From 134b095b0833956cadfc02a9a1e7ca1344cd5aaa Mon Sep 17 00:00:00 2001
From: Demi Marie Obenour <demi@invisiblethingslab.com>
Date: Tue, 27 Apr 2021 21:07:19 -0400
Subject: [PATCH] Pass the package to rpmkeys stdin

This avoids having to compute the expected stdout value, which will
always be the constant "-: digests signatures OK\n".
---
 dnf/rpm/miscutils.py | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/dnf/rpm/miscutils.py b/dnf/rpm/miscutils.py
index 7e33d4c..5f2621c 100644
--- a/dnf/rpm/miscutils.py
+++ b/dnf/rpm/miscutils.py
@@ -29,7 +29,8 @@ from shutil import which
 logger = logging.getLogger('dnf')
 
 
-def _verifyPkgUsingRpmkeys(package, installroot):
+def _verifyPkgUsingRpmkeys(package, installroot, fdno):
+    os.lseek(fdno, 0, os.SEEK_SET)
     rpmkeys_binary = '/usr/bin/rpmkeys'
     if not os.path.isfile(rpmkeys_binary):
         rpmkeys_binary = which("rpmkeys")
@@ -40,15 +41,16 @@ def _verifyPkgUsingRpmkeys(package, installroot):
         logger.critical(_('Cannot find rpmkeys executable to verify signatures.'))
         return 0
 
-    args = ('rpmkeys', '--checksig', '--root', installroot, '--define', '_pkgverify_level all', '--', package)
+    args = ('rpmkeys', '--checksig', '--root', installroot, '--define', '_pkgverify_level all', '-')
     with subprocess.Popen(
             args=args,
             executable=rpmkeys_binary,
             env={'LC_ALL': 'C'},
+            stdin=fdno,
             stdout=subprocess.PIPE,
             cwd='/') as p:
         data, err = p.communicate()
-    if p.returncode != 0 or data != (package.encode('ascii', 'strict') + b': digests signatures OK\n'):
+    if p.returncode != 0 or data != b'-: digests signatures OK\n':
         return 0
     else:
         return 1
@@ -85,7 +87,7 @@ def checkSig(ts, package):
 
             if siginfo == '(none)':
                 value = 4
-            elif "Key ID" in siginfo and _verifyPkgUsingRpmkeys(package, ts.ts.rootDir):
+            elif "Key ID" in siginfo and _verifyPkgUsingRpmkeys(package, ts.ts.rootDir, fdno):
                 value = 0
             else:
                 raise ValueError('Unexpected return value %r from hdr.sprintf when checking signature.' % siginfo)
--
libgit2 1.0.1