teknoraver / rpms / rpm

Forked from rpms/rpm 3 months ago
Clone

Blame SOURCES/0011-Generalize-file-signing-to-use-a-generic-flags-field.patch

45afda
From 9e1a49197a6ddd0e984c12c9dc15fe7af435b611 Mon Sep 17 00:00:00 2001
45afda
From: Panu Matilainen <pmatilai@redhat.com>
45afda
Date: Mon, 2 Mar 2020 13:56:33 +0200
45afda
Subject: [PATCH 11/33] Generalize file signing to use a generic flags field in
45afda
 signing arguments
45afda
45afda
There will be any number of signing flags in the future, and we don't
45afda
want to break the ABI for every single one of them by adding new
45afda
fields to the sign argument struct. Replace the signfiles field
45afda
with a bitfield in the common rpm style. No functional changes.
45afda
45afda
This is an API change of course, but we'll have to bump the soname for
45afda
the next release anyway so might as well do it now.
45afda
---
45afda
 rpmsign.c        | 11 ++++++-----
45afda
 sign/rpmgensig.c |  8 ++++----
45afda
 sign/rpmsign.h   |  8 +++++++-
45afda
 3 files changed, 17 insertions(+), 10 deletions(-)
45afda
45afda
diff --git a/rpmsign.c b/rpmsign.c
45afda
index 1a5cd59c2..57cb36919 100644
45afda
--- a/rpmsign.c
45afda
+++ b/rpmsign.c
45afda
@@ -19,7 +19,7 @@ enum modes {
45afda
 static int mode = MODE_NONE;
45afda
 
45afda
 #ifdef WITH_IMAEVM
45afda
-static int signfiles = 0, fskpass = 0;
45afda
+static int fskpass = 0;
45afda
 static char * fileSigningKey = NULL;
45afda
 #endif
45afda
 
45afda
@@ -33,7 +33,8 @@ static struct poptOption signOptsTable[] = {
45afda
     { "delsign", '\0', (POPT_ARG_VAL|POPT_ARGFLAG_OR), &mode, MODE_DELSIGN,
45afda
 	N_("delete package signatures"), NULL },
45afda
 #ifdef WITH_IMAEVM
45afda
-    { "signfiles", '\0', POPT_ARG_NONE, &signfiles, 0,
45afda
+    { "signfiles", '\0', (POPT_ARG_VAL|POPT_ARGFLAG_OR),
45afda
+	&sargs.signflags, RPMSIGN_FLAG_IMA,
45afda
 	N_("sign package(s) files"), NULL},
45afda
     { "fskpath", '\0', POPT_ARG_STRING, &fileSigningKey, 0,
45afda
 	N_("use file signing key <key>"),
45afda
@@ -107,7 +108,7 @@ static int doSign(poptContext optCon, struct rpmSignArgs *sargs)
45afda
 	rpmPushMacro(NULL, "_file_signing_key", NULL, fileSigningKey, RMIL_GLOBAL);
45afda
     }
45afda
 
45afda
-    if (signfiles) {
45afda
+    if (sargs->signflags & RPMSIGN_FLAG_IMA) {
45afda
 	char *fileSigningKeyPassword = NULL;
45afda
 	char *key = rpmExpand("%{?_file_signing_key}", NULL);
45afda
 	if (rstreq(key, "")) {
45afda
@@ -126,7 +127,7 @@ static int doSign(poptContext optCon, struct rpmSignArgs *sargs)
45afda
 	    free(fileSigningKeyPassword);
45afda
 	}
45afda
 
45afda
-	sargs->signfiles = 1;
45afda
+	sargs->signflags |= RPMSIGN_FLAG_IMA;
45afda
 	free(key);
45afda
     }
45afda
 #endif
45afda
@@ -163,7 +164,7 @@ int main(int argc, char *argv[])
45afda
     }
45afda
 
45afda
 #ifdef WITH_IMAEVM
45afda
-    if (fileSigningKey && !signfiles) {
45afda
+    if (fileSigningKey && !(sargs.signflags & RPMSIGN_FLAG_IMA)) {
45afda
 	argerror(_("--fskpath may only be specified when signing files"));
45afda
     }
45afda
 #endif
45afda
diff --git a/sign/rpmgensig.c b/sign/rpmgensig.c
45afda
index 5fddb56ea..1981981f4 100644
45afda
--- a/sign/rpmgensig.c
45afda
+++ b/sign/rpmgensig.c
45afda
@@ -472,10 +472,10 @@ static int checkPkg(FD_t fd, char **msg)
45afda
  * Create/modify elements in signature header.
45afda
  * @param rpm		path to package
45afda
  * @param deleting	adding or deleting signature?
45afda
- * @param signfiles	sign files if non-zero
45afda
+ * @param flags
45afda
  * @return		0 on success, -1 on error
45afda
  */
45afda
-static int rpmSign(const char *rpm, int deleting, int signfiles)
45afda
+static int rpmSign(const char *rpm, int deleting, int flags)
45afda
 {
45afda
     FD_t fd = NULL;
45afda
     FD_t ofd = NULL;
45afda
@@ -531,7 +531,7 @@ static int rpmSign(const char *rpm, int deleting, int signfiles)
45afda
     unloadImmutableRegion(&sigh, RPMTAG_HEADERSIGNATURES);
45afda
     origSigSize = headerSizeof(sigh, HEADER_MAGIC_YES);
45afda
 
45afda
-    if (signfiles) {
45afda
+    if (flags & RPMSIGN_FLAG_IMA) {
45afda
 	if (includeFileSignatures(&sigh, &h))
45afda
 	    goto exit;
45afda
     }
45afda
@@ -682,7 +682,7 @@ int rpmPkgSign(const char *path, const struct rpmSignArgs * args)
45afda
 	}
45afda
     }
45afda
 
45afda
-    rc = rpmSign(path, 0, args ? args->signfiles : 0);
45afda
+    rc = rpmSign(path, 0, args ? args->signflags : 0);
45afda
 
45afda
     if (args) {
45afda
 	if (args->hashalgo) {
45afda
diff --git a/sign/rpmsign.h b/sign/rpmsign.h
45afda
index bed8d6245..545e80d2d 100644
45afda
--- a/sign/rpmsign.h
45afda
+++ b/sign/rpmsign.h
45afda
@@ -13,10 +13,16 @@
45afda
 extern "C" {
45afda
 #endif
45afda
 
45afda
+enum rpmSignFlags_e {
45afda
+    RPMSIGN_FLAG_NONE		= 0,
45afda
+    RPMSIGN_FLAG_IMA		= (1 << 0),
45afda
+};
45afda
+typedef rpmFlags rpmSignFlags;
45afda
+
45afda
 struct rpmSignArgs {
45afda
     char *keyid;
45afda
     pgpHashAlgo hashalgo;
45afda
-    int signfiles;
45afda
+    rpmSignFlags signflags;
45afda
     /* ... what else? */
45afda
 };
45afda
 
45afda
-- 
45afda
2.27.0
45afda