From 134b095b0833956cadfc02a9a1e7ca1344cd5aaa Mon Sep 17 00:00:00 2001 From: Demi Marie Obenour Date: Tue, 27 Apr 2021 21:07:19 -0400 Subject: [PATCH] Pass the package to rpmkeys stdin This avoids having to compute the expected stdout value, which will always be the constant "-: digests signatures OK\n". --- dnf/rpm/miscutils.py | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/dnf/rpm/miscutils.py b/dnf/rpm/miscutils.py index 7e33d4c..5f2621c 100644 --- a/dnf/rpm/miscutils.py +++ b/dnf/rpm/miscutils.py @@ -29,7 +29,8 @@ from shutil import which logger = logging.getLogger('dnf') -def _verifyPkgUsingRpmkeys(package, installroot): +def _verifyPkgUsingRpmkeys(package, installroot, fdno): + os.lseek(fdno, 0, os.SEEK_SET) rpmkeys_binary = '/usr/bin/rpmkeys' if not os.path.isfile(rpmkeys_binary): rpmkeys_binary = which("rpmkeys") @@ -40,15 +41,16 @@ def _verifyPkgUsingRpmkeys(package, installroot): logger.critical(_('Cannot find rpmkeys executable to verify signatures.')) return 0 - args = ('rpmkeys', '--checksig', '--root', installroot, '--define', '_pkgverify_level all', '--', package) + args = ('rpmkeys', '--checksig', '--root', installroot, '--define', '_pkgverify_level all', '-') with subprocess.Popen( args=args, executable=rpmkeys_binary, env={'LC_ALL': 'C'}, + stdin=fdno, stdout=subprocess.PIPE, cwd='/') as p: data, err = p.communicate() - if p.returncode != 0 or data != (package.encode('ascii', 'strict') + b': digests signatures OK\n'): + if p.returncode != 0 or data != b'-: digests signatures OK\n': return 0 else: return 1 @@ -85,7 +87,7 @@ def checkSig(ts, package): if siginfo == '(none)': value = 4 - elif "Key ID" in siginfo and _verifyPkgUsingRpmkeys(package, ts.ts.rootDir): + elif "Key ID" in siginfo and _verifyPkgUsingRpmkeys(package, ts.ts.rootDir, fdno): value = 0 else: raise ValueError('Unexpected return value %r from hdr.sprintf when checking signature.' % siginfo) -- libgit2 1.0.1