From 0a7318ab4467d3156723c7a265dbd3456b8d1e20 Mon Sep 17 00:00:00 2001

From: Panu Matilainen <pmatilai@redhat.com>

Date: Tue, 10 Oct 2017 14:44:18 +0300

Subject: [PATCH 07/33] Use rpm file info sets instead of header for retrieving

 file data

Simplifies the code a little, but more imporantly it avoids duplicating

code and special knowledge like the default digest algo and converting

hex to binary. As a side-effect, this fixes RPMTAG_FILESIGNATURELENGTH

inadvertly getting added into packages that have no files at all.

---

 sign/rpmsignfiles.c | 36 +++++++++++++++++-------------------

 1 file changed, 17 insertions(+), 19 deletions(-)

diff --git a/sign/rpmsignfiles.c b/sign/rpmsignfiles.c

index c1d227a07..de7a73cfd 100644

--- a/sign/rpmsignfiles.c

+++ b/sign/rpmsignfiles.c

@@ -8,7 +8,7 @@

 #include "imaevm.h"

 #include <rpm/rpmlog.h>		/* rpmlog */

-#include <rpm/rpmstring.h>	/* rnibble */

+#include <rpm/rpmfi.h>

 #include <rpm/rpmpgp.h>		/* rpmDigestLength */

 #include "lib/header.h"		/* HEADERGET_MINMEM */

 #include "lib/rpmtypes.h"	/* rpmRC */

@@ -32,7 +32,7 @@ static const char *hash_algo_name[] = {

 #define ARRAY_SIZE(a)  (sizeof(a) / sizeof(a[0]))

-static char *signFile(const char *algo, const char *fdigest, int diglen,

+static char *signFile(const char *algo, const uint8_t *fdigest, int diglen,

 const char *key, char *keypass)

 {

     char *fsignature;

@@ -40,15 +40,11 @@ const char *key, char *keypass)

     unsigned char signature[MAX_SIGNATURE_LENGTH];

     int siglen;

-    /* convert file digest hex to binary */

-    memset(digest, 0, diglen);

     /* some entries don't have a digest - we return an empty signature */

-    if (strlen(fdigest) != diglen * 2)

+    memset(digest, 0, diglen);

+    if (memcmp(digest, fdigest, diglen) == 0)

         return strdup("");

-    for (int i = 0; i < diglen; ++i, fdigest += 2)

-	digest[i] = (rnibble(fdigest[0]) << 4) | rnibble(fdigest[1]);

-

     /* prepare file signature */

     memset(signature, 0, MAX_SIGNATURE_LENGTH);

     signature[0] = '\x03';

@@ -82,21 +78,23 @@ char *keypass)

 rpmRC rpmSignFiles(Header sigh, Header h, const char *key, char *keypass)

 {

-    struct rpmtd_s digests, td;

+    struct rpmtd_s td;

     int algo;

     int diglen;

     uint32_t siglen;

     const char *algoname;

-    const char *digest;

+    const uint8_t *digest;

     char *signature = NULL;

     rpmRC rc = RPMRC_FAIL;

+    rpmfi fi = rpmfiNew(NULL, h, RPMTAG_BASENAMES, RPMFI_FLAGS_QUERY);

+

+    if (rpmfiFC(fi) == 0) {

+	rc = RPMRC_OK;

+	goto exit;

+    }

-    rpmtdReset(&digests);

-    algo = headerGetNumber(h, RPMTAG_FILEDIGESTALGO);

-    if (!algo) {

-        /* use default algorithm */

-        algo = PGPHASHALGO_MD5;

-    } else if (algo < 0 || algo >= ARRAY_SIZE(hash_algo_name)) {

+    algo = rpmfiDigestAlgo(fi);

+    if (algo >= ARRAY_SIZE(hash_algo_name)) {

 	rpmlog(RPMLOG_ERR, _("File digest algorithm id is invalid"));

 	goto exit;

     }

@@ -125,8 +123,8 @@ rpmRC rpmSignFiles(Header sigh, Header h, const char *key, char *keypass)

     td.data = NULL; /* set in the loop below */

     td.count = 1;

-    headerGet(h, RPMTAG_FILEDIGESTS, &digests, HEADERGET_MINMEM);

-    while ((digest = rpmtdNextString(&digests))) {

+    while (rpmfiNext(fi) >= 0) {

+	digest = rpmfiFDigest(fi, NULL, NULL);

 	signature = signFile(algoname, digest, diglen, key, keypass);

 	if (!signature) {

 	    rpmlog(RPMLOG_ERR, _("signFile failed\n"));

@@ -143,6 +141,6 @@ rpmRC rpmSignFiles(Header sigh, Header h, const char *key, char *keypass)

 exit:

     free(signature);

-    rpmtdFreeData(&digests);

+    rpmfiFree(fi);

     return rc;

 }

-- 

2.27.0