[packages/poldek.git] / rpm-4.15.patch

--- poldek-0.42.2/pm/rpmorg/signature.c.orig	2020-10-07 23:33:17.051835958 +0200
+++ poldek-0.42.2/pm/rpmorg/signature.c	2020-10-07 23:34:10.408960665 +0200
@@ -101,18 +101,18 @@
             case RPMSIGTAG_RSA:
             case RPMSIGTAG_PGP5:	/* XXX legacy */
             case RPMSIGTAG_PGP:
-                flags |= VRFYSIG_SIGNPGP;
+                flags |= PKGVERIFY_PGP;
                 break;
 
             case RPMSIGTAG_DSA:
             case RPMSIGTAG_GPG:
-                flags |= VRFYSIG_SIGNGPG;
+                flags |= PKGVERIFY_GPG;
                 break;
 
             case RPMSIGTAG_LEMD5_2:
             case RPMSIGTAG_LEMD5_1:
             case RPMSIGTAG_MD5:
-                flags |= VRFYSIG_DGST;
+                flags |= PKGVERIFY_MD;
                 break;
 
             default:
@@ -137,7 +137,7 @@
     int                       rc;
 
 
-    n_assert(flags & (VRFYSIG_DGST | VRFYSIG_SIGN));
+    n_assert(flags & (PKGVERIFY_MD | PKGVERIFY_GPG | PKGVERIFY_PGP));
 
     if (!rpm_signatures(path, &presented_signs, NULL))
         return 0;
@@ -146,13 +146,13 @@
         char signam[255];
         int n = 0;
 
-        if (flags & VRFYSIG_DGST)
+        if (flags & PKGVERIFY_MD)
             n += n_snprintf(&signam[n], sizeof(signam) - n, "digest/");
 
-        if (flags & VRFYSIG_SIGNGPG)
+        if (flags & PKGVERIFY_GPG)
             n += n_snprintf(&signam[n], sizeof(signam) - n, "gpg/");
 
-        if (flags & VRFYSIG_SIGNPGP)
+        if (flags & PKGVERIFY_PGP)
             n += n_snprintf(&signam[n], sizeof(signam) - n, "pgp/");
 
         n_assert(n > 0);
@@ -163,29 +163,27 @@
              signam);
         return 0;
     }
-    unsigned qva_flags = RPMVSF_DEFAULT;
+    unsigned vfyflags = RPMVSF_DEFAULT;
 
-    if ((flags & (VRFYSIG_SIGNPGP | VRFYSIG_SIGNGPG)) == 0) {
-        qva_flags |= RPMVSF_MASK_NOSIGNATURES;
+    if ((flags & (PKGVERIFY_PGP | PKGVERIFY_GPG)) == 0) {
+        vfyflags |= RPMVSF_MASK_NOSIGNATURES;
     }
 
     // always check digests - without them rpmVerifySignature returns error
-    //if ((flags & VRFYSIG_DGST) == 0)
-    //   qva_flags |= RPMVSF_MASK_NODIGESTS;
-
-    memset(&qva, '\0', sizeof(qva));
-    qva.qva_flags = qva_flags;
+    //if ((flags & PKGVERIFY_MD) == 0)
+    //   vfyflags |= RPMVSF_MASK_NODIGESTS;
 
     rc = -1;
     fdt = Fopen(path, "r.ufdio");
 
     if (fdt != NULL && Ferror(fdt) == 0) {
         ts = rpmtsCreate();
+        rpmtsSetVfyFlags(ts, vfyflags);
         rc = rpmVerifySignatures(&qva, ts, fdt, n_basenam(path));
         rpmtsFree(ts);
 
         DBGF("rpmVerifySignatures[md=%d, sign=%d] %s %s\n",
-             flags & VRFYSIG_DGST ? 1:0, flags & VRFYSIG_SIGN ? 1:0,
+             flags & PKGVERIFY_MD ? 1:0, flags & (PKGVERIFY_GPG | PKGVERIFY_PGP) ? 1:0,
              n_basenam(path), rc == 0 ? "OK" : "BAD");
     }
 
@@ -196,24 +196,12 @@
 static
 int do_pm_rpm_verify_signature(void *pm_rpm, const char *path, unsigned flags)
 {
-    unsigned rpmflags = 0;
-
-    pm_rpm = pm_rpm;
     if (access(path, R_OK) != 0) {
         logn(LOGERR, "%s: verify signature failed: %m", path);
         return 0;
     }
 
-    if (flags & PKGVERIFY_GPG)
-        rpmflags |= VRFYSIG_SIGNGPG;
-
-    if (flags & PKGVERIFY_PGP)
-        rpmflags |= VRFYSIG_SIGNPGP;
-
-    if (flags & PKGVERIFY_MD)
-        rpmflags |= VRFYSIG_DGST;
-
-    return do_verify_signature(path, rpmflags);
+    return do_verify_signature(path, flags);
 }
 
 extern int pm_rpm_verbose;
--- poldek-0.42.2/pm/rpmorg/pm_rpm.h.orig	2020-10-07 23:34:34.276110954 +0200
+++ poldek-0.42.2/pm/rpmorg/pm_rpm.h	2020-10-07 23:34:40.173648478 +0200
@@ -69,10 +69,6 @@
                               struct poldek_ts *ts);
 
 #include <rpm/rpmcli.h>
-#define VRFYSIG_DGST     VERIFY_DIGEST
-#define VRFYSIG_SIGN     VERIFY_SIGNATURE
-#define VRFYSIG_SIGNGPG  VERIFY_SIGNATURE
-#define VRFYSIG_SIGNPGP  VERIFY_SIGNATURE
 
 int pm_rpm_verify_signature(void *pm_rpm, const char *path, unsigned flags);
Commit	Line	Data
bd8cd954 JR	1	--- poldek-0.42.2/pm/rpmorg/signature.c.orig 2020-10-07 23:33:17.051835958 +0200
	2	+++ poldek-0.42.2/pm/rpmorg/signature.c 2020-10-07 23:34:10.408960665 +0200
	3	@@ -101,18 +101,18 @@
	4	case RPMSIGTAG_RSA:
	5	case RPMSIGTAG_PGP5: /* XXX legacy */
	6	case RPMSIGTAG_PGP:
	7	- flags \|= VRFYSIG_SIGNPGP;
	8	+ flags \|= PKGVERIFY_PGP;
	9	break;
	10
	11	case RPMSIGTAG_DSA:
	12	case RPMSIGTAG_GPG:
	13	- flags \|= VRFYSIG_SIGNGPG;
	14	+ flags \|= PKGVERIFY_GPG;
	15	break;
	16
	17	case RPMSIGTAG_LEMD5_2:
	18	case RPMSIGTAG_LEMD5_1:
	19	case RPMSIGTAG_MD5:
	20	- flags \|= VRFYSIG_DGST;
	21	+ flags \|= PKGVERIFY_MD;
	22	break;
	23
	24	default:
	25	@@ -137,7 +137,7 @@
	26	int rc;
	27
	28
	29	- n_assert(flags & (VRFYSIG_DGST \| VRFYSIG_SIGN));
	30	+ n_assert(flags & (PKGVERIFY_MD \| PKGVERIFY_GPG \| PKGVERIFY_PGP));
	31
	32	if (!rpm_signatures(path, &presented_signs, NULL))
	33	return 0;
	34	@@ -146,13 +146,13 @@
	35	char signam[255];
	36	int n = 0;
	37
	38	- if (flags & VRFYSIG_DGST)
	39	+ if (flags & PKGVERIFY_MD)
	40	n += n_snprintf(&signam[n], sizeof(signam) - n, "digest/");
	41
	42	- if (flags & VRFYSIG_SIGNGPG)
	43	+ if (flags & PKGVERIFY_GPG)
	44	n += n_snprintf(&signam[n], sizeof(signam) - n, "gpg/");
	45
	46	- if (flags & VRFYSIG_SIGNPGP)
	47	+ if (flags & PKGVERIFY_PGP)
	48	n += n_snprintf(&signam[n], sizeof(signam) - n, "pgp/");
	49
	50	n_assert(n > 0);
b47be594 JR	51	@@ -163,29 +163,27 @@
	52	signam);
	53	return 0;
bd8cd954	54	}
b47be594 JR	55	- unsigned qva_flags = RPMVSF_DEFAULT;
b47be594 JR	56	+ unsigned vfyflags = RPMVSF_DEFAULT;
bd8cd954 JR	57
bd8cd954 JR	58	- if ((flags & (VRFYSIG_SIGNPGP \| VRFYSIG_SIGNGPG)) == 0) {
b47be594	59	- qva_flags \|= RPMVSF_MASK_NOSIGNATURES;
bd8cd954	60	+ if ((flags & (PKGVERIFY_PGP \| PKGVERIFY_GPG)) == 0) {
b47be594	61	+ vfyflags \|= RPMVSF_MASK_NOSIGNATURES;
bd8cd954 JR	62	}
	63
	64	// always check digests - without them rpmVerifySignature returns error
	65	- //if ((flags & VRFYSIG_DGST) == 0)
b47be594 JR	66	- // qva_flags \|= RPMVSF_MASK_NODIGESTS;
	67	-
	68	- memset(&qva, '\0', sizeof(qva));
	69	- qva.qva_flags = qva_flags;
bd8cd954	70	+ //if ((flags & PKGVERIFY_MD) == 0)
b47be594 JR	71	+ // vfyflags \|= RPMVSF_MASK_NODIGESTS;
	72
	73	rc = -1;
	74	fdt = Fopen(path, "r.ufdio");
bd8cd954	75
b47be594 JR	76	if (fdt != NULL && Ferror(fdt) == 0) {
	77	ts = rpmtsCreate();
	78	+ rpmtsSetVfyFlags(ts, vfyflags);
	79	rc = rpmVerifySignatures(&qva, ts, fdt, n_basenam(path));
bd8cd954 JR	80	rpmtsFree(ts);
	81
	82	DBGF("rpmVerifySignatures[md=%d, sign=%d] %s %s\n",
	83	- flags & VRFYSIG_DGST ? 1:0, flags & VRFYSIG_SIGN ? 1:0,
	84	+ flags & PKGVERIFY_MD ? 1:0, flags & (PKGVERIFY_GPG \| PKGVERIFY_PGP) ? 1:0,
	85	n_basenam(path), rc == 0 ? "OK" : "BAD");
	86	}
	87
	88	@@ -196,24 +196,12 @@
	89	static
	90	int do_pm_rpm_verify_signature(void pm_rpm, const char path, unsigned flags)
	91	{
	92	- unsigned rpmflags = 0;
	93	-
	94	- pm_rpm = pm_rpm;
	95	if (access(path, R_OK) != 0) {
	96	logn(LOGERR, "%s: verify signature failed: %m", path);
	97	return 0;
	98	}
	99
	100	- if (flags & PKGVERIFY_GPG)
	101	- rpmflags \|= VRFYSIG_SIGNGPG;
	102	-
	103	- if (flags & PKGVERIFY_PGP)
	104	- rpmflags \|= VRFYSIG_SIGNPGP;
	105	-
	106	- if (flags & PKGVERIFY_MD)
	107	- rpmflags \|= VRFYSIG_DGST;
	108	-
	109	- return do_verify_signature(path, rpmflags);
	110	+ return do_verify_signature(path, flags);
	111	}
	112
	113	extern int pm_rpm_verbose;
	114	--- poldek-0.42.2/pm/rpmorg/pm_rpm.h.orig 2020-10-07 23:34:34.276110954 +0200
	115	+++ poldek-0.42.2/pm/rpmorg/pm_rpm.h 2020-10-07 23:34:40.173648478 +0200
	116	@@ -69,10 +69,6 @@
	117	struct poldek_ts *ts);
	118
	119	#include <rpm/rpmcli.h>
	120	-#define VRFYSIG_DGST VERIFY_DIGEST
	121	-#define VRFYSIG_SIGN VERIFY_SIGNATURE
	122	-#define VRFYSIG_SIGNGPG VERIFY_SIGNATURE
	123	-#define VRFYSIG_SIGNPGP VERIFY_SIGNATURE
	124
	125	int pm_rpm_verify_signature(void pm_rpm, const char path, unsigned flags);
	126