richardphibel / rpms / dnf

Forked from rpms/dnf 2 years ago
Clone

Blame SOURCES/0003-Pass-the-package-to-rpmkeys-stdin.patch

52b19a
From f109c57ab18d8b1a80e707df3c3f7ad8930bdd42 Mon Sep 17 00:00:00 2001
0d2313
From: Demi Marie Obenour <demi@invisiblethingslab.com>
0d2313
Date: Tue, 27 Apr 2021 21:07:19 -0400
0d2313
Subject: [PATCH] Pass the package to rpmkeys stdin
0d2313
0d2313
This avoids having to compute the expected stdout value, which will
0d2313
always be the constant "-: digests signatures OK\n".
0d2313
---
0d2313
 dnf/rpm/miscutils.py | 10 ++++++----
0d2313
 1 file changed, 6 insertions(+), 4 deletions(-)
0d2313
0d2313
diff --git a/dnf/rpm/miscutils.py b/dnf/rpm/miscutils.py
52b19a
index 7e33d4c4..5f2621c2 100644
0d2313
--- a/dnf/rpm/miscutils.py
0d2313
+++ b/dnf/rpm/miscutils.py
0d2313
@@ -29,7 +29,8 @@ from shutil import which
0d2313
 logger = logging.getLogger('dnf')
0d2313
 
0d2313
 
0d2313
-def _verifyPkgUsingRpmkeys(package, installroot):
0d2313
+def _verifyPkgUsingRpmkeys(package, installroot, fdno):
0d2313
+    os.lseek(fdno, 0, os.SEEK_SET)
0d2313
     rpmkeys_binary = '/usr/bin/rpmkeys'
0d2313
     if not os.path.isfile(rpmkeys_binary):
0d2313
         rpmkeys_binary = which("rpmkeys")
0d2313
@@ -40,15 +41,16 @@ def _verifyPkgUsingRpmkeys(package, installroot):
0d2313
         logger.critical(_('Cannot find rpmkeys executable to verify signatures.'))
0d2313
         return 0
0d2313
 
0d2313
-    args = ('rpmkeys', '--checksig', '--root', installroot, '--define', '_pkgverify_level all', '--', package)
0d2313
+    args = ('rpmkeys', '--checksig', '--root', installroot, '--define', '_pkgverify_level all', '-')
0d2313
     with subprocess.Popen(
0d2313
             args=args,
0d2313
             executable=rpmkeys_binary,
0d2313
             env={'LC_ALL': 'C'},
0d2313
+            stdin=fdno,
0d2313
             stdout=subprocess.PIPE,
0d2313
             cwd='/') as p:
0d2313
         data, err = p.communicate()
0d2313
-    if p.returncode != 0 or data != (package.encode('ascii', 'strict') + b': digests signatures OK\n'):
0d2313
+    if p.returncode != 0 or data != b'-: digests signatures OK\n':
0d2313
         return 0
0d2313
     else:
0d2313
         return 1
0d2313
@@ -85,7 +87,7 @@ def checkSig(ts, package):
0d2313
 
0d2313
             if siginfo == '(none)':
0d2313
                 value = 4
0d2313
-            elif "Key ID" in siginfo and _verifyPkgUsingRpmkeys(package, ts.ts.rootDir):
0d2313
+            elif "Key ID" in siginfo and _verifyPkgUsingRpmkeys(package, ts.ts.rootDir, fdno):
0d2313
                 value = 0
0d2313
             else:
0d2313
                 raise ValueError('Unexpected return value %r from hdr.sprintf when checking signature.' % siginfo)
52b19a
-- 
52b19a
2.35.1
0d2313