michal-grzedzicki / rpms / rpm

Forked from rpms/rpm 4 months ago
Clone
Blob Blame History Raw
From 202359dc598f2162175e3a8552c9b338d27b8989 Mon Sep 17 00:00:00 2001
From: Jes Sorensen <jsorensen@fb.com>
Date: Tue, 14 Apr 2020 10:33:32 -0400
Subject: [PATCH 24/33] Generate a zero-length signature for symlinks

The fsverity utility follows the symlink when generating a signature.
Since we don't want to sign the same file twice, we need to skip these
links, and instead just generate a dummy zero-length signature here.

Signed-off-by: Jes Sorensen <jsorensen@fb.com>
---
 sign/rpmsignverity.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/sign/rpmsignverity.c b/sign/rpmsignverity.c
index 177561957..2c7d21620 100644
--- a/sign/rpmsignverity.c
+++ b/sign/rpmsignverity.c
@@ -45,7 +45,10 @@ static char *rpmVeritySignFile(rpmfi fi, size_t *sig_size, char *key,
     uint8_t *sig = NULL;
     int status;
 
-    file_size = rpmfiFSize(fi);
+    if (S_ISLNK(rpmfiFMode(fi)))
+	file_size = 0;
+    else
+	file_size = rpmfiFSize(fi);
 
     memset(&params, 0, sizeof(struct libfsverity_merkle_tree_params));
     params.version = 1;
-- 
2.27.0