From 0a7318ab4467d3156723c7a265dbd3456b8d1e20 Mon Sep 17 00:00:00 2001
From: Panu Matilainen <pmatilai@redhat.com>
Date: Tue, 10 Oct 2017 14:44:18 +0300
Subject: [PATCH 07/33] Use rpm file info sets instead of header for retrieving
 file data

Simplifies the code a little, but more imporantly it avoids duplicating
code and special knowledge like the default digest algo and converting
hex to binary. As a side-effect, this fixes RPMTAG_FILESIGNATURELENGTH
inadvertly getting added into packages that have no files at all.
---
 sign/rpmsignfiles.c | 36 +++++++++++++++++-------------------
 1 file changed, 17 insertions(+), 19 deletions(-)

diff --git a/sign/rpmsignfiles.c b/sign/rpmsignfiles.c
index c1d227a07..de7a73cfd 100644
--- a/sign/rpmsignfiles.c
+++ b/sign/rpmsignfiles.c
@@ -8,7 +8,7 @@
 #include "imaevm.h"
 
 #include <rpm/rpmlog.h>		/* rpmlog */
-#include <rpm/rpmstring.h>	/* rnibble */
+#include <rpm/rpmfi.h>
 #include <rpm/rpmpgp.h>		/* rpmDigestLength */
 #include "lib/header.h"		/* HEADERGET_MINMEM */
 #include "lib/rpmtypes.h"	/* rpmRC */
@@ -32,7 +32,7 @@ static const char *hash_algo_name[] = {
 
 #define ARRAY_SIZE(a)  (sizeof(a) / sizeof(a[0]))
 
-static char *signFile(const char *algo, const char *fdigest, int diglen,
+static char *signFile(const char *algo, const uint8_t *fdigest, int diglen,
 const char *key, char *keypass)
 {
     char *fsignature;
@@ -40,15 +40,11 @@ const char *key, char *keypass)
     unsigned char signature[MAX_SIGNATURE_LENGTH];
     int siglen;
 
-    /* convert file digest hex to binary */
-    memset(digest, 0, diglen);
     /* some entries don't have a digest - we return an empty signature */
-    if (strlen(fdigest) != diglen * 2)
+    memset(digest, 0, diglen);
+    if (memcmp(digest, fdigest, diglen) == 0)
         return strdup("");
 
-    for (int i = 0; i < diglen; ++i, fdigest += 2)
-	digest[i] = (rnibble(fdigest[0]) << 4) | rnibble(fdigest[1]);
-
     /* prepare file signature */
     memset(signature, 0, MAX_SIGNATURE_LENGTH);
     signature[0] = '\x03';
@@ -82,21 +78,23 @@ char *keypass)
 
 rpmRC rpmSignFiles(Header sigh, Header h, const char *key, char *keypass)
 {
-    struct rpmtd_s digests, td;
+    struct rpmtd_s td;
     int algo;
     int diglen;
     uint32_t siglen;
     const char *algoname;
-    const char *digest;
+    const uint8_t *digest;
     char *signature = NULL;
     rpmRC rc = RPMRC_FAIL;
+    rpmfi fi = rpmfiNew(NULL, h, RPMTAG_BASENAMES, RPMFI_FLAGS_QUERY);
+
+    if (rpmfiFC(fi) == 0) {
+	rc = RPMRC_OK;
+	goto exit;
+    }
 
-    rpmtdReset(&digests);
-    algo = headerGetNumber(h, RPMTAG_FILEDIGESTALGO);
-    if (!algo) {
-        /* use default algorithm */
-        algo = PGPHASHALGO_MD5;
-    } else if (algo < 0 || algo >= ARRAY_SIZE(hash_algo_name)) {
+    algo = rpmfiDigestAlgo(fi);
+    if (algo >= ARRAY_SIZE(hash_algo_name)) {
 	rpmlog(RPMLOG_ERR, _("File digest algorithm id is invalid"));
 	goto exit;
     }
@@ -125,8 +123,8 @@ rpmRC rpmSignFiles(Header sigh, Header h, const char *key, char *keypass)
     td.data = NULL; /* set in the loop below */
     td.count = 1;
 
-    headerGet(h, RPMTAG_FILEDIGESTS, &digests, HEADERGET_MINMEM);
-    while ((digest = rpmtdNextString(&digests))) {
+    while (rpmfiNext(fi) >= 0) {
+	digest = rpmfiFDigest(fi, NULL, NULL);
 	signature = signFile(algoname, digest, diglen, key, keypass);
 	if (!signature) {
 	    rpmlog(RPMLOG_ERR, _("signFile failed\n"));
@@ -143,6 +141,6 @@ rpmRC rpmSignFiles(Header sigh, Header h, const char *key, char *keypass)
 
 exit:
     free(signature);
-    rpmtdFreeData(&digests);
+    rpmfiFree(fi);
     return rc;
 }
-- 
2.27.0