]>
Commit | Line | Data |
---|---|---|
bd8cd954 JR |
1 | --- poldek-0.42.2/pm/rpmorg/signature.c.orig 2020-10-07 23:33:17.051835958 +0200 |
2 | +++ poldek-0.42.2/pm/rpmorg/signature.c 2020-10-07 23:34:10.408960665 +0200 | |
3 | @@ -101,18 +101,18 @@ | |
4 | case RPMSIGTAG_RSA: | |
5 | case RPMSIGTAG_PGP5: /* XXX legacy */ | |
6 | case RPMSIGTAG_PGP: | |
7 | - flags |= VRFYSIG_SIGNPGP; | |
8 | + flags |= PKGVERIFY_PGP; | |
9 | break; | |
10 | ||
11 | case RPMSIGTAG_DSA: | |
12 | case RPMSIGTAG_GPG: | |
13 | - flags |= VRFYSIG_SIGNGPG; | |
14 | + flags |= PKGVERIFY_GPG; | |
15 | break; | |
16 | ||
17 | case RPMSIGTAG_LEMD5_2: | |
18 | case RPMSIGTAG_LEMD5_1: | |
19 | case RPMSIGTAG_MD5: | |
20 | - flags |= VRFYSIG_DGST; | |
21 | + flags |= PKGVERIFY_MD; | |
22 | break; | |
23 | ||
24 | default: | |
25 | @@ -137,7 +137,7 @@ | |
26 | int rc; | |
27 | ||
28 | ||
29 | - n_assert(flags & (VRFYSIG_DGST | VRFYSIG_SIGN)); | |
30 | + n_assert(flags & (PKGVERIFY_MD | PKGVERIFY_GPG | PKGVERIFY_PGP)); | |
31 | ||
32 | if (!rpm_signatures(path, &presented_signs, NULL)) | |
33 | return 0; | |
34 | @@ -146,13 +146,13 @@ | |
35 | char signam[255]; | |
36 | int n = 0; | |
37 | ||
38 | - if (flags & VRFYSIG_DGST) | |
39 | + if (flags & PKGVERIFY_MD) | |
40 | n += n_snprintf(&signam[n], sizeof(signam) - n, "digest/"); | |
41 | ||
42 | - if (flags & VRFYSIG_SIGNGPG) | |
43 | + if (flags & PKGVERIFY_GPG) | |
44 | n += n_snprintf(&signam[n], sizeof(signam) - n, "gpg/"); | |
45 | ||
46 | - if (flags & VRFYSIG_SIGNPGP) | |
47 | + if (flags & PKGVERIFY_PGP) | |
48 | n += n_snprintf(&signam[n], sizeof(signam) - n, "pgp/"); | |
49 | ||
50 | n_assert(n > 0); | |
b47be594 JR |
51 | @@ -163,29 +163,27 @@ |
52 | signam); | |
53 | return 0; | |
bd8cd954 | 54 | } |
b47be594 JR |
55 | - unsigned qva_flags = RPMVSF_DEFAULT; |
56 | + unsigned vfyflags = RPMVSF_DEFAULT; | |
bd8cd954 JR |
57 | |
58 | - if ((flags & (VRFYSIG_SIGNPGP | VRFYSIG_SIGNGPG)) == 0) { | |
b47be594 | 59 | - qva_flags |= RPMVSF_MASK_NOSIGNATURES; |
bd8cd954 | 60 | + if ((flags & (PKGVERIFY_PGP | PKGVERIFY_GPG)) == 0) { |
b47be594 | 61 | + vfyflags |= RPMVSF_MASK_NOSIGNATURES; |
bd8cd954 JR |
62 | } |
63 | ||
64 | // always check digests - without them rpmVerifySignature returns error | |
65 | - //if ((flags & VRFYSIG_DGST) == 0) | |
b47be594 JR |
66 | - // qva_flags |= RPMVSF_MASK_NODIGESTS; |
67 | - | |
68 | - memset(&qva, '\0', sizeof(qva)); | |
69 | - qva.qva_flags = qva_flags; | |
bd8cd954 | 70 | + //if ((flags & PKGVERIFY_MD) == 0) |
b47be594 JR |
71 | + // vfyflags |= RPMVSF_MASK_NODIGESTS; |
72 | ||
73 | rc = -1; | |
74 | fdt = Fopen(path, "r.ufdio"); | |
bd8cd954 | 75 | |
b47be594 JR |
76 | if (fdt != NULL && Ferror(fdt) == 0) { |
77 | ts = rpmtsCreate(); | |
78 | + rpmtsSetVfyFlags(ts, vfyflags); | |
79 | rc = rpmVerifySignatures(&qva, ts, fdt, n_basenam(path)); | |
bd8cd954 JR |
80 | rpmtsFree(ts); |
81 | ||
82 | DBGF("rpmVerifySignatures[md=%d, sign=%d] %s %s\n", | |
83 | - flags & VRFYSIG_DGST ? 1:0, flags & VRFYSIG_SIGN ? 1:0, | |
84 | + flags & PKGVERIFY_MD ? 1:0, flags & (PKGVERIFY_GPG | PKGVERIFY_PGP) ? 1:0, | |
85 | n_basenam(path), rc == 0 ? "OK" : "BAD"); | |
86 | } | |
87 | ||
88 | @@ -196,24 +196,12 @@ | |
89 | static | |
90 | int do_pm_rpm_verify_signature(void *pm_rpm, const char *path, unsigned flags) | |
91 | { | |
92 | - unsigned rpmflags = 0; | |
93 | - | |
94 | - pm_rpm = pm_rpm; | |
95 | if (access(path, R_OK) != 0) { | |
96 | logn(LOGERR, "%s: verify signature failed: %m", path); | |
97 | return 0; | |
98 | } | |
99 | ||
100 | - if (flags & PKGVERIFY_GPG) | |
101 | - rpmflags |= VRFYSIG_SIGNGPG; | |
102 | - | |
103 | - if (flags & PKGVERIFY_PGP) | |
104 | - rpmflags |= VRFYSIG_SIGNPGP; | |
105 | - | |
106 | - if (flags & PKGVERIFY_MD) | |
107 | - rpmflags |= VRFYSIG_DGST; | |
108 | - | |
109 | - return do_verify_signature(path, rpmflags); | |
110 | + return do_verify_signature(path, flags); | |
111 | } | |
112 | ||
113 | extern int pm_rpm_verbose; | |
114 | --- poldek-0.42.2/pm/rpmorg/pm_rpm.h.orig 2020-10-07 23:34:34.276110954 +0200 | |
115 | +++ poldek-0.42.2/pm/rpmorg/pm_rpm.h 2020-10-07 23:34:40.173648478 +0200 | |
116 | @@ -69,10 +69,6 @@ | |
117 | struct poldek_ts *ts); | |
118 | ||
119 | #include <rpm/rpmcli.h> | |
120 | -#define VRFYSIG_DGST VERIFY_DIGEST | |
121 | -#define VRFYSIG_SIGN VERIFY_SIGNATURE | |
122 | -#define VRFYSIG_SIGNGPG VERIFY_SIGNATURE | |
123 | -#define VRFYSIG_SIGNPGP VERIFY_SIGNATURE | |
124 | ||
125 | int pm_rpm_verify_signature(void *pm_rpm, const char *path, unsigned flags); | |
126 |