From 088b460e39dd203e88d5327746572001158cd039 Mon Sep 17 00:00:00 2001 From: Paul Nasrat Date: Jun 23 2006 17:25:38 +0000 Subject: Patch for no contexts --- diff --git a/rpm-4.4.2-noselinux-verify.patch b/rpm-4.4.2-noselinux-verify.patch new file mode 100644 index 0000000..d783010 --- /dev/null +++ b/rpm-4.4.2-noselinux-verify.patch @@ -0,0 +1,132 @@ +--- ./lib/query.c.nosever 2006-06-23 13:00:13.000000000 -0400 ++++ ./lib/query.c 2006-06-23 13:00:56.000000000 -0400 +@@ -787,22 +787,6 @@ + if (qva->qva_flags & VERIFY_HDRCHK) + vsflags |= RPMVSF_NOHDRCHK; + +-#ifdef NOTYET +- /* Initialize security context patterns (if not already done). */ +- if (!(qva->qva_flags & VERIFY_CONTEXTS)) { +- rpmsx sx = rpmtsREContext(ts); +- if (sx == NULL) { +- arg = rpmGetPath("%{?_verify_file_context_path}", NULL); +- if (arg != NULL && *arg != '\0') { +- sx = rpmsxNew(arg); +- (void) rpmtsSetREContext(ts, sx); +- } +- arg = _free(arg); +- } +- sx = rpmsxFree(sx); +- } +-#endif +- + ovsflags = rpmtsSetVSFlags(ts, vsflags); + ec = rpmcliArgIter(ts, qva, argv); + vsflags = rpmtsSetVSFlags(ts, ovsflags); +--- ./lib/verify.c.nosever 2004-10-24 15:36:30.000000000 -0400 ++++ ./lib/verify.c 2006-06-23 13:06:23.000000000 -0400 +@@ -78,8 +78,6 @@ + return 1; + } + +- flags |= RPMVERIFY_CONTEXTS; /* no disable from package. */ +- + /* + * Not all attributes of non-regular files can be verified. + */ +@@ -117,33 +115,6 @@ + */ + flags &= ~(omitMask | RPMVERIFY_FAILURES); + +- /* +- * Verify file security context. +- */ +-/*@-branchstate@*/ +- if (selinuxEnabled == 1 && (flags & RPMVERIFY_CONTEXTS)) { +- security_context_t con; +- +- rc = lgetfilecon(fn, &con); +- if (rc == -1) +- *res |= (RPMVERIFY_LGETFILECONFAIL|RPMVERIFY_CONTEXTS); +- else { +- rpmsx sx = rpmtsREContext(ts); +- const char * fcontext; +- +- if (sx != NULL) { +- /* Get file security context from patterns. */ +- fcontext = rpmsxFContext(sx, fn, fmode); +- sx = rpmsxFree(sx); +- } else { +- /* Get file security context from package. */ +- fcontext = rpmfiFContext(fi); +- } +- if (fcontext == NULL || strcmp(fcontext, con)) +- *res |= RPMVERIFY_CONTEXTS; +- freecon(con); +- } +- } + /*@=branchstate@*/ + + if (flags & RPMVERIFY_MD5) { +@@ -331,10 +302,9 @@ + } + } else if (verifyResult || rpmIsVerbose()) { + const char * size, * MD5, * link, * mtime, * mode; +- const char * group, * user, * rdev, *ctxt; ++ const char * group, * user, * rdev; + /*@observer@*/ static const char *const aok = "."; + /*@observer@*/ static const char *const unknown = "?"; +- /*@observer@*/ static const char *const ctxt_ignore = " "; + + ec = 1; + +@@ -346,10 +316,6 @@ + #define _verifyfile(_RPMVERIFY_F, _C) \ + ((verifyResult & RPMVERIFY_READFAIL) ? unknown : \ + (verifyResult & _RPMVERIFY_F) ? _C : aok) +-#define _verifyctxt(_RPMVERIFY_F, _C) \ +- ((selinuxEnabled != 1 ? ctxt_ignore : \ +- (verifyResult & RPMVERIFY_LGETFILECONFAIL) ? unknown : \ +- (verifyResult & _RPMVERIFY_F) ? _C : aok)) + + MD5 = _verifyfile(RPMVERIFY_MD5, "5"); + size = _verify(RPMVERIFY_FILESIZE, "S"); +@@ -359,15 +325,13 @@ + user = _verify(RPMVERIFY_USER, "U"); + group = _verify(RPMVERIFY_GROUP, "G"); + mode = _verify(RPMVERIFY_MODE, "M"); +- ctxt = _verifyctxt(RPMVERIFY_CONTEXTS, "C"); + +-#undef _verifyctxt + #undef _verifyfile + #undef _verifylink + #undef _verify + +- sprintf(te, "%s%s%s%s%s%s%s%s%s %c %s", +- size, mode, MD5, rdev, link, user, group, mtime, ctxt, ++ sprintf(te, "%s%s%s%s%s%s%s%s %c %s", ++ size, mode, MD5, rdev, link, user, group, mtime, + ((fileAttrs & RPMFILE_CONFIG) ? 'c' : + (fileAttrs & RPMFILE_DOC) ? 'd' : + (fileAttrs & RPMFILE_GHOST) ? 'g' : +@@ -522,20 +486,6 @@ + vsflags |= RPMVSF_NOHDRCHK; + vsflags &= ~RPMVSF_NEEDPAYLOAD; + +- /* Initialize security context patterns (if not already done). */ +- if (qva->qva_flags & VERIFY_CONTEXTS) { +- rpmsx sx = rpmtsREContext(ts); +- if (sx == NULL) { +- arg = rpmGetPath("%{?_verify_file_context_path}", NULL); +- if (arg != NULL && *arg != '\0') { +- sx = rpmsxNew(arg); +- (void) rpmtsSetREContext(ts, sx); +- } +- arg = _free(arg); +- } +- sx = rpmsxFree(sx); +- } +- + ovsflags = rpmtsSetVSFlags(ts, vsflags); + ec = rpmcliArgIter(ts, qva, argv); + vsflags = rpmtsSetVSFlags(ts, ovsflags);