teknoraver / rpms / rpm

Forked from rpms/rpm 3 months ago
Clone

Blame SOURCES/0027-rpmchecksig-Refactor-rpmpkgVerifySigs-with-custom-ve.patch

629b27
From 1e0850cf7649578e1d7da815751efaa8101773e7 Mon Sep 17 00:00:00 2001
629b27
From: chantra <chantr4@gmail.com>
629b27
Date: Fri, 18 Feb 2022 11:29:06 -0800
629b27
Subject: [PATCH 27/30] [rpmchecksig] Refactor rpmpkgVerifySigs with custom
629b27
 verify callback
629b27
629b27
The current `rpmpkgVerifySigs` was conflating logging and the actual
629b27
package verification.
629b27
629b27
This change makes it possible to pass the verify callback and its data to
629b27
`rpmpkgVerifySigs` so callers can customize how they handle the outcome
629b27
of signature verifications.
629b27
---
629b27
 lib/rpmchecksig.c | 78 ++++++++++++++++++++++-------------------------
629b27
 lib/rpmextents.c  |  1 -
629b27
 2 files changed, 36 insertions(+), 43 deletions(-)
629b27
629b27
diff --git a/lib/rpmchecksig.c b/lib/rpmchecksig.c
629b27
index 7ad4e7034..c9fc3bbc9 100644
629b27
--- a/lib/rpmchecksig.c
629b27
+++ b/lib/rpmchecksig.c
629b27
@@ -222,16 +222,11 @@ exit:
629b27
 }
629b27
 
629b27
 static int rpmpkgVerifySigs(rpmKeyring keyring, int vfylevel, rpmVSFlags flags,
629b27
-			   FD_t fd, const char *fn)
629b27
+			   FD_t fd, rpmsinfoCb cb, void *cbdata)
629b27
 {
629b27
     char *msg = NULL;
629b27
-    struct vfydata_s vd = { .seen = 0,
629b27
-			    .bad = 0,
629b27
-			    .verbose = rpmIsVerbose(),
629b27
-    };
629b27
     int rc;
629b27
 
629b27
-    rpmlog(RPMLOG_NOTICE, "%s:%s", fn, vd.verbose ? "\n" : "");
629b27
 
629b27
     if(isTranscodedRpm(fd) == RPMRC_OK){
629b27
 	return extentsVerifySigs(fd);
629b27
@@ -244,19 +239,7 @@ static int rpmpkgVerifySigs(rpmKeyring keyring, int vfylevel, rpmVSFlags flags,
629b27
     if (rc)
629b27
 	goto exit;
629b27
 
629b27
-    rc = rpmvsVerify(vs, RPMSIG_VERIFIABLE_TYPE, vfyCb, &vd);
629b27
-
629b27
-    if (!vd.verbose) {
629b27
-	if (vd.seen & RPMSIG_DIGEST_TYPE) {
629b27
-	    rpmlog(RPMLOG_NOTICE, " %s", (vd.bad & RPMSIG_DIGEST_TYPE) ?
629b27
-					_("DIGESTS") : _("digests"));
629b27
-	}
629b27
-	if (vd.seen & RPMSIG_SIGNATURE_TYPE) {
629b27
-	    rpmlog(RPMLOG_NOTICE, " %s", (vd.bad & RPMSIG_SIGNATURE_TYPE) ?
629b27
-					_("SIGNATURES") : _("signatures"));
629b27
-	}
629b27
-	rpmlog(RPMLOG_NOTICE, " %s\n", rc ? _("NOT OK") : _("OK"));
629b27
-    }
629b27
+    rc = rpmvsVerify(vs, RPMSIG_VERIFIABLE_TYPE, cb, cbdata);
629b27
 
629b27
 exit:
629b27
     if (rc && msg)
629b27
@@ -266,38 +249,39 @@ exit:
629b27
     return rc;
629b27
 }
629b27
 
629b27
-static int rpmpkgVerifySigsFD(rpmKeyring keyring, int vfylevel, rpmVSFlags flags,
629b27
-			   FD_t fd, rpmsinfoCb cb, void *cbdata)
629b27
-{
629b27
-    char *msg = NULL;
629b27
-    int rc;
629b27
-    struct rpmvs_s *vs = rpmvsCreate(vfylevel, flags, keyring);
629b27
-
629b27
-    rc = rpmpkgRead(vs, fd, NULL, NULL, &msg;;
629b27
-
629b27
-    if (rc)
629b27
-	goto exit;
629b27
-
629b27
-    rc = rpmvsVerify(vs, RPMSIG_VERIFIABLE_TYPE, cb, cbdata);
629b27
-
629b27
-exit:
629b27
-    if (rc && msg)
629b27
-	rpmlog(RPMLOG_ERR, "%s\n", msg);
629b27
-    rpmvsFree(vs);
629b27
-    free(msg);
629b27
-    return rc;
629b27
+static void rpmkgVerifySigsPreLogging(struct vfydata_s *vd, const char *fn){
629b27
+    rpmlog(RPMLOG_NOTICE, "%s:%s", fn, vd->verbose ? "\n" : "");
629b27
 }
629b27
 
629b27
+static void rpmkgVerifySigsPostLogging(struct vfydata_s *vd, int rc){
629b27
+    if (!vd->verbose) {
629b27
+	if (vd->seen & RPMSIG_DIGEST_TYPE) {
629b27
+	    rpmlog(RPMLOG_NOTICE, " %s", (vd->bad & RPMSIG_DIGEST_TYPE) ?
629b27
+					_("DIGESTS") : _("digests"));
629b27
+	}
629b27
+	if (vd->seen & RPMSIG_SIGNATURE_TYPE) {
629b27
+	    rpmlog(RPMLOG_NOTICE, " %s", (vd->bad & RPMSIG_SIGNATURE_TYPE) ?
629b27
+					_("SIGNATURES") : _("signatures"));
629b27
+	}
629b27
+	rpmlog(RPMLOG_NOTICE, " %s\n", rc ? _("NOT OK") : _("OK"));
629b27
+    }
629b27
+}
629b27
 
629b27
 /* Wrapper around rpmkVerifySigs to preserve API */
629b27
 int rpmVerifySignatures(QVA_t qva, rpmts ts, FD_t fd, const char * fn)
629b27
 {
629b27
     int rc = 1; /* assume failure */
629b27
+    struct vfydata_s vd = { .seen = 0,
629b27
+			    .bad = 0,
629b27
+			    .verbose = rpmIsVerbose(),
629b27
+    };
629b27
     if (ts && qva && fd && fn) {
629b27
 	rpmKeyring keyring = rpmtsGetKeyring(ts, 1);
629b27
 	rpmVSFlags vsflags = rpmtsVfyFlags(ts);
629b27
 	int vfylevel = rpmtsVfyLevel(ts);
629b27
-	rc = rpmpkgVerifySigs(keyring, vfylevel, vsflags, fd, fn);
629b27
+	rpmkgVerifySigsPreLogging(&vd, fn);
629b27
+	rc = rpmpkgVerifySigs(keyring, vfylevel, vsflags, fd, vfyCb, &vd);
629b27
+	rpmkgVerifySigsPostLogging(&vd, rc);
629b27
     	rpmKeyringFree(keyring);
629b27
     }
629b27
     return rc;
629b27
@@ -319,12 +303,22 @@ int rpmcliVerifySignatures(rpmts ts, ARGV_const_t argv)
629b27
 
629b27
     while ((arg = *argv++) != NULL) {
629b27
 	FD_t fd = Fopen(arg, "r.ufdio");
629b27
+	struct vfydata_s vd = { .seen = 0,
629b27
+				.bad = 0,
629b27
+				.verbose = rpmIsVerbose(),
629b27
+	};
629b27
 	if (fd == NULL || Ferror(fd)) {
629b27
 	    rpmlog(RPMLOG_ERR, _("%s: open failed: %s\n"), 
629b27
 		     arg, Fstrerror(fd));
629b27
 	    res++;
629b27
-	} else if (rpmpkgVerifySigs(keyring, vfylevel, vsflags, fd, arg)) {
629b27
+	} else {
629b27
+	    rpmkgVerifySigsPreLogging(&vd, arg);
629b27
+	    int rc = rpmpkgVerifySigs(keyring, vfylevel, vsflags, fd,
629b27
+				      vfyCb, &vd);
629b27
+	    rpmkgVerifySigsPostLogging(&vd, rc);
629b27
+	    if (rc) {
629b27
 	    res++;
629b27
+	    }
629b27
 	}
629b27
 
629b27
 	Fclose(fd);
629b27
@@ -373,7 +367,7 @@ int rpmcliVerifySignaturesFD(rpmts ts, FD_t fdi, char **msg)
629b27
 	rpmtsSetVfyLevel(ts, vfylevel);
629b27
     }
629b27
 
629b27
-    if (!rpmpkgVerifySigsFD(keyring, vfylevel, vsflags, fdi, vfyFDCb, &vd)) {
629b27
+    if (!rpmpkgVerifySigs(keyring, vfylevel, vsflags, fdi, vfyFDCb, &vd)) {
629b27
 	rc = RPMRC_OK;
629b27
     }
629b27
     *msg = strdup(vd.msg);
629b27
diff --git a/lib/rpmextents.c b/lib/rpmextents.c
629b27
index f28596f0b..59ba427a4 100644
629b27
--- a/lib/rpmextents.c
629b27
+++ b/lib/rpmextents.c
629b27
@@ -89,7 +89,6 @@ rpmRC extentsFooterFromFD(FD_t fd, struct extents_footer_t *footer) {
629b27
 	goto exit;
629b27
     }
629b27
     if (footer->magic != EXTENTS_MAGIC) {
629b27
-	rpmlog(RPMLOG_ERR, _("isTranscodedRpm: not transcoded\n"));
629b27
 	rc = RPMRC_NOTFOUND;
629b27
 	goto exit;
629b27
     }
629b27
-- 
629b27
2.35.1
629b27