From 1e0850cf7649578e1d7da815751efaa8101773e7 Mon Sep 17 00:00:00 2001

From: chantra <chantr4@gmail.com>

Date: Fri, 18 Feb 2022 11:29:06 -0800

Subject: [PATCH 27/30] [rpmchecksig] Refactor rpmpkgVerifySigs with custom

 verify callback

The current `rpmpkgVerifySigs` was conflating logging and the actual

package verification.

This change makes it possible to pass the verify callback and its data to

`rpmpkgVerifySigs` so callers can customize how they handle the outcome

of signature verifications.

---

 lib/rpmchecksig.c | 78 ++++++++++++++++++++++-------------------------

 lib/rpmextents.c  |  1 -

 2 files changed, 36 insertions(+), 43 deletions(-)

diff --git a/lib/rpmchecksig.c b/lib/rpmchecksig.c

index 7ad4e7034..c9fc3bbc9 100644

--- a/lib/rpmchecksig.c

+++ b/lib/rpmchecksig.c

@@ -222,16 +222,11 @@ exit:

 }

 static int rpmpkgVerifySigs(rpmKeyring keyring, int vfylevel, rpmVSFlags flags,

-			   FD_t fd, const char *fn)

+			   FD_t fd, rpmsinfoCb cb, void *cbdata)

 {

     char *msg = NULL;

-    struct vfydata_s vd = { .seen = 0,

-			    .bad = 0,

-			    .verbose = rpmIsVerbose(),

-    };

     int rc;

-    rpmlog(RPMLOG_NOTICE, "%s:%s", fn, vd.verbose ? "\n" : "");

     if(isTranscodedRpm(fd) == RPMRC_OK){

 	return extentsVerifySigs(fd);

@@ -244,19 +239,7 @@ static int rpmpkgVerifySigs(rpmKeyring keyring, int vfylevel, rpmVSFlags flags,

     if (rc)

 	goto exit;

-    rc = rpmvsVerify(vs, RPMSIG_VERIFIABLE_TYPE, vfyCb, &vd);

-

-    if (!vd.verbose) {

-	if (vd.seen & RPMSIG_DIGEST_TYPE) {

-	    rpmlog(RPMLOG_NOTICE, " %s", (vd.bad & RPMSIG_DIGEST_TYPE) ?

-					_("DIGESTS") : _("digests"));

-	}

-	if (vd.seen & RPMSIG_SIGNATURE_TYPE) {

-	    rpmlog(RPMLOG_NOTICE, " %s", (vd.bad & RPMSIG_SIGNATURE_TYPE) ?

-					_("SIGNATURES") : _("signatures"));

-	}

-	rpmlog(RPMLOG_NOTICE, " %s\n", rc ? _("NOT OK") : _("OK"));

-    }

+    rc = rpmvsVerify(vs, RPMSIG_VERIFIABLE_TYPE, cb, cbdata);

 exit:

     if (rc && msg)

@@ -266,38 +249,39 @@ exit:

     return rc;

 }

-static int rpmpkgVerifySigsFD(rpmKeyring keyring, int vfylevel, rpmVSFlags flags,

-			   FD_t fd, rpmsinfoCb cb, void *cbdata)

-{

-    char *msg = NULL;

-    int rc;

-    struct rpmvs_s *vs = rpmvsCreate(vfylevel, flags, keyring);

-

-    rc = rpmpkgRead(vs, fd, NULL, NULL, &msg;;

-

-    if (rc)

-	goto exit;

-

-    rc = rpmvsVerify(vs, RPMSIG_VERIFIABLE_TYPE, cb, cbdata);

-

-exit:

-    if (rc && msg)

-	rpmlog(RPMLOG_ERR, "%s\n", msg);

-    rpmvsFree(vs);

-    free(msg);

-    return rc;

+static void rpmkgVerifySigsPreLogging(struct vfydata_s *vd, const char *fn){

+    rpmlog(RPMLOG_NOTICE, "%s:%s", fn, vd->verbose ? "\n" : "");

 }

+static void rpmkgVerifySigsPostLogging(struct vfydata_s *vd, int rc){

+    if (!vd->verbose) {

+	if (vd->seen & RPMSIG_DIGEST_TYPE) {

+	    rpmlog(RPMLOG_NOTICE, " %s", (vd->bad & RPMSIG_DIGEST_TYPE) ?

+					_("DIGESTS") : _("digests"));

+	}

+	if (vd->seen & RPMSIG_SIGNATURE_TYPE) {

+	    rpmlog(RPMLOG_NOTICE, " %s", (vd->bad & RPMSIG_SIGNATURE_TYPE) ?

+					_("SIGNATURES") : _("signatures"));

+	}

+	rpmlog(RPMLOG_NOTICE, " %s\n", rc ? _("NOT OK") : _("OK"));

+    }

+}

 /* Wrapper around rpmkVerifySigs to preserve API */

 int rpmVerifySignatures(QVA_t qva, rpmts ts, FD_t fd, const char * fn)

 {

     int rc = 1; /* assume failure */

+    struct vfydata_s vd = { .seen = 0,

+			    .bad = 0,

+			    .verbose = rpmIsVerbose(),

+    };

     if (ts && qva && fd && fn) {

 	rpmKeyring keyring = rpmtsGetKeyring(ts, 1);

 	rpmVSFlags vsflags = rpmtsVfyFlags(ts);

 	int vfylevel = rpmtsVfyLevel(ts);

-	rc = rpmpkgVerifySigs(keyring, vfylevel, vsflags, fd, fn);

+	rpmkgVerifySigsPreLogging(&vd, fn);

+	rc = rpmpkgVerifySigs(keyring, vfylevel, vsflags, fd, vfyCb, &vd);

+	rpmkgVerifySigsPostLogging(&vd, rc);

     	rpmKeyringFree(keyring);

     }

     return rc;

@@ -319,12 +303,22 @@ int rpmcliVerifySignatures(rpmts ts, ARGV_const_t argv)

     while ((arg = *argv++) != NULL) {

 	FD_t fd = Fopen(arg, "r.ufdio");

+	struct vfydata_s vd = { .seen = 0,

+				.bad = 0,

+				.verbose = rpmIsVerbose(),

+	};

 	if (fd == NULL || Ferror(fd)) {

 	    rpmlog(RPMLOG_ERR, _("%s: open failed: %s\n"), 

 		     arg, Fstrerror(fd));

 	    res++;

-	} else if (rpmpkgVerifySigs(keyring, vfylevel, vsflags, fd, arg)) {

+	} else {

+	    rpmkgVerifySigsPreLogging(&vd, arg);

+	    int rc = rpmpkgVerifySigs(keyring, vfylevel, vsflags, fd,

+				      vfyCb, &vd);

+	    rpmkgVerifySigsPostLogging(&vd, rc);

+	    if (rc) {

 	    res++;

+	    }

 	}

 	Fclose(fd);

@@ -373,7 +367,7 @@ int rpmcliVerifySignaturesFD(rpmts ts, FD_t fdi, char **msg)

 	rpmtsSetVfyLevel(ts, vfylevel);

     }

-    if (!rpmpkgVerifySigsFD(keyring, vfylevel, vsflags, fdi, vfyFDCb, &vd)) {

+    if (!rpmpkgVerifySigs(keyring, vfylevel, vsflags, fdi, vfyFDCb, &vd)) {

 	rc = RPMRC_OK;

     }

     *msg = strdup(vd.msg);

diff --git a/lib/rpmextents.c b/lib/rpmextents.c

index f28596f0b..59ba427a4 100644

--- a/lib/rpmextents.c

+++ b/lib/rpmextents.c

@@ -89,7 +89,6 @@ rpmRC extentsFooterFromFD(FD_t fd, struct extents_footer_t *footer) {

 	goto exit;

     }

     if (footer->magic != EXTENTS_MAGIC) {

-	rpmlog(RPMLOG_ERR, _("isTranscodedRpm: not transcoded\n"));

 	rc = RPMRC_NOTFOUND;

 	goto exit;

     }

-- 

2.35.1