From 0a7318ab4467d3156723c7a265dbd3456b8d1e20 Mon Sep 17 00:00:00 2001
From: Panu Matilainen <pmatilai@redhat.com>
Date: Tue, 10 Oct 2017 14:44:18 +0300
Subject: [PATCH 07/33] Use rpm file info sets instead of header for retrieving
file data
Simplifies the code a little, but more imporantly it avoids duplicating
code and special knowledge like the default digest algo and converting
hex to binary. As a side-effect, this fixes RPMTAG_FILESIGNATURELENGTH
inadvertly getting added into packages that have no files at all.
---
sign/rpmsignfiles.c | 36 +++++++++++++++++-------------------
1 file changed, 17 insertions(+), 19 deletions(-)
diff --git a/sign/rpmsignfiles.c b/sign/rpmsignfiles.c
index c1d227a07..de7a73cfd 100644
--- a/sign/rpmsignfiles.c
+++ b/sign/rpmsignfiles.c
@@ -8,7 +8,7 @@
#include "imaevm.h"
#include <rpm/rpmlog.h> /* rpmlog */
-#include <rpm/rpmstring.h> /* rnibble */
+#include <rpm/rpmfi.h>
#include <rpm/rpmpgp.h> /* rpmDigestLength */
#include "lib/header.h" /* HEADERGET_MINMEM */
#include "lib/rpmtypes.h" /* rpmRC */
@@ -32,7 +32,7 @@ static const char *hash_algo_name[] = {
#define ARRAY_SIZE(a) (sizeof(a) / sizeof(a[0]))
-static char *signFile(const char *algo, const char *fdigest, int diglen,
+static char *signFile(const char *algo, const uint8_t *fdigest, int diglen,
const char *key, char *keypass)
{
char *fsignature;
@@ -40,15 +40,11 @@ const char *key, char *keypass)
unsigned char signature[MAX_SIGNATURE_LENGTH];
int siglen;
- /* convert file digest hex to binary */
- memset(digest, 0, diglen);
/* some entries don't have a digest - we return an empty signature */
- if (strlen(fdigest) != diglen * 2)
+ memset(digest, 0, diglen);
+ if (memcmp(digest, fdigest, diglen) == 0)
return strdup("");
- for (int i = 0; i < diglen; ++i, fdigest += 2)
- digest[i] = (rnibble(fdigest[0]) << 4) | rnibble(fdigest[1]);
-
/* prepare file signature */
memset(signature, 0, MAX_SIGNATURE_LENGTH);
signature[0] = '\x03';
@@ -82,21 +78,23 @@ char *keypass)
rpmRC rpmSignFiles(Header sigh, Header h, const char *key, char *keypass)
{
- struct rpmtd_s digests, td;
+ struct rpmtd_s td;
int algo;
int diglen;
uint32_t siglen;
const char *algoname;
- const char *digest;
+ const uint8_t *digest;
char *signature = NULL;
rpmRC rc = RPMRC_FAIL;
+ rpmfi fi = rpmfiNew(NULL, h, RPMTAG_BASENAMES, RPMFI_FLAGS_QUERY);
+
+ if (rpmfiFC(fi) == 0) {
+ rc = RPMRC_OK;
+ goto exit;
+ }
- rpmtdReset(&digests);
- algo = headerGetNumber(h, RPMTAG_FILEDIGESTALGO);
- if (!algo) {
- /* use default algorithm */
- algo = PGPHASHALGO_MD5;
- } else if (algo < 0 || algo >= ARRAY_SIZE(hash_algo_name)) {
+ algo = rpmfiDigestAlgo(fi);
+ if (algo >= ARRAY_SIZE(hash_algo_name)) {
rpmlog(RPMLOG_ERR, _("File digest algorithm id is invalid"));
goto exit;
}
@@ -125,8 +123,8 @@ rpmRC rpmSignFiles(Header sigh, Header h, const char *key, char *keypass)
td.data = NULL; /* set in the loop below */
td.count = 1;
- headerGet(h, RPMTAG_FILEDIGESTS, &digests, HEADERGET_MINMEM);
- while ((digest = rpmtdNextString(&digests))) {
+ while (rpmfiNext(fi) >= 0) {
+ digest = rpmfiFDigest(fi, NULL, NULL);
signature = signFile(algoname, digest, diglen, key, keypass);
if (!signature) {
rpmlog(RPMLOG_ERR, _("signFile failed\n"));
@@ -143,6 +141,6 @@ rpmRC rpmSignFiles(Header sigh, Header h, const char *key, char *keypass)
exit:
free(signature);
- rpmtdFreeData(&digests);
+ rpmfiFree(fi);
return rc;
}
--
2.27.0