From dc53b002bd3d03a21e9af406a9aff5e588710b5b Mon Sep 17 00:00:00 2001
From: chantra <chantr4@gmail.com>
Date: Mon, 28 Mar 2022 19:42:39 -0700
Subject: [PATCH 30/30] [rpmcow] Make rpm -i install package without the need
of --nodigest
When using transcoded files, the logic to check signature is different
and was done while the file was transcoded. This change the code path
used by `rpm -{i,U}` to check if the file is transcoded, and in such
cases, assume it was already verified.
---
lib/transaction.c | 29 ++++++++++++++++++-----------
tests/rpm2extents.at | 6 +++---
2 files changed, 21 insertions(+), 14 deletions(-)
diff --git a/lib/transaction.c b/lib/transaction.c
index 36c2a7a64..703e4140c 100644
--- a/lib/transaction.c
+++ b/lib/transaction.c
@@ -37,6 +37,7 @@
#include "lib/rpmfi_internal.h" /* only internal apis */
#include "lib/rpmte_internal.h" /* only internal apis */
#include "lib/rpmts_internal.h"
+#include "lib/rpmextents_internal.h"
#include "lib/rpmvs.h"
#include "rpmio/rpmhook.h"
#include "lib/rpmtriggers.h"
@@ -1286,19 +1287,25 @@ static int verifyPackageFiles(rpmts ts, rpm_loff_t total)
rpmtsNotify(ts, p, RPMCALLBACK_VERIFY_PROGRESS, oc++, total);
FD_t fd = rpmtsNotify(ts, p, RPMCALLBACK_INST_OPEN_FILE, 0, 0);
- if (fd != NULL) {
- prc = rpmpkgRead(vs, fd, NULL, NULL, &vd.msg);
- rpmtsNotify(ts, p, RPMCALLBACK_INST_CLOSE_FILE, 0, 0);
+ if(fd != NULL && isTranscodedRpm(fd) == RPMRC_OK) {
+ /* Transcoded RPMs are validated at transcoding time */
+ prc = RPMRC_OK;
+ verified = 1;
+ } else {
+ if (fd != NULL) {
+ prc = rpmpkgRead(vs, fd, NULL, NULL, &vd.msg);
+ rpmtsNotify(ts, p, RPMCALLBACK_INST_CLOSE_FILE, 0, 0);
+ }
+ if (prc == RPMRC_OK)
+ prc = rpmvsVerify(vs, RPMSIG_VERIFIABLE_TYPE, vfyCb, &vd);
+
+ /* Record verify result */
+ if (vd.type[RPMSIG_SIGNATURE_TYPE] == RPMRC_OK)
+ verified |= RPMSIG_SIGNATURE_TYPE;
+ if (vd.type[RPMSIG_DIGEST_TYPE] == RPMRC_OK)
+ verified |= RPMSIG_DIGEST_TYPE;
}
- if (prc == RPMRC_OK)
- prc = rpmvsVerify(vs, RPMSIG_VERIFIABLE_TYPE, vfyCb, &vd);
-
- /* Record verify result */
- if (vd.type[RPMSIG_SIGNATURE_TYPE] == RPMRC_OK)
- verified |= RPMSIG_SIGNATURE_TYPE;
- if (vd.type[RPMSIG_DIGEST_TYPE] == RPMRC_OK)
- verified |= RPMSIG_DIGEST_TYPE;
rpmteSetVerified(p, verified);
if (prc)
diff --git a/tests/rpm2extents.at b/tests/rpm2extents.at
index 5c66de7f6..5135c9cf8 100644
--- a/tests/rpm2extents.at
+++ b/tests/rpm2extents.at
@@ -102,7 +102,7 @@ AT_CHECK([
RPMDB_INIT
runroot_other cat /data/RPMS/hello-2.0-1.x86_64.rpm | runroot_other rpm2extents SHA256 > ${RPMTEST}/tmp/hello-2.0-1.x86_64.rpm 2> /dev/null
-runroot_plugins rpm -i --nodigest --nodeps --undefine=%__transaction_dbus_announce /tmp/hello-2.0-1.x86_64.rpm
+runroot_plugins rpm -i --nodeps --undefine=%__transaction_dbus_announce /tmp/hello-2.0-1.x86_64.rpm
test -f ${RPMTEST}/usr/bin/hello
],
[0],
@@ -115,7 +115,7 @@ AT_KEYWORDS([reflink])
AT_CHECK([
RPMDB_INIT
-runroot_plugins rpm -i --nodigest --nodeps --undefine=%__transaction_dbus_announce /data/RPMS/hello-2.0-1.x86_64.rpm && exit $?
+runroot_plugins rpm -i --nodeps --undefine=%__transaction_dbus_announce /data/RPMS/hello-2.0-1.x86_64.rpm && exit $?
# Check that the file is properly installed in chroot
test -f ${RPMTEST}/usr/bin/hello
],
@@ -132,7 +132,7 @@ RPMDB_INIT
PKG=hlinktest-1.0-1.noarch.rpm
runroot_other cat /data/RPMS/${PKG} | runroot_other rpm2extents SHA256 > ${RPMTEST}/tmp/${PKG} 2> /dev/null
-runroot_plugins rpm -i --nodigest --nodeps --undefine=%__transaction_dbus_announce /tmp/${PKG}
+runroot_plugins rpm -i --nodeps --undefine=%__transaction_dbus_announce /tmp/${PKG}
],
[0],
[],
--
2.35.1