From dc53b002bd3d03a21e9af406a9aff5e588710b5b Mon Sep 17 00:00:00 2001
From: chantra <chantr4@gmail.com>
Date: Mon, 28 Mar 2022 19:42:39 -0700
Subject: [PATCH 30/30] [rpmcow] Make rpm -i install package without the need
 of --nodigest

When using transcoded files, the logic to check signature is different
and was done while the file was transcoded. This change the code path
used by `rpm -{i,U}` to check if the file is transcoded, and in such
cases, assume it was already verified.
---
 lib/transaction.c    | 29 ++++++++++++++++++-----------
 tests/rpm2extents.at |  6 +++---
 2 files changed, 21 insertions(+), 14 deletions(-)

diff --git a/lib/transaction.c b/lib/transaction.c
index 36c2a7a64..703e4140c 100644
--- a/lib/transaction.c
+++ b/lib/transaction.c
@@ -37,6 +37,7 @@
 #include "lib/rpmfi_internal.h"	/* only internal apis */
 #include "lib/rpmte_internal.h"	/* only internal apis */
 #include "lib/rpmts_internal.h"
+#include "lib/rpmextents_internal.h"
 #include "lib/rpmvs.h"
 #include "rpmio/rpmhook.h"
 #include "lib/rpmtriggers.h"
@@ -1286,19 +1287,25 @@ static int verifyPackageFiles(rpmts ts, rpm_loff_t total)
 
 	rpmtsNotify(ts, p, RPMCALLBACK_VERIFY_PROGRESS, oc++, total);
 	FD_t fd = rpmtsNotify(ts, p, RPMCALLBACK_INST_OPEN_FILE, 0, 0);
-	if (fd != NULL) {
-	    prc = rpmpkgRead(vs, fd, NULL, NULL, &vd.msg);
-	    rpmtsNotify(ts, p, RPMCALLBACK_INST_CLOSE_FILE, 0, 0);
+	if(fd != NULL && isTranscodedRpm(fd) == RPMRC_OK) {
+	    /* Transcoded RPMs are validated at transcoding time */
+	    prc = RPMRC_OK;
+	    verified = 1;
+	} else {
+	    if (fd != NULL) {
+		prc = rpmpkgRead(vs, fd, NULL, NULL, &vd.msg);
+		rpmtsNotify(ts, p, RPMCALLBACK_INST_CLOSE_FILE, 0, 0);
+	    }
+	    if (prc == RPMRC_OK)
+		prc = rpmvsVerify(vs, RPMSIG_VERIFIABLE_TYPE, vfyCb, &vd);
+
+	    /* Record verify result */
+	    if (vd.type[RPMSIG_SIGNATURE_TYPE] == RPMRC_OK)
+		verified |= RPMSIG_SIGNATURE_TYPE;
+	    if (vd.type[RPMSIG_DIGEST_TYPE] == RPMRC_OK)
+		verified |= RPMSIG_DIGEST_TYPE;
 	}
 
-	if (prc == RPMRC_OK)
-	    prc = rpmvsVerify(vs, RPMSIG_VERIFIABLE_TYPE, vfyCb, &vd);
-
-	/* Record verify result */
-	if (vd.type[RPMSIG_SIGNATURE_TYPE] == RPMRC_OK)
-	    verified |= RPMSIG_SIGNATURE_TYPE;
-	if (vd.type[RPMSIG_DIGEST_TYPE] == RPMRC_OK)
-	    verified |= RPMSIG_DIGEST_TYPE;
 	rpmteSetVerified(p, verified);
 
 	if (prc)
diff --git a/tests/rpm2extents.at b/tests/rpm2extents.at
index 5c66de7f6..5135c9cf8 100644
--- a/tests/rpm2extents.at
+++ b/tests/rpm2extents.at
@@ -102,7 +102,7 @@ AT_CHECK([
 RPMDB_INIT
 
 runroot_other cat /data/RPMS/hello-2.0-1.x86_64.rpm | runroot_other rpm2extents SHA256 > ${RPMTEST}/tmp/hello-2.0-1.x86_64.rpm 2> /dev/null
-runroot_plugins rpm -i --nodigest --nodeps --undefine=%__transaction_dbus_announce /tmp/hello-2.0-1.x86_64.rpm
+runroot_plugins rpm -i --nodeps --undefine=%__transaction_dbus_announce /tmp/hello-2.0-1.x86_64.rpm
 test -f ${RPMTEST}/usr/bin/hello
 ],
 [0],
@@ -115,7 +115,7 @@ AT_KEYWORDS([reflink])
 AT_CHECK([
 RPMDB_INIT
 
-runroot_plugins rpm -i --nodigest --nodeps --undefine=%__transaction_dbus_announce /data/RPMS/hello-2.0-1.x86_64.rpm && exit $?
+runroot_plugins rpm -i --nodeps --undefine=%__transaction_dbus_announce /data/RPMS/hello-2.0-1.x86_64.rpm && exit $?
 # Check that the file is properly installed in chroot
 test -f ${RPMTEST}/usr/bin/hello
 ],
@@ -132,7 +132,7 @@ RPMDB_INIT
 
 PKG=hlinktest-1.0-1.noarch.rpm
 runroot_other cat /data/RPMS/${PKG} | runroot_other rpm2extents SHA256 > ${RPMTEST}/tmp/${PKG} 2> /dev/null
-runroot_plugins rpm -i --nodigest --nodeps --undefine=%__transaction_dbus_announce /tmp/${PKG}
+runroot_plugins rpm -i --nodeps --undefine=%__transaction_dbus_announce /tmp/${PKG}
 ],
 [0],
 [],
-- 
2.35.1