rpms / rpm

Clone
Source Code
GIT

Files

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c8s-imaevm-bootstrap c8s-sig-hyperscale c9 c9-beta c9s-sig-hyperscale
  1.   c8s-imaevm-bootstrap
  2.   SOURCES
  3.   0001-Work-around-buggy-signature-region-preventing-resign.patch
Blob Blame History Raw 
From 8fefd2bd21b30996ad0748eab6baadf915610642 Mon Sep 17 00:00:00 2001
From: Panu Matilainen <pmatilai@redhat.com>
Date: Thu, 13 Aug 2020 13:29:10 +0300
Subject: [PATCH] Work around buggy signature region preventing resigning
 (RhBug:1851508)

Various proprietary packages in the wild have subtly malformed data
in the signature header, in particular wrt the immutable region size,
presumably from using some in-house/3rd party signing tools which do
not understand the immutable region business at all. This can prevent
resigning and signature deletion on such packages due to the more
thorough checking that rpmsign does.

As the old wisdom goes, be liberal in what you accept... we can easily
work around the crud by just taking a fresh copy of the contents that
are legit as such (otherwise the package would be uninstallable).


Adjusted for 4.14.3

--- rpm-4.14.3/sign/rpmgensig.c.orig	2020-10-29 16:00:38.785229048 +0100
+++ rpm-4.14.3/sign/rpmgensig.c	2020-10-29 16:08:55.997791345 +0100
@@ -401,12 +401,19 @@
 
     if (headerGet(*hdrp, tag, utd, HEADERGET_DEFAULT)) {
 	oh = headerCopyLoad(utd->data);
-	nh = headerCopy(oh);
-	headerFree(oh);
 	rpmtdFreeData(utd);
+    } else {
+	/* XXX should we warn if the immutable region is corrupt/missing? */
+	oh = headerLink(*hdrp);
+    }
+
+    if (oh) {
+	/* Perform a copy to eliminate crud from buggy signing tools etc */
+	nh = headerCopy(oh);
 	headerFree(*hdrp);
 	*hdrp = headerLink(nh);
 	headerFree(nh);
+	headerFree(oh);
     }
 }

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation