|
Panu Matilainen |
c7a072 |
From 3b0a150af79668052bf5842b68341adbde016005 Mon Sep 17 00:00:00 2001
|
|
Panu Matilainen |
c7a072 |
Message-ID: <3b0a150af79668052bf5842b68341adbde016005.1728896192.git.pmatilai@redhat.com>
|
|
Panu Matilainen |
c7a072 |
From: Panu Matilainen <pmatilai@redhat.com>
|
|
Panu Matilainen |
c7a072 |
Date: Thu, 5 Sep 2024 09:07:26 +0300
|
|
Panu Matilainen |
c7a072 |
Subject: [PATCH 1/3] Refactor sign command expand and parse out of runGPG()
|
|
Panu Matilainen |
c7a072 |
|
|
Panu Matilainen |
c7a072 |
We'll need the wider visibility of the executing command for the next
|
|
Panu Matilainen |
c7a072 |
steps. While at it, ensure the parsed signing command is minimally
|
|
Panu Matilainen |
c7a072 |
sufficient for what the code expects, ie has at least two items in
|
|
Panu Matilainen |
c7a072 |
the array.
|
|
Panu Matilainen |
c7a072 |
|
|
Panu Matilainen |
c7a072 |
We now need two exit points, one for the case where we forked and one
|
|
Panu Matilainen |
c7a072 |
where we didn't. Also the case where waitpid() failed entirely must
|
|
Panu Matilainen |
c7a072 |
not return directly to avoid leaking, so merge it with the rest of
|
|
Panu Matilainen |
c7a072 |
the error handling if instead.
|
|
Panu Matilainen |
c7a072 |
|
|
Panu Matilainen |
c7a072 |
(cherry picked from commit 2c9ad2bbc1d00010880076cd5c73e97ffcb946ed)
|
|
Panu Matilainen |
c7a072 |
---
|
|
Panu Matilainen |
c7a072 |
sign/rpmgensig.c | 51 ++++++++++++++++++++++++++++++----------------
|
|
Panu Matilainen |
c7a072 |
tests/rpmsigdig.at | 8 ++++++++
|
|
Panu Matilainen |
c7a072 |
2 files changed, 42 insertions(+), 17 deletions(-)
|
|
Panu Matilainen |
c7a072 |
|
|
Panu Matilainen |
c7a072 |
diff --git a/sign/rpmgensig.c b/sign/rpmgensig.c
|
|
Panu Matilainen |
c7a072 |
index a9c3c3e06..7bbd63216 100644
|
|
Panu Matilainen |
c7a072 |
--- a/sign/rpmgensig.c
|
|
Panu Matilainen |
c7a072 |
+++ b/sign/rpmgensig.c
|
|
Panu Matilainen |
c7a072 |
@@ -188,6 +188,29 @@ exit:
|
|
Panu Matilainen |
c7a072 |
return sigtd;
|
|
Panu Matilainen |
c7a072 |
}
|
|
Panu Matilainen |
c7a072 |
|
|
Panu Matilainen |
c7a072 |
+char ** signCmd(const char *sigfile)
|
|
Panu Matilainen |
c7a072 |
+{
|
|
Panu Matilainen |
c7a072 |
+ int argc = 0;
|
|
Panu Matilainen |
c7a072 |
+ char **argv = NULL;
|
|
Panu Matilainen |
c7a072 |
+
|
|
Panu Matilainen |
c7a072 |
+ rpmPushMacro(NULL, "__plaintext_filename", NULL, "-", -1);
|
|
Panu Matilainen |
c7a072 |
+ rpmPushMacro(NULL, "__signature_filename", NULL, sigfile, -1);
|
|
Panu Matilainen |
c7a072 |
+
|
|
Panu Matilainen |
c7a072 |
+ char *cmd = rpmExpand("%{?__gpg_sign_cmd}", NULL);
|
|
Panu Matilainen |
c7a072 |
+
|
|
Panu Matilainen |
c7a072 |
+ rpmPopMacro(NULL, "__plaintext_filename");
|
|
Panu Matilainen |
c7a072 |
+ rpmPopMacro(NULL, "__signature_filename");
|
|
Panu Matilainen |
c7a072 |
+
|
|
Panu Matilainen |
c7a072 |
+ if (poptParseArgvString(cmd, &argc, (const char ***)&argv) < 0 || argc < 2) {
|
|
Panu Matilainen |
c7a072 |
+ rpmlog(RPMLOG_ERR, _("Invalid sign command: %s\n"), cmd);
|
|
Panu Matilainen |
c7a072 |
+ argv = _free(argv);
|
|
Panu Matilainen |
c7a072 |
+ }
|
|
Panu Matilainen |
c7a072 |
+
|
|
Panu Matilainen |
c7a072 |
+ free(cmd);
|
|
Panu Matilainen |
c7a072 |
+
|
|
Panu Matilainen |
c7a072 |
+ return argv;
|
|
Panu Matilainen |
c7a072 |
+}
|
|
Panu Matilainen |
c7a072 |
+
|
|
Panu Matilainen |
c7a072 |
static int runGPG(sigTarget sigt, const char *sigfile)
|
|
Panu Matilainen |
c7a072 |
{
|
|
Panu Matilainen |
c7a072 |
int pid = 0, status;
|
|
Panu Matilainen |
c7a072 |
@@ -198,18 +221,17 @@ static int runGPG(sigTarget sigt, const char *sigfile)
|
|
Panu Matilainen |
c7a072 |
ssize_t wantCount;
|
|
Panu Matilainen |
c7a072 |
rpm_loff_t size;
|
|
Panu Matilainen |
c7a072 |
int rc = 1; /* assume failure */
|
|
Panu Matilainen |
c7a072 |
+ char **argv = NULL;
|
|
Panu Matilainen |
c7a072 |
+
|
|
Panu Matilainen |
c7a072 |
+ if ((argv = signCmd(sigfile)) == NULL)
|
|
Panu Matilainen |
c7a072 |
+ goto exit_nowait;
|
|
Panu Matilainen |
c7a072 |
|
|
Panu Matilainen |
c7a072 |
if (pipe(pipefd) < 0) {
|
|
Panu Matilainen |
c7a072 |
rpmlog(RPMLOG_ERR, _("Could not create pipe for signing: %m\n"));
|
|
Panu Matilainen |
c7a072 |
- goto exit;
|
|
Panu Matilainen |
c7a072 |
+ goto exit_nowait;
|
|
Panu Matilainen |
c7a072 |
}
|
|
Panu Matilainen |
c7a072 |
|
|
Panu Matilainen |
c7a072 |
- rpmPushMacro(NULL, "__plaintext_filename", NULL, "-", -1);
|
|
Panu Matilainen |
c7a072 |
- rpmPushMacro(NULL, "__signature_filename", NULL, sigfile, -1);
|
|
Panu Matilainen |
c7a072 |
-
|
|
Panu Matilainen |
c7a072 |
if (!(pid = fork())) {
|
|
Panu Matilainen |
c7a072 |
- char *const *av;
|
|
Panu Matilainen |
c7a072 |
- char *cmd = NULL;
|
|
Panu Matilainen |
c7a072 |
const char *tty = ttyname(STDIN_FILENO);
|
|
Panu Matilainen |
c7a072 |
const char *gpg_path = NULL;
|
|
Panu Matilainen |
c7a072 |
|
|
Panu Matilainen |
c7a072 |
@@ -223,19 +245,13 @@ static int runGPG(sigTarget sigt, const char *sigfile)
|
|
Panu Matilainen |
c7a072 |
dup2(pipefd[0], STDIN_FILENO);
|
|
Panu Matilainen |
c7a072 |
close(pipefd[1]);
|
|
Panu Matilainen |
c7a072 |
|
|
Panu Matilainen |
c7a072 |
- cmd = rpmExpand("%{?__gpg_sign_cmd}", NULL);
|
|
Panu Matilainen |
c7a072 |
- rc = poptParseArgvString(cmd, NULL, (const char ***)&av;;
|
|
Panu Matilainen |
c7a072 |
- if (!rc)
|
|
Panu Matilainen |
c7a072 |
- rc = execve(av[0], av+1, environ);
|
|
Panu Matilainen |
c7a072 |
+ rc = execve(argv[0], argv+1, environ);
|
|
Panu Matilainen |
c7a072 |
|
|
Panu Matilainen |
c7a072 |
rpmlog(RPMLOG_ERR, _("Could not exec %s: %s\n"), "gpg",
|
|
Panu Matilainen |
c7a072 |
strerror(errno));
|
|
Panu Matilainen |
c7a072 |
_exit(EXIT_FAILURE);
|
|
Panu Matilainen |
c7a072 |
}
|
|
Panu Matilainen |
c7a072 |
|
|
Panu Matilainen |
c7a072 |
- rpmPopMacro(NULL, "__plaintext_filename");
|
|
Panu Matilainen |
c7a072 |
- rpmPopMacro(NULL, "__signature_filename");
|
|
Panu Matilainen |
c7a072 |
-
|
|
Panu Matilainen |
c7a072 |
close(pipefd[0]);
|
|
Panu Matilainen |
c7a072 |
fpipe = fdopen(pipefd[1], "w");
|
|
Panu Matilainen |
c7a072 |
if (!fpipe) {
|
|
Panu Matilainen |
c7a072 |
@@ -280,14 +296,15 @@ exit:
|
|
Panu Matilainen |
c7a072 |
|
|
Panu Matilainen |
c7a072 |
if (reaped == -1) {
|
|
Panu Matilainen |
c7a072 |
rpmlog(RPMLOG_ERR, _("gpg waitpid failed (%s)\n"), strerror(errno));
|
|
Panu Matilainen |
c7a072 |
- return rc;
|
|
Panu Matilainen |
c7a072 |
- }
|
|
Panu Matilainen |
c7a072 |
-
|
|
Panu Matilainen |
c7a072 |
- if (!WIFEXITED(status) || WEXITSTATUS(status)) {
|
|
Panu Matilainen |
c7a072 |
+ } else if (!WIFEXITED(status) || WEXITSTATUS(status)) {
|
|
Panu Matilainen |
c7a072 |
rpmlog(RPMLOG_ERR, _("gpg exec failed (%d)\n"), WEXITSTATUS(status));
|
|
Panu Matilainen |
c7a072 |
} else {
|
|
Panu Matilainen |
c7a072 |
rc = 0;
|
|
Panu Matilainen |
c7a072 |
}
|
|
Panu Matilainen |
c7a072 |
+
|
|
Panu Matilainen |
c7a072 |
+exit_nowait:
|
|
Panu Matilainen |
c7a072 |
+ free(argv);
|
|
Panu Matilainen |
c7a072 |
+
|
|
Panu Matilainen |
c7a072 |
return rc;
|
|
Panu Matilainen |
c7a072 |
}
|
|
Panu Matilainen |
c7a072 |
|
|
Panu Matilainen |
c7a072 |
diff --git a/tests/rpmsigdig.at b/tests/rpmsigdig.at
|
|
Panu Matilainen |
c7a072 |
index b726e79ef..14dffc27a 100644
|
|
Panu Matilainen |
c7a072 |
--- a/tests/rpmsigdig.at
|
|
Panu Matilainen |
c7a072 |
+++ b/tests/rpmsigdig.at
|
|
Panu Matilainen |
c7a072 |
@@ -1028,6 +1028,14 @@ cmp -s ${ORIG} ${NEW}; echo $?
|
|
Panu Matilainen |
c7a072 |
],
|
|
Panu Matilainen |
c7a072 |
[])
|
|
Panu Matilainen |
c7a072 |
|
|
Panu Matilainen |
c7a072 |
+RPMTEST_CHECK([
|
|
Panu Matilainen |
c7a072 |
+run rpmsign --define "__gpg_sign_cmd mumble" --key-id 1964C5FC --addsign "${RPMTEST}"/tmp/hello-2.0-1.x86_64.rpm > /dev/null
|
|
Panu Matilainen |
c7a072 |
+],
|
|
Panu Matilainen |
c7a072 |
+[1],
|
|
Panu Matilainen |
c7a072 |
+[],
|
|
Panu Matilainen |
c7a072 |
+[error: Invalid sign command: mumble
|
|
Panu Matilainen |
c7a072 |
+])
|
|
Panu Matilainen |
c7a072 |
+
|
|
Panu Matilainen |
c7a072 |
# rpmsign --addsign <signed>
|
|
Panu Matilainen |
c7a072 |
RPMTEST_CHECK([
|
|
Panu Matilainen |
c7a072 |
RPMDB_INIT
|
|
Panu Matilainen |
c7a072 |
--
|
|
Panu Matilainen |
c7a072 |
2.47.0
|
|
Panu Matilainen |
c7a072 |
|