teknoraver / rpms / rpm

Forked from rpms/rpm 4 months ago
Clone
Source Code
GIT

Blame 0001-Forward-port-obsoleted-crypto-needed-by-current-libd.patch

c10s-sig-hyperscale c8 c8s c8s-sig-hyperscale c9 c9s-sig-hyperscale
  1.   3aac3a0be990454cc27d6a5547c9a20a3ec09640
  2.   0001-Forward-port-obsoleted-crypto-needed-by-current-libd.patch
Blob History Raw
Florian Festi 3913b4 
From 9a9514e665c30554a4d72c7c79475af315b83dc3 Mon Sep 17 00:00:00 2001
Florian Festi 3913b4 
Message-Id: <9a9514e665c30554a4d72c7c79475af315b83dc3.1683531413.git.pmatilai@redhat.com>
Florian Festi 3913b4 
From: Panu Matilainen <pmatilai@redhat.com>
Florian Festi 3913b4 
Date: Mon, 8 May 2023 09:26:46 +0300
Florian Festi 3913b4 
Subject: [PATCH] Forward-port obsoleted crypto needed by current libdnf
Florian Festi 3913b4
Florian Festi 3913b4 
Provide the minimum required bits to allow the old PackageKit-inherited
Florian Festi 3913b4 
signature in libdnf to work until the switch to dnf5 happens, allegedly
Florian Festi 3913b4 
during this release cycle.
Florian Festi 3913b4 
---
Florian Festi 3913b4 
 include/rpm/rpmkeyring.h |  4 ++++
Florian Festi 3913b4 
 include/rpm/rpmpgp.h     | 15 ++++++++++++
Florian Festi 3913b4 
 rpmio/rpmkeyring.c       | 52 ++++++++++++++++++++++++++++++++++++++++
Florian Festi 3913b4 
 rpmio/rpmpgp_sequoia.c   | 11 +++++++++
Florian Festi 3913b4 
 4 files changed, 82 insertions(+)
Florian Festi 3913b4
Florian Festi 3913b4 
diff --git a/include/rpm/rpmkeyring.h b/include/rpm/rpmkeyring.h
Florian Festi 3913b4 
index 3d8d55773..c84292ff8 100644
Florian Festi 3913b4 
--- a/include/rpm/rpmkeyring.h
Florian Festi 3913b4 
+++ b/include/rpm/rpmkeyring.h
Florian Festi 3913b4 
@@ -101,6 +101,10 @@ char * rpmPubkeyBase64(rpmPubkey key);
Florian Festi 3913b4 
  */
Florian Festi 3913b4 
 pgpDigParams rpmPubkeyPgpDigParams(rpmPubkey key);
Florian Festi 3913b4
Florian Festi 3913b4 
+/* Obsolete APIs required by libdnf, do not use */
Florian Festi 3913b4 
+rpmRC rpmKeyringLookup(rpmKeyring keyring, pgpDig sig);
Florian Festi 3913b4 
+pgpDig rpmPubkeyDig(rpmPubkey key);
Florian Festi 3913b4 
+
Florian Festi 3913b4 
 #ifdef __cplusplus
Florian Festi 3913b4 
 }
Florian Festi 3913b4 
 #endif
Florian Festi 3913b4 
diff --git a/include/rpm/rpmpgp.h b/include/rpm/rpmpgp.h
Florian Festi 3913b4 
index 675cbad73..f83642c18 100644
Florian Festi 3913b4 
--- a/include/rpm/rpmpgp.h
Florian Festi 3913b4 
+++ b/include/rpm/rpmpgp.h
Florian Festi 3913b4 
@@ -1225,6 +1225,21 @@ int pgpSignatureType(pgpDigParams sig);
Florian Festi 3913b4 
  */
Florian Festi 3913b4 
 char *pgpIdentItem(pgpDigParams digp);
Florian Festi 3913b4
Florian Festi 3913b4 
+/* Obsolete APIs required by libdnf, do not use */
Florian Festi 3913b4 
+typedef struct pgpDig_s * pgpDig;
Florian Festi 3913b4 
+
Florian Festi 3913b4 
+RPM_GNUC_DEPRECATED
Florian Festi 3913b4 
+pgpDig pgpNewDig(void);
Florian Festi 3913b4 
+
Florian Festi 3913b4 
+RPM_GNUC_DEPRECATED
Florian Festi 3913b4 
+pgpDig pgpFreeDig(pgpDig dig);
Florian Festi 3913b4 
+
Florian Festi 3913b4 
+RPM_GNUC_DEPRECATED
Florian Festi 3913b4 
+pgpDigParams pgpDigGetParams(pgpDig dig, unsigned int pkttype);
Florian Festi 3913b4 
+
Florian Festi 3913b4 
+RPM_GNUC_DEPRECATED
Florian Festi 3913b4 
+int pgpPrtPkts(const uint8_t *pkts, size_t pktlen, pgpDig dig, int printing);
Florian Festi 3913b4 
+
Florian Festi 3913b4 
 #ifdef __cplusplus
Florian Festi 3913b4 
 }
Florian Festi 3913b4 
 #endif
Florian Festi 3913b4 
diff --git a/rpmio/rpmkeyring.c b/rpmio/rpmkeyring.c
Florian Festi 3913b4 
index e3eb9e6ea..464163895 100644
Florian Festi 3913b4 
--- a/rpmio/rpmkeyring.c
Florian Festi 3913b4 
+++ b/rpmio/rpmkeyring.c
Florian Festi 3913b4 
@@ -289,3 +289,55 @@ rpmRC rpmKeyringVerifySig(rpmKeyring keyring, pgpDigParams sig, DIGEST_CTX ctx)
Florian Festi 3913b4
Florian Festi 3913b4 
     return rc;
Florian Festi 3913b4 
 }
Florian Festi 3913b4 
+
Florian Festi 3913b4 
+rpmRC rpmKeyringLookup(rpmKeyring keyring, pgpDig sig)
Florian Festi 3913b4 
+{
Florian Festi 3913b4 
+    pthread_rwlock_rdlock(&keyring->lock);
Florian Festi 3913b4 
+
Florian Festi 3913b4 
+    rpmRC res = RPMRC_NOKEY;
Florian Festi 3913b4 
+    pgpDigParams sigp = pgpDigGetParams(sig, PGPTAG_SIGNATURE);
Florian Festi 3913b4 
+    rpmPubkey key = findbySig(keyring, sigp);
Florian Festi 3913b4 
+
Florian Festi 3913b4 
+    if (key) {
Florian Festi 3913b4 
+	/*
Florian Festi 3913b4 
+ 	 * Callers expect sig to have the key data parsed into pgpDig
Florian Festi 3913b4 
+ 	 * on (successful) return, sigh. No need to check for return
Florian Festi 3913b4 
+ 	 * here as this is validated at rpmPubkeyNew() already.
Florian Festi 3913b4 
+ 	 */
Florian Festi 3913b4 
+	pgpPrtPkts(key->pkt, key->pktlen, sig, _print_pkts);
Florian Festi 3913b4 
+	res = RPMRC_OK;
Florian Festi 3913b4 
+    }
Florian Festi 3913b4 
+
Florian Festi 3913b4 
+    pthread_rwlock_unlock(&keyring->lock);
Florian Festi 3913b4 
+    return res;
Florian Festi 3913b4 
+}
Florian Festi 3913b4 
+
Florian Festi 3913b4 
+pgpDig rpmPubkeyDig(rpmPubkey key)
Florian Festi 3913b4 
+{
Florian Festi 3913b4 
+    pgpDig dig = NULL;
Florian Festi 3913b4 
+    static unsigned char zeros[] =
Florian Festi 3913b4 
+	{ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
Florian Festi 3913b4 
+    int rc;
Florian Festi 3913b4 
+    if (key == NULL)
Florian Festi 3913b4 
+	return NULL;
Florian Festi 3913b4 
+
Florian Festi 3913b4 
+    dig = pgpNewDig();
Florian Festi 3913b4 
+
Florian Festi 3913b4 
+    pthread_rwlock_rdlock(&key->lock);
Florian Festi 3913b4 
+    rc = pgpPrtPkts(key->pkt, key->pktlen, dig, _print_pkts);
Florian Festi 3913b4 
+    pthread_rwlock_unlock(&key->lock);
Florian Festi 3913b4 
+
Florian Festi 3913b4 
+    if (rc == 0) {
Florian Festi 3913b4 
+	pgpDigParams pubp = pgpDigGetParams(dig, PGPTAG_PUBLIC_KEY);
Florian Festi 3913b4 
+	if (!pubp || !memcmp(pgpDigParamsSignID(pubp), zeros, sizeof(zeros)) ||
Florian Festi 3913b4 
+            pgpDigParamsCreationTime(pubp) == 0 ||
Florian Festi 3913b4 
+            pgpDigParamsUserID(pubp) == NULL) {
Florian Festi 3913b4 
+	    rc = -1;
Florian Festi 3913b4 
+	}
Florian Festi 3913b4 
+    }
Florian Festi 3913b4 
+
Florian Festi 3913b4 
+    if (rc)
Florian Festi 3913b4 
+	dig = pgpFreeDig(dig);
Florian Festi 3913b4 
+
Florian Festi 3913b4 
+    return dig;
Florian Festi 3913b4 
+}
Florian Festi 3913b4 
diff --git a/rpmio/rpmpgp_sequoia.c b/rpmio/rpmpgp_sequoia.c
Florian Festi 3913b4 
index d0b673953..0c1c848dc 100644
Florian Festi 3913b4 
--- a/rpmio/rpmpgp_sequoia.c
Florian Festi 3913b4 
+++ b/rpmio/rpmpgp_sequoia.c
Florian Festi 3913b4 
@@ -80,3 +80,14 @@ W(int, rpmDigestUpdate, (DIGEST_CTX ctx, const void * data, size_t len),
Florian Festi 3913b4 
 W(int, rpmDigestFinal,
Florian Festi 3913b4 
   (DIGEST_CTX ctx, void ** datap, size_t *lenp, int asAscii),
Florian Festi 3913b4 
   (ctx, datap, lenp, asAscii))
Florian Festi 3913b4 
+
Florian Festi 3913b4 
+// Minimal backport of APIs required by libdnf until dnf5 takes over
Florian Festi 3913b4 
+W(int, pgpPrtPkts,
Florian Festi 3913b4 
+  (const uint8_t *pkts, size_t pktlen, pgpDig dig, int printing),
Florian Festi 3913b4 
+  (pkts, pktlen, dig, printing))
Florian Festi 3913b4 
+W(pgpDig, pgpNewDig, (void), ())
Florian Festi 3913b4 
+W(pgpDig, pgpFreeDig, (pgpDig dig), (dig))
Florian Festi 3913b4 
+W(pgpDigParams, pgpDigGetParams,
Florian Festi 3913b4 
+  (pgpDig dig, unsigned int pkttype),
Florian Festi 3913b4 
+  (dig, pkttype))
Florian Festi 3913b4 
+
Florian Festi 3913b4 
--
Florian Festi 3913b4 
2.40.1
Florian Festi 3913b4

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation