From f5bca29fb408fce7297656c5bb01f70cd452a9d7 Mon Sep 17 00:00:00 2001
From: Steve Grubb <sgrubb@redhat.com>
Date: Thu, 20 Jun 2019 14:46:36 -0400
Subject: [PATCH] Convert hashes to lowercase like sha256sum outputs

---
 ChangeLog             | 1 +
 doc/fapolicyd.rules.5 | 2 +-
 src/file.c            | 5 +++--
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/doc/fapolicyd.rules.5 b/doc/fapolicyd.rules.5
index 6b12f03..887bdf7 100644
--- a/doc/fapolicyd.rules.5
+++ b/doc/fapolicyd.rules.5
@@ -115,7 +115,7 @@ This option will match against the device that the file being accessed resides o
 This option matches against the mime type of the file being accessed. See \fBexe_type\fP for more information on determining the mime type.
 .TP
 .B sha256hash
-This option matches against the sha256 hash of the file being accessed.
+This option matches against the sha256 hash of the file being accessed. The hash in the rules should be all lowercase letters and do NOT start with 0x. Lowercase is the default output of sha256sum.
 .RE
 
 .SH EXAMPLES
diff --git a/src/file.c b/src/file.c
index 39d3a58..68e6bf5 100644
--- a/src/file.c
+++ b/src/file.c
@@ -1,6 +1,6 @@
 /*
  * file.c - functions for accessing attributes of files
- * Copyright (c) 2016,2018 Red Hat Inc., Durham, North Carolina.
+ * Copyright (c) 2016,2018-19 Red Hat Inc., Durham, North Carolina.
  * All Rights Reserved.
  *
  * This software may be freely redistributed and/or modified under the
@@ -272,7 +272,7 @@ static char *bytes2hex(char *final, const char *buf, unsigned int size)
 {
 	unsigned int i;
 	char *ptr = final;
-	const char *hex = "0123456789ABCDEF";
+	const char *hex = "0123456789abcdef";
 
 	for (i=0; i<size; i++) {
 		*ptr++ = hex[(buf[i] & 0xF0)>>4]; /* Upper nibble */
@@ -307,6 +307,7 @@ char *get_hash_from_fd(int fd)
 		return NULL;
 
 	// read in a buffer at a time and hand to gcrypt
+	lseek(fd, 0, SEEK_SET);
 	while ((len = safe_read(fd, fbuf, 4096)) > 0) {
 		gcry_md_write(ctx, fbuf, len);
 		if (len != 4096)