michal-grzedzicki / rpms / rpm

Forked from rpms/rpm 4 months ago
Clone
Blob Blame History Raw
From dc53b002bd3d03a21e9af406a9aff5e588710b5b Mon Sep 17 00:00:00 2001
From: chantra <chantr4@gmail.com>
Date: Mon, 28 Mar 2022 19:42:39 -0700
Subject: [PATCH 30/30] [rpmcow] Make rpm -i install package without the need
 of --nodigest

When using transcoded files, the logic to check signature is different
and was done while the file was transcoded. This change the code path
used by `rpm -{i,U}` to check if the file is transcoded, and in such
cases, assume it was already verified.
---
 lib/transaction.c    | 29 ++++++++++++++++++-----------
 tests/rpm2extents.at |  6 +++---
 2 files changed, 21 insertions(+), 14 deletions(-)

diff --git a/lib/transaction.c b/lib/transaction.c
index 36c2a7a64..703e4140c 100644
--- a/lib/transaction.c
+++ b/lib/transaction.c
@@ -37,6 +37,7 @@
 #include "lib/rpmfi_internal.h"	/* only internal apis */
 #include "lib/rpmte_internal.h"	/* only internal apis */
 #include "lib/rpmts_internal.h"
+#include "lib/rpmextents_internal.h"
 #include "lib/rpmvs.h"
 #include "rpmio/rpmhook.h"
 #include "lib/rpmtriggers.h"
@@ -1255,10 +1256,16 @@ static int verifyPackageFiles(rpmts ts, rpm_loff_t total)
 	    .signature = RPMRC_NOTFOUND,
 	    .vfylevel = vfylevel,
 	};
+	int verified = 0;
 	rpmRC prc = RPMRC_FAIL;
 
 	rpmtsNotify(ts, p, RPMCALLBACK_VERIFY_PROGRESS, oc++, total);
 	FD_t fd = rpmtsNotify(ts, p, RPMCALLBACK_INST_OPEN_FILE, 0, 0);
+	if (fd != NULL && isTranscodedRpm(fd) == RPMRC_OK) {
+	    /* Transcoded RPMs are validated at transcoding time */
+	    prc = RPMRC_OK;
+	    verified = 1;
+	} else {
 	if (fd != NULL) {
 	    prc = rpmpkgRead(vs, fd, NULL, NULL, &vd.msg);
 	    rpmtsNotify(ts, p, RPMCALLBACK_INST_CLOSE_FILE, 0, 0);
@@ -1267,8 +1274,11 @@ static int verifyPackageFiles(rpmts ts, rpm_loff_t total)
 	if (prc == RPMRC_OK)
 	    prc = rpmvsVerify(vs, RPMSIG_VERIFIABLE_TYPE, vfyCb, &vd);
 
+	    verified = vd.signature == RPMRC_OK;
+	}
+
 	/* Record verify result, signatures only for now */
-	rpmteSetVerified(p, vd.signature == RPMRC_OK);
+	rpmteSetVerified(p, verified);
 
 	if (prc)
 	    rpmteAddProblem(p, RPMPROB_VERIFY, NULL, vd.msg, 0);
diff --git a/tests/rpm2extents.at b/tests/rpm2extents.at
index 5c66de7f6..5135c9cf8 100644
--- a/tests/rpm2extents.at
+++ b/tests/rpm2extents.at
@@ -102,7 +102,7 @@ AT_CHECK([
 RPMDB_INIT
 
 runroot_other cat /data/RPMS/hello-2.0-1.x86_64.rpm | runroot_other rpm2extents SHA256 > ${RPMTEST}/tmp/hello-2.0-1.x86_64.rpm 2> /dev/null
-runroot_plugins rpm -i --nodigest --nodeps --undefine=%__transaction_dbus_announce /tmp/hello-2.0-1.x86_64.rpm
+runroot_plugins rpm -i --nodeps --undefine=%__transaction_dbus_announce /tmp/hello-2.0-1.x86_64.rpm
 test -f ${RPMTEST}/usr/bin/hello
 ],
 [0],
@@ -115,7 +115,7 @@ AT_KEYWORDS([reflink])
 AT_CHECK([
 RPMDB_INIT
 
-runroot_plugins rpm -i --nodigest --nodeps --undefine=%__transaction_dbus_announce /data/RPMS/hello-2.0-1.x86_64.rpm && exit $?
+runroot_plugins rpm -i --nodeps --undefine=%__transaction_dbus_announce /data/RPMS/hello-2.0-1.x86_64.rpm && exit $?
 # Check that the file is properly installed in chroot
 test -f ${RPMTEST}/usr/bin/hello
 ],
@@ -132,7 +132,7 @@ RPMDB_INIT
 
 PKG=hlinktest-1.0-1.noarch.rpm
 runroot_other cat /data/RPMS/${PKG} | runroot_other rpm2extents SHA256 > ${RPMTEST}/tmp/${PKG} 2> /dev/null
-runroot_plugins rpm -i --nodigest --nodeps --undefine=%__transaction_dbus_announce /tmp/${PKG}
+runroot_plugins rpm -i --nodeps --undefine=%__transaction_dbus_announce /tmp/${PKG}
 ],
 [0],
 [],
-- 
2.35.1