d7
From: chantra <chantr4@gmail.com>
2f13d7
Date: Fri, 18 Feb 2022 11:29:06 -0800
2f13d7
Subject: [PATCH 27/30] [rpmchecksig] Refactor rpmpkgVerifySigs with custom
2f13d7
 verify callback
2f13d7
2f13d7
The current `rpmpkgVerifySigs` was conflating logging and the actual
2f13d7
package verification.
2f13d7
2f13d7
This change makes it possible to pass the verify callback and its data to
2f13d7
`rpmpkgVerifySigs` so callers can customize how they handle the outcome
2f13d7
of signature verifications.
2f13d7
---
2f13d7
 lib/rpmchecksig.c | 78 ++++++++++++++++++++++-------------------------
2f13d7
 lib/rpmextents.c  |  1 -
2f13d7
 2 files changed, 36 insertions(+), 43 deletions(-)
2f13d7
2f13d7
diff --git a/lib/rpmchecksig.c b/lib/rpmchecksig.c
2f13d7
index 7ad4e7034..c9fc3bbc9 100644
2f13d7
--- a/lib/rpmchecksig.c
2f13d7
+++ b/lib/rpmchecksig.c
2f13d7
@@ -222,16 +222,11 @@ exit:
2f13d7
 }
2f13d7
 
2f13d7
 static int rpmpkgVerifySigs(rpmKeyring keyring, int vfylevel, rpmVSFlags flags,
2f13d7
-			   FD_t fd, const char *fn)
2f13d7
+			   FD_t fd, rpmsinfoCb cb, void *cbdata)
2f13d7
 {
2f13d7
     char *msg = NULL;
2f13d7
-    struct vfydata_s vd = { .seen = 0,
2f13d7
-			    .bad = 0,
2f13d7
-			    .verbose = rpmIsVerbose(),
2f13d7
-    };
2f13d7
     int rc;
2f13d7
 
2f13d7
-    rpmlog(RPMLOG_NOTICE, "%s:%s", fn, vd.verbose ? "\n" : "");
2f13d7
 
2f13d7
     if(isTranscodedRpm(fd) == RPMRC_OK){
2f13d7
 	return extentsVerifySigs(fd);
2f13d7
@@ -244,19 +239,7 @@ static int rpmpkgVerifySigs(rpmKeyring keyring, int vfylevel, rpmVSFlags flags,
2f13d7
     if (rc)
2f13d7
 	goto exit;
2f13d7
 
2f13d7
-    rc = rpmvsVerify(vs, RPMSIG_VERIFIABLE_TYPE, vfyCb, &vd);
2f13d7
-
2f13d7
-    if (!vd.verbose) {
2f13d7
-	if (vd.seen & RPMSIG_DIGEST_TYPE) {
2f13d7
-	    rpmlog(RPMLOG_NOTICE, " %s", (vd.bad & RPMSIG_DIGEST_TYPE) ?
2f13d7
-					_("DIGESTS") : _("digests"));
2f13d7
-	}
2f13d7
-	if (vd.seen & RPMSIG_SIGNATURE_TYPE) {
2f13d7
-	    rpmlog(RPMLOG_NOTICE, " %s", (vd.bad & RPMSIG_SIGNATURE_TYPE) ?
2f13d7
-					_("SIGNATURES") : _("signatures"));
2f13d7
-	}
2f13d7
-	rpmlog(RPMLOG_NOTICE, " %s\n", rc ? _("NOT OK") : _("OK"));
2f13d7
-    }
2f13d7
+    rc = rpmvsVerify(vs, RPMSIG_VERIFIABLE_TYPE, cb, cbdata);
2f13d7
 
2f13d7
 exit:
2f13d7
     if (rc && msg)
2f13d7
@@ -266,38 +249,39 @@ exit:
2f13d7
     return rc;
2f13d7
 }
2f13d7
 
2f13d7
-static int rpmpkgVerifySigsFD(rpmKeyring keyring, int vfylevel, rpmVSFlags flags,
2f13d7
-			   FD_t fd, rpmsinfoCb cb, void *cbdata)
2f13d7
-{
2f13d7
-    char *msg = NULL;
2f13d7
-    int rc;
2f13d7
-    struct rpmvs_s *vs = rpmvsCreate(vfylevel, flags, keyring);
2f13d7
-
2f13d7
-    rc = rpmpkgRead(vs, fd, NULL, NULL, &msg;;
2f13d7
-
2f13d7
-    if (rc)
2f13d7
-	goto exit;
2f13d7
-
2f13d7
-    rc = rpmvsVerify(vs, RPMSIG_VERIFIABLE_TYPE, cb, cbdata);
2f13d7
-
2f13d7
-exit:
2f13d7
-    if (rc && msg)
2f13d7
-	rpmlog(RPMLOG_ERR, "%s\n", msg);
2f13d7
-    rpmvsFree(vs);
2f13d7
-    free(msg);
2f13d7
-    return rc;
2f13d7
+static void rpmkgVerifySigsPreLogging(struct vfydata_s *vd, const char *fn){
2f13d7
+    rpmlog(RPMLOG_NOTICE, "%s:%s", fn, vd->verbose ? "\n" : "");
2f13d7
 }
2f13d7
 
2f13d7
+static void rpmkgVerifySigsPostLogging(struct vfydata_s *vd, int rc){
2f13d7
+    if (!vd->verbose) {
2f13d7
+	if (vd->seen & RPMSIG_DIGEST_TYPE) {
2f13d7
+	    rpmlog(RPMLOG_NOTICE, " %s", (vd->bad & RPMSIG_DIGEST_TYPE) ?
2f13d7
+					_("DIGESTS") : _("digests"));
2f13d7
+	}
2f13d7
+	if (vd->seen & RPMSIG_SIGNATURE_TYPE) {
2f13d7
+	    rpmlog(RPMLOG_NOTICE, " %s", (vd->bad & RPMSIG_SIGNATURE_TYPE) ?
2f13d7
+					_("SIGNATURES") : _("signatures"));
2f13d7
+	}
2f13d7
+	rpmlog(RPMLOG_NOTICE, " %s\n", rc ? _("NOT OK") : _("OK"));
2f13d7
+    }
2f13d7
+}
2f13d7
 
2f13d7
 /* Wrapper around rpmkVerifySigs to preserve API */
2f13d7
 int rpmVerifySignatures(QVA_t qva, rpmts ts, FD_t fd, const char * fn)
2f13d7
 {
2f13d7
     int rc = 1; /* assume failure */
2f13d7
+    struct vfydata_s vd = { .seen = 0,
2f13d7
+			    .bad = 0,
2f13d7
+			    .verbose = rpmIsVerbose(),
2f13d7
+    };
2f13d7
     if (ts && qva && fd && fn) {
2f13d7
 	rpmKeyring keyring = rpmtsGetKeyring(ts, 1);
2f13d7
 	rpmVSFlags vsflags = rpmtsVfyFlags(ts);
2f13d7
 	int vfylevel = rpmtsVfyLevel(ts);
2f13d7
-	rc = rpmpkgVerifySigs(keyring, vfylevel, vsflags, fd, fn);
2f13d7
+	rpmkgVerifySigsPreLogging(&vd, fn);
2f13d7
+	rc = rpmpkgVerifySigs(keyring, vfylevel, vsflags, fd, vfyCb, &vd);
2f13d7
+	rpmkgVerifySigsPostLogging(&vd, rc);
2f13d7
     	rpmKeyringFree(keyring);
2f13d7
     }
2f13d7
     return rc;
2f13d7
@@ -319,12 +303,22 @@ int rpmcliVerifySignatures(rpmts ts, ARGV_const_t argv)
2f13d7
 
2f13d7
     while ((arg = *argv++) != NULL) {
2f13d7
 	FD_t fd = Fopen(arg, "r.ufdio");
2f13d7
+	struct vfydata_s vd = { .seen = 0,
2f13d7
+				.bad = 0,
2f13d7
+				.verbose = rpmIsVerbose(),
2f13d7
+	};
2f13d7
 	if (fd == NULL || Ferror(fd)) {
2f13d7
 	    rpmlog(RPMLOG_ERR, _("%s: open failed: %s\n"), 
2f13d7
 		     arg, Fstrerror(fd));
2f13d7
 	    res++;
2f13d7
-	} else if (rpmpkgVerifySigs(keyring, vfylevel, vsflags, fd, arg)) {
2f13d7
+	} else {
2f13d7
+	    rpmkgVerifySigsPreLogging(&vd, arg);
2f13d7
+	    int rc = rpmpkgVerifySigs(keyring, vfylevel, vsflags, fd,
2f13d7
+				      vfyCb, &vd);
2f13d7
+	    rpmkgVerifySigsPostLogging(&vd, rc);
2f13d7
+	    if (rc) {
2f13d7
 	    res++;
2f13d7
+	    }
2f13d7
 	}
2f13d7
 
2f13d7
 	Fclose(fd);
2f13d7
@@ -373,7 +367,7 @@ int rpmcliVerifySignaturesFD(rpmts ts, FD_t fdi, char **msg)
2f13d7
 	rpmtsSetVfyLevel(ts, vfylevel);
2f13d7
     }
2f13d7
 
2f13d7
-    if (!rpmpkgVerifySigsFD(keyring, vfylevel, vsflags, fdi, vfyFDCb, &vd)) {
2f13d7
+    if (!rpmpkgVerifySigs(keyring, vfylevel, vsflags, fdi, vfyFDCb, &vd)) {
2f13d7
 	rc = RPMRC_OK;
2f13d7
     }
2f13d7
     *msg = strdup(vd.msg);
2f13d7
diff --git a/lib/rpmextents.c b/lib/rpmextents.c
2f13d7
index f28596f0b..59ba427a4 100644
2f13d7
--- a/lib/rpmextents.c
2f13d7
+++ b/lib/rpmextents.c
2f13d7
@@ -89,7 +89,6 @@ rpmRC extentsFooterFromFD(FD_t fd, struct extents_footer_t *footer) {
2f13d7
 	goto exit;
2f13d7
     }
2f13d7
     if (footer->magic != EXTENTS_MAGIC) {
2f13d7
-	rpmlog(RPMLOG_ERR, _("isTranscodedRpm: not transcoded\n"));
2f13d7
 	rc = RPMRC_NOTFOUND;
2f13d7
 	goto exit;
2f13d7
     }
2f13d7
-- 
2f13d7
2.35.1
2f13d7