From e38a26f5d6050a5c72f7503c8664ca11623ed319 Mon Sep 17 00:00:00 2001

From: Matteo Croce <teknoraver@meta.com>

Date: Fri, 6 Dec 2024 07:45:17 +0100

Subject: [PATCH] RPM with Copy on Write

This is part of https://fedoraproject.org/wiki/Changes/RPMCoW

The majority of changes are in two new programs:

= rpm2extents

Modeled as a 'stream processor'. It reads a regular .rpm file on stdin,

and produces a modified .rpm file on stdout. The lead, signature and

headers are preserved 1:1 to allow all the normal metadata inspection,

signature verification to work as expected. Only the 'payload' is

modified.

The primary motivation for this tool is to re-organize the payload as a

sequence of raw file extents (hence the name). The files are organized

by their digest identity instead of path/filename. If any digest is

repeated, then the file is skipped/de-duped. Only regular files are

represented. All other entries like directories, symlinks, devices are

fully described in the headers and are omitted.

The files are padded so they start on `sysconf(_SC_PAGESIZE)` boundries

to permit 'reflink' syscalls to work in the `reflink` plugin.

At the end of the file is a footer with 3 sections:

1. List of calculated digests of the input stream. This is used in

   `librepo` because the file *written* is a derivative, and not the

   same as the repo metadata describes. `rpm2extents` takes one or more

   positional arguments that described which digest algorithms are

   desired. This is often just `SHA256`. This program is only measuring

   and recording the digest - it does not express an opinion on whether

   the file is correct. Due to the API on most compression libraries

   directly reading the source file, the whole file digest is measured

   using a subprocess and pipes. I don't love it, but it works.

2. Sorted List of file content digests + offset pairs. This is used in

   the plugin with a trivial binary search to locate the start of file

   content. The size is not needed because it's part of normal headers.

3. (offset of 1., offset of 2., 8 byte MAGIC value) triple

= reflink plugin

Looks for the 8 byte magic value at the end of the rpm file. If present

it alters the `RPMTAG_PAYLOADFORMAT` in memory to `clon`, and reads in

the digest-> offset table.

`rpmPackageFilesInstall()` in `fsm.c` is

modified to alter the enumeration strategy from

`rpmfiNewArchiveReader()` to `rpmfilesIter()` if not `cpio`. This is

needed because there is no cpio to enumerate. In the same function, if

`rpmpluginsCallFsmFilePre()` returns `RPMRC_PLUGIN_CONTENTS` then

`fsmMkfile()` is skipped as it is assumed the plugin did the work.

The majority of the work is in `reflink_fsm_file_pre()` - the per file

hook for RPM plugins. If the file enumerated in

`rpmPackageFilesInstall()` is a regular file, this function will look up

the offset in the digest->offset table and will try to reflink it, then

fall back to a regular copy. If reflinking does work: we will have

reflinked a whole number of pages, so we truncate the file to the

expected size. Therefore installing most files does involve two writes:

the reflink of the full size, then a fork/copy on write for the last

page worth.

If the file passed to `reflink_fsm_file_pre()` is anything other than a

regular file, it return `RPMRC_OK` so the normal mechanics of

`rpmPackageFilesInstall()` are used. That handles directories, symlinks

and other non file types.

= New API for internal use

1. `rpmReadPackageRaw()` is used within `rpm2extents` to read all the

   headers without trying to validate signatures. This eliminates the

   runtime dependency on rpmdb.

2. `rpmteFd()` exposes the Fd behind the rpmte, so plugins can interact

   with the rpm itself.

3. `RPMRC_PLUGIN_CONTENTS` in `rpmRC_e` for use in

   `rpmpluginsCallFsmFilePre()` specifically.

4. `pgpStringVal()` is used to help parse the command line in

   `rpm2extents` - the positional arguments are strings, and this

   converts the values back to the values in the table.

Nothing has been removed, and none of the changes are intended to be

used externally, so I don't think a soname bump is warranted here.

Co-authored-by: Matthew Almond <malmond@meta.com>

---

 build/pack.c                      |   2 +-

 include/rpm/rpmcli.h              |  10 +

 include/rpm/rpmextents_internal.h |  58 +++

 include/rpm/rpmlib.h              |   9 +

 include/rpm/rpmpgp.h              |   9 +

 include/rpm/rpmte.h               |   2 +

 include/rpm/rpmtypes.h            |   3 +-

 lib/CMakeLists.txt                |   1 +

 lib/fsm.c                         |  45 +-

 lib/package.c                     |  36 ++

 lib/rpmchecksig.c                 | 116 ++++-

 lib/rpmextents.c                  | 109 +++++

 lib/rpmlead.c                     |  43 +-

 lib/rpmlead.h                     |  37 +-

 lib/rpmplugin.h                   |   9 +

 lib/rpmplugins.c                  |  94 +++-

 lib/rpmplugins.h                  |  17 +

 lib/rpmte.c                       |   5 +

 lib/transaction.c                 |  29 +-

 macros.in                         |   1 +

 plugins/CMakeLists.txt            |   4 +-

 plugins/reflink.c                 | 401 +++++++++++++++++

 rpmio/rpmpgp.c                    |  28 ++

 rpmio/rpmpgp_internal.c           |  18 -

 scripts/CMakeLists.txt            |   2 +-

 scripts/rpm2extents_dump          |  94 ++++

 tests/CMakeLists.txt              |   1 +

 tests/atlocal.in                  |  21 +

 tests/rpm2extents.at              | 151 +++++++

 tests/rpmtests.at                 |   1 +

 tools/CMakeLists.txt              |   5 +-

 tools/rpm2extents.c               | 707 ++++++++++++++++++++++++++++++

 32 files changed, 1978 insertions(+), 90 deletions(-)

 create mode 100644 include/rpm/rpmextents_internal.h

 create mode 100644 lib/rpmextents.c

 create mode 100644 plugins/reflink.c

 create mode 100755 scripts/rpm2extents_dump

 create mode 100644 tests/rpm2extents.at

 create mode 100644 tools/rpm2extents.c

diff --git a/build/pack.c b/build/pack.c

index f7dac6d..c38b1a9 100644

--- a/build/pack.c

+++ b/build/pack.c

@@ -495,7 +495,7 @@ static rpmRC writeRPM(Package pkg, unsigned char ** pkgidp,

     }

     /* Write the lead section into the package. */

-    if (rpmLeadWrite(fd, pkg->header)) {

+    if (rpmLeadWriteFromHeader(fd, pkg->header)) {

 	rpmlog(RPMLOG_ERR, _("Unable to write package: %s\n"), Fstrerror(fd));

 	goto exit;

     }

diff --git a/include/rpm/rpmcli.h b/include/rpm/rpmcli.h

index 3e5900d..09274e3 100644

--- a/include/rpm/rpmcli.h

+++ b/include/rpm/rpmcli.h

@@ -421,6 +421,16 @@ int rpmcliImportPubkeys(rpmts ts, ARGV_const_t argv);

  */

 int rpmcliVerifySignatures(rpmts ts, ARGV_const_t argv);

+

+/** \ingroup rpmcli

+ * Verify package signatures.

+ * @param ts		transaction set

+ * @param fd		a file descriptor to verify

+ * @param msg		a string containing textual information about the verification, similar to rpmcliVerifySignatures output.

+ * @return		0 on success

+ */

+int rpmcliVerifySignaturesFD(rpmts ts, FD_t fd, char **msg);

+

 #ifdef __cplusplus

 }

 #endif

diff --git a/include/rpm/rpmextents_internal.h b/include/rpm/rpmextents_internal.h

new file mode 100644

index 0000000..0a3318c

--- /dev/null

+++ b/include/rpm/rpmextents_internal.h

@@ -0,0 +1,58 @@

+#ifndef _RPMEXTENTS_INTERNAL_H

+#define _RPMEXTENTS_INTERNAL_H

+

+#ifdef __cplusplus

+extern "C" {

+#endif

+

+#include <stdint.h>

+

+/** \ingroup rpmextents

+ * RPM extents library

+ */

+

+/* magic value at end of file (64 bits) that indicates this is a transcoded

+ * rpm.

+ */

+#define EXTENTS_MAGIC 3472329499408095051

+

+typedef uint64_t extents_magic_t;

+

+struct __attribute__ ((__packed__)) extents_footer_offsets_t {

+    off64_t checksig_offset;

+    off64_t table_offset;

+    off64_t csum_offset;

+};

+

+struct __attribute__ ((__packed__)) extents_footer_t {

+    struct extents_footer_offsets_t offsets;

+    extents_magic_t magic;

+};

+

+/** \ingroup rpmextents

+ * Checks the results of the signature verification ran during transcoding.

+ * @param fd	The FD_t of the transcoded RPM

+ * @param print_content Whether or not to print the result from rpmsig

+ * @return	The number of checks that `rpmvsVerify` failed during transcoding.

+ */

+int extentsVerifySigs(FD_t fd, int print_content);

+

+/** \ingroup rpmextents

+ * Read the RPM Extents footer from a file descriptor.

+ * @param fd		The FD_t of the transcoded RPM

+ * @param[out] footer	A pointer to an allocated extents_footer_t with a copy of the footer.

+ * @return		RPMRC_OK on success, RPMRC_NOTFOUND if not a transcoded file, RPMRC_FAIL on any failure.

+ */

+rpmRC extentsFooterFromFD(FD_t fd, struct extents_footer_t *footer);

+

+/** \ingroup rpmextents

+ * Check if a RPM is a transcoded RPM

+ * @param fd	The FD_t of the transcoded RPM

+ * return	RPMRC_OK on success, RPMRC_NOTFOUND if not a transcoded file, RPMRC_FAIL on any failure.

+ */

+rpmRC isTranscodedRpm(FD_t fd);

+

+#ifdef __cplusplus

+}

+#endif

+#endif /* _RPMEXTENTS_INTERNAL_H */

diff --git a/include/rpm/rpmlib.h b/include/rpm/rpmlib.h

index db38397..b11f87f 100644

--- a/include/rpm/rpmlib.h

+++ b/include/rpm/rpmlib.h

@@ -155,6 +155,15 @@ rpmRC rpmReadHeader(rpmts ts, FD_t fd, Header *hdrp, char ** msg);

 rpmRC rpmReadPackageFile(rpmts ts, FD_t fd,

 		const char * fn, Header * hdrp);

+/** \ingroup header

+ * Return package signature, header from file handle, no verification.

+ * @param fd		file handle

+ * @param[out] sigp		address of header (or NULL)

+ * @param[out] hdrp		address of header (or NULL)

+ * @return		RPMRC_OK on success

+ */

+rpmRC rpmReadPackageRaw(FD_t fd, Header * sigp, Header * hdrp);

+

 /** \ingroup rpmtrans

  * Install source package.

  * @param ts		transaction set

diff --git a/include/rpm/rpmpgp.h b/include/rpm/rpmpgp.h

index a7eecbe..24e9617 100644

--- a/include/rpm/rpmpgp.h

+++ b/include/rpm/rpmpgp.h

@@ -962,6 +962,15 @@ typedef enum pgpValType_e {

  */

 const char * pgpValString(pgpValType type, uint8_t val);

+/** \ingroup rpmpgp

+ * Return  OpenPGP value for a string.

+ * @param type		type of value

+ * @param str		string to lookup

+ * @param[out] val  byte value associated with string

+ * @return		0 on success else -1

+ */

+int pgpStringVal(pgpValType type, const char *str, uint8_t *val);

+

 /** \ingroup rpmpgp

  * Return (native-endian) integer from big-endian representation.

  * @param s		pointer to big-endian integer

diff --git a/include/rpm/rpmte.h b/include/rpm/rpmte.h

index effcdab..499fd4f 100644

--- a/include/rpm/rpmte.h

+++ b/include/rpm/rpmte.h

@@ -209,6 +209,8 @@ const char * rpmteNEVR(rpmte te);

  */

 const char * rpmteNEVRA(rpmte te);

+FD_t rpmteFd(rpmte te);

+

 /** \ingroup rpmte

  * Retrieve key from transaction element.

  * @param te		transaction element

diff --git a/include/rpm/rpmtypes.h b/include/rpm/rpmtypes.h

index 7c14553..552ec52 100644

--- a/include/rpm/rpmtypes.h

+++ b/include/rpm/rpmtypes.h

@@ -106,7 +106,8 @@ typedef	enum rpmRC_e {

     RPMRC_NOTFOUND	= 1,	/*!< Generic not found code. */

     RPMRC_FAIL		= 2,	/*!< Generic failure code. */

     RPMRC_NOTTRUSTED	= 3,	/*!< Signature is OK, but key is not trusted. */

-    RPMRC_NOKEY		= 4	/*!< Public key is unavailable. */

+    RPMRC_NOKEY		= 4,	/*!< Public key is unavailable. */

+    RPMRC_PLUGIN_CONTENTS = 5     /*!< fsm_file_pre plugin is handling content */

 } rpmRC;

 #ifdef __cplusplus

diff --git a/lib/CMakeLists.txt b/lib/CMakeLists.txt

index 2528a64..754a198 100644

--- a/lib/CMakeLists.txt

+++ b/lib/CMakeLists.txt

@@ -41,6 +41,7 @@ target_sources(librpm PRIVATE

 	rpmchroot.c rpmchroot.h

 	rpmplugins.c rpmplugins.h rpmplugin.h rpmug.c rpmug.h

 	rpmtriggers.h rpmtriggers.c rpmvs.c rpmvs.h

+	rpmextents.c

 )

 if(ENABLE_SQLITE)

diff --git a/lib/fsm.c b/lib/fsm.c

index 36708ac..2df7db7 100644

--- a/lib/fsm.c

+++ b/lib/fsm.c

@@ -869,6 +869,24 @@ static rpmfi fsmIterFini(rpmfi fi, struct diriter_s *di)

     return rpmfiFree(fi);

 }

+static int fiIterator(rpmPlugins plugins, FD_t payload, rpmfiles files, rpmfi *fi)

+{

+    rpmRC plugin_rc = rpmpluginsCallFsmFileArchiveReader(plugins, payload, files, fi);

+    switch (plugin_rc) {

+	case RPMRC_PLUGIN_CONTENTS:

+	    if (*fi == NULL)

+                return RPMERR_BAD_MAGIC;

+            return RPMRC_OK;

+	case RPMRC_OK:

+	    *fi = rpmfiNewArchiveReader(payload, files, RPMFI_ITER_READ_ARCHIVE);

+	    if (*fi == NULL)

+                return RPMERR_BAD_MAGIC;

+            return RPMRC_OK;

+	default:

+            return RPMRC_FAIL;

+    }

+}

+

 int rpmPackageFilesInstall(rpmts ts, rpmte te, rpmfiles files,

               rpmpsm psm, char ** failedFile)

 {

@@ -920,8 +938,9 @@ int rpmPackageFilesInstall(rpmts ts, rpmte te, rpmfiles files,

     if (rc)

 	goto exit;

-    fi = fsmIter(payload, files,

-		 payload ? RPMFI_ITER_READ_ARCHIVE : RPMFI_ITER_FWD, &di);

+    rc = fiIterator(plugins, payload, files, &fi);

+    if (rc)

+        goto exit;

     if (fi == NULL) {

         rc = RPMERR_BAD_MAGIC;

@@ -944,6 +963,9 @@ int rpmPackageFilesInstall(rpmts ts, rpmte te, rpmfiles files,

         if (!fp->skip) {

 	    int mayopen = 0;

 	    int fd = -1;

+

+	    if (di.dirfd >= 0)

+		fsmClose(&di.dirfd);

 	    rc = ensureDir(plugins, rpmfiDN(fi), 0,

 			    (fp->action == FA_CREATE), 0, &di.dirfd);

@@ -953,9 +975,10 @@ int rpmPackageFilesInstall(rpmts ts, rpmte te, rpmfiles files,

 	    }

 	    /* Run fsm file pre hook for all plugins */

-	    if (!rc)

+	    if (!rc) {

 		rc = rpmpluginsCallFsmFilePre(plugins, fi, fp->fpath,

 					      fp->sb.st_mode, fp->action);

+	    }

 	    if (rc)

 		goto setmeta; /* for error notification */

@@ -983,11 +1006,18 @@ int rpmPackageFilesInstall(rpmts ts, rpmte te, rpmfiles files,

 	    if (fp->action == FA_TOUCH)

 		goto setmeta;

-            if (S_ISREG(fp->sb.st_mode)) {

+	    rpmRC plugin_rc = rpmpluginsCallFsmFileInstall(plugins, fi, fp->fpath, fp->sb.st_mode, fp->action);

+	    if (!(plugin_rc == RPMRC_PLUGIN_CONTENTS || plugin_rc == RPMRC_OK)){

+		rc = plugin_rc;

+	    } else if(plugin_rc == RPMRC_PLUGIN_CONTENTS){

+		rc = RPMRC_OK;

+		/* The reflink plugins handles hardlink differently, metadata has to be set. */

+		fp->setmeta = 1;

+	    } else if (S_ISREG(fp->sb.st_mode)) {

 		if (rc == RPMERR_ENOENT) {

 		    rc = fsmMkfile(di.dirfd, fi, fp, files, psm, nodigest,

-				   &firstlink, &firstlinkfile, &di.firstdir,

-				   &fd;;

+				   &firstlink, &firstlinkfile,

+				   &di.firstdir, &fd;;

 		}

             } else if (S_ISDIR(fp->sb.st_mode)) {

                 if (rc == RPMERR_ENOENT) {

@@ -1056,10 +1086,13 @@ setmeta:

     /* If all went well, commit files to final destination */

     fi = fsmIter(NULL, files, RPMFI_ITER_FWD, &di);

+

     while (!rc && (fx = rpmfiNext(fi)) >= 0) {

 	struct filedata_s *fp = &fdata[fx];

 	if (!fp->skip) {

+	    if (di.dirfd >= 0)

+		fsmClose(&di.dirfd);

 	    if (!rc)

 		rc = ensureDir(NULL, rpmfiDN(fi), 0, 0, 0, &di.dirfd);

diff --git a/lib/package.c b/lib/package.c

index 8eee368..d4256a7 100644

--- a/lib/package.c

+++ b/lib/package.c

@@ -394,5 +394,41 @@ exit:

     return rc;

 }

+rpmRC rpmReadPackageRaw(FD_t fd, Header * sigp, Header * hdrp)

+{

+    char *msg = NULL;

+    hdrblob sigblob = hdrblobCreate();

+    hdrblob blob = hdrblobCreate();

+    Header h = NULL;

+    Header sigh = NULL;

+

+    rpmRC rc = hdrblobRead(fd, 1, 0, RPMTAG_HEADERSIGNATURES, sigblob, &msg;;

+    if (rc != RPMRC_OK)

+	goto exit;

+

+    rc = hdrblobRead(fd, 1, 1, RPMTAG_HEADERIMMUTABLE, blob, &msg;;

+    if (rc != RPMRC_OK)

+	goto exit;

+

+    rc = hdrblobImport(sigblob, 0, &sigh, &msg;;

+    if (rc)

+	goto exit;

+

+    rc = hdrblobImport(blob, 0, &h, &msg;;

+    if (rc)

+	goto exit;

+

+    *sigp = headerLink(sigh);

+    *hdrp = headerLink(h);

+exit:

+    if (rc != RPMRC_OK && msg)

+	rpmlog(RPMLOG_ERR, "%s: %s\n", Fdescr(fd), msg);

+    hdrblobFree(sigblob);

+    hdrblobFree(blob);

+    headerFree(sigh);

+    headerFree(h);

+    free(msg);

+    return rc;

+}

diff --git a/lib/rpmchecksig.c b/lib/rpmchecksig.c

index 3a3a4bd..8257dd9 100644

--- a/lib/rpmchecksig.c

+++ b/lib/rpmchecksig.c

@@ -16,6 +16,7 @@

 #include <rpm/rpmlog.h>

 #include <rpm/rpmstring.h>

 #include <rpm/rpmkeyring.h>

+#include <rpm/rpmextents_internal.h>

 #include "rpmio_internal.h" 	/* fdSetBundle() */

 #include "rpmlead.h"

@@ -208,36 +209,24 @@ exit:

 }

 static int rpmpkgVerifySigs(rpmKeyring keyring, int vfylevel, rpmVSFlags flags,

-			   FD_t fd, const char *fn)

+			   FD_t fd, rpmsinfoCb cb, void *cbdata)

 {

     char *msg = NULL;

-    struct vfydata_s vd = { .seen = 0,

-			    .bad = 0,

-			    .verbose = rpmIsVerbose(),

-    };

     int rc;

-    struct rpmvs_s *vs = rpmvsCreate(vfylevel, flags, keyring);

-    rpmlog(RPMLOG_NOTICE, "%s:%s", fn, vd.verbose ? "\n" : "");

+

+    if(isTranscodedRpm(fd) == RPMRC_OK){

+	return extentsVerifySigs(fd, 1);

+    }

+

+    struct rpmvs_s *vs = rpmvsCreate(vfylevel, flags, keyring);

     rc = rpmpkgRead(vs, fd, NULL, NULL, &msg;;

     if (rc)

 	goto exit;

-    rc = rpmvsVerify(vs, RPMSIG_VERIFIABLE_TYPE, vfyCb, &vd);

-

-    if (!vd.verbose) {

-	if (vd.seen & RPMSIG_DIGEST_TYPE) {

-	    rpmlog(RPMLOG_NOTICE, " %s", (vd.bad & RPMSIG_DIGEST_TYPE) ?

-					_("DIGESTS") : _("digests"));

-	}

-	if (vd.seen & RPMSIG_SIGNATURE_TYPE) {

-	    rpmlog(RPMLOG_NOTICE, " %s", (vd.bad & RPMSIG_SIGNATURE_TYPE) ?

-					_("SIGNATURES") : _("signatures"));

-	}

-	rpmlog(RPMLOG_NOTICE, " %s\n", rc ? _("NOT OK") : _("OK"));

-    }

+    rc = rpmvsVerify(vs, RPMSIG_VERIFIABLE_TYPE, cb, cbdata);

 exit:

     if (rc && msg)

@@ -247,15 +236,39 @@ exit:

     return rc;

 }

+static void rpmkgVerifySigsPreLogging(struct vfydata_s *vd, const char *fn){

+    rpmlog(RPMLOG_NOTICE, "%s:%s", fn, vd->verbose ? "\n" : "");

+}

+

+static void rpmkgVerifySigsPostLogging(struct vfydata_s *vd, int rc){

+    if (!vd->verbose) {

+	if (vd->seen & RPMSIG_DIGEST_TYPE) {

+	    rpmlog(RPMLOG_NOTICE, " %s", (vd->bad & RPMSIG_DIGEST_TYPE) ?

+					_("DIGESTS") : _("digests"));

+	}

+	if (vd->seen & RPMSIG_SIGNATURE_TYPE) {

+	    rpmlog(RPMLOG_NOTICE, " %s", (vd->bad & RPMSIG_SIGNATURE_TYPE) ?

+					_("SIGNATURES") : _("signatures"));

+	}

+	rpmlog(RPMLOG_NOTICE, " %s\n", rc ? _("NOT OK") : _("OK"));

+    }

+}

+

 /* Wrapper around rpmkVerifySigs to preserve API */

 int rpmVerifySignatures(QVA_t qva, rpmts ts, FD_t fd, const char * fn)

 {

     int rc = 1; /* assume failure */

+    struct vfydata_s vd = { .seen = 0,

+			    .bad = 0,

+			    .verbose = rpmIsVerbose(),

+    };

     if (ts && qva && fd && fn) {

 	rpmKeyring keyring = rpmtsGetKeyring(ts, 1);

 	rpmVSFlags vsflags = rpmtsVfyFlags(ts);

 	int vfylevel = rpmtsVfyLevel(ts);

-	rc = rpmpkgVerifySigs(keyring, vfylevel, vsflags, fd, fn);

+	rpmkgVerifySigsPreLogging(&vd, fn);

+	rc = rpmpkgVerifySigs(keyring, vfylevel, vsflags, fd, vfyCb, &vd);

+	rpmkgVerifySigsPostLogging(&vd, rc);

     	rpmKeyringFree(keyring);

     }

     return rc;

@@ -277,12 +290,22 @@ int rpmcliVerifySignatures(rpmts ts, ARGV_const_t argv)

     while ((arg = *argv++) != NULL) {

 	FD_t fd = Fopen(arg, "r.ufdio");

+	struct vfydata_s vd = { .seen = 0,

+				.bad = 0,

+				.verbose = rpmIsVerbose(),

+	};

 	if (fd == NULL || Ferror(fd)) {

 	    rpmlog(RPMLOG_ERR, _("%s: open failed: %s\n"), 

 		     arg, Fstrerror(fd));

 	    res++;

-	} else if (rpmpkgVerifySigs(keyring, vfylevel, vsflags, fd, arg)) {

+	} else {

+	    rpmkgVerifySigsPreLogging(&vd, arg);

+	    int rc = rpmpkgVerifySigs(keyring, vfylevel, vsflags, fd,

+				      vfyCb, &vd);

+	    rpmkgVerifySigsPostLogging(&vd, rc);

+	    if (rc) {

 	    res++;

+	    }

 	}

 	Fclose(fd);

@@ -290,3 +313,52 @@ int rpmcliVerifySignatures(rpmts ts, ARGV_const_t argv)

     rpmKeyringFree(keyring);

     return res;

 }

+

+struct vfydatafd_s {

+    size_t len;

+    char msg[BUFSIZ];

+};

+

+

+static int vfyFDCb(struct rpmsinfo_s *sinfo, void *cbdata)

+{

+    struct vfydatafd_s *vd = cbdata;

+    char *vmsg, *msg;

+    size_t n;

+    size_t remainder = BUFSIZ - vd->len >= 0 ? BUFSIZ - vd->len : 0;

+

+    vmsg = rpmsinfoMsg(sinfo);

+    rasprintf(&msg, "    %s\n", vmsg);

+    n = rstrlcpy(vd->msg + vd->len, msg, remainder);

+    free(vmsg);

+    free(msg);

+    if(n <= remainder){

+	vd->len += n;

+    }

+    return 1;

+}

+

+

+int rpmcliVerifySignaturesFD(rpmts ts, FD_t fdi, char **msg)

+{

+    rpmRC rc = RPMRC_FAIL;

+    rpmKeyring keyring = rpmtsGetKeyring(ts, 1);

+    rpmVSFlags vsflags = rpmtsVfyFlags(ts);

+    int vfylevel = rpmtsVfyLevel(ts);

+    struct vfydatafd_s vd = {.len = 0};

+

+    vsflags |= rpmcliVSFlags;

+    if (rpmcliVfyLevelMask) {

+	vfylevel &= ~rpmcliVfyLevelMask;

+	rpmtsSetVfyLevel(ts, vfylevel);

+    }

+

+    if (!rpmpkgVerifySigs(keyring, vfylevel, vsflags, fdi, vfyFDCb, &vd)) {

+	rc = RPMRC_OK;

+    }

+    *msg = strdup(vd.msg);

+

+    rpmKeyringFree(keyring);

+    return rc;

+}

+

diff --git a/lib/rpmextents.c b/lib/rpmextents.c

new file mode 100644

index 0000000..ef687d6

--- /dev/null

+++ b/lib/rpmextents.c

@@ -0,0 +1,109 @@

+

+#include "system.h"

+

+#include <rpm/rpmlog.h>

+#include <rpm/rpmio.h>

+#include <rpm/rpmextents_internal.h>

+#include <string.h>

+#include <errno.h>

+

+

+

+int extentsVerifySigs(FD_t fd, int print_content){

+    rpm_loff_t current;

+    int32_t rc;

+    size_t len;

+    uint64_t content_len;

+    char *content = NULL;

+    struct extents_footer_t footer;

+

+    current = Ftell(fd);

+

+    if(extentsFooterFromFD(fd, &footer) != RPMRC_OK) {

+	rc = -1;

+	goto exit;

+    }

+    if(Fseek(fd, footer.offsets.checksig_offset, SEEK_SET) < 0) {

+	rpmlog(RPMLOG_ERR, _("extentsVerifySigs: Failed to seek signature verification offset\n"));

+	rc = -1;

+	goto exit;

+    }

+    len = sizeof(rc);

+    if (Fread(&rc, len, 1, fd) != len) {

+	rpmlog(RPMLOG_ERR, _("extentsVerifySigs: Failed to read Signature Verification RC\n"));

+	rc = -1;

+	goto exit;

+    }

+

+    if(print_content) {

+	len = sizeof(content_len);

+	if (Fread(&content_len, len, 1, fd) != len) {

+	    rpmlog(RPMLOG_ERR, _("extentsVerifySigs: Failed to read signature content length\n"));

+	    goto exit;

+	}

+

+	content = rmalloc(content_len + 1);

+	if(content == NULL) {

+	    rpmlog(RPMLOG_ERR, _("extentsVerifySigs: Failed to allocate memory to read signature content\n"));

+	    goto exit;

+	}

+	content[content_len] = 0;

+	if (Fread(content, content_len, 1, fd) != content_len) {

+	    rpmlog(RPMLOG_ERR, _("extentsVerifySigs: Failed to read signature content\n"));

+	    goto exit;

+	}

+

+	rpmlog(RPMLOG_NOTICE, "%s", content);

+    }

+exit:

+    if(content){

+	rfree(content);

+    }

+    if (Fseek(fd, current, SEEK_SET) < 0) {

+	rpmlog(RPMLOG_ERR, _("extentsVerifySigs: unable to seek back to original location\n"));

+    }

+    return rc;

+

+}

+

+rpmRC extentsFooterFromFD(FD_t fd, struct extents_footer_t *footer) {

+

+    rpmRC rc = RPMRC_NOTFOUND;

+    rpm_loff_t current;

+    size_t len;

+

+    // If the file is not seekable, we cannot detect whether or not it is transcoded.

+    if(Fseek(fd, 0, SEEK_CUR) < 0) {

+        return RPMRC_FAIL;

+    }

+    current = Ftell(fd);

+

+    len = sizeof(struct extents_footer_t);

+    if(Fseek(fd, -len, SEEK_END) < 0) {

+	rc = RPMRC_FAIL;

+	goto exit;

+    }

+    if (Fread(footer, len, 1, fd) != len) {

+	rpmlog(RPMLOG_ERR, _("isTranscodedRpm: unable to read footer\n"));