1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
|
--- poldek-0.42.2/pm/rpmorg/signature.c.orig 2020-10-07 23:33:17.051835958 +0200
+++ poldek-0.42.2/pm/rpmorg/signature.c 2020-10-07 23:34:10.408960665 +0200
@@ -101,18 +101,18 @@
case RPMSIGTAG_RSA:
case RPMSIGTAG_PGP5: /* XXX legacy */
case RPMSIGTAG_PGP:
- flags |= VRFYSIG_SIGNPGP;
+ flags |= PKGVERIFY_PGP;
break;
case RPMSIGTAG_DSA:
case RPMSIGTAG_GPG:
- flags |= VRFYSIG_SIGNGPG;
+ flags |= PKGVERIFY_GPG;
break;
case RPMSIGTAG_LEMD5_2:
case RPMSIGTAG_LEMD5_1:
case RPMSIGTAG_MD5:
- flags |= VRFYSIG_DGST;
+ flags |= PKGVERIFY_MD;
break;
default:
@@ -137,7 +137,7 @@
int rc;
- n_assert(flags & (VRFYSIG_DGST | VRFYSIG_SIGN));
+ n_assert(flags & (PKGVERIFY_MD | PKGVERIFY_GPG | PKGVERIFY_PGP));
if (!rpm_signatures(path, &presented_signs, NULL))
return 0;
@@ -146,13 +146,13 @@
char signam[255];
int n = 0;
- if (flags & VRFYSIG_DGST)
+ if (flags & PKGVERIFY_MD)
n += n_snprintf(&signam[n], sizeof(signam) - n, "digest/");
- if (flags & VRFYSIG_SIGNGPG)
+ if (flags & PKGVERIFY_GPG)
n += n_snprintf(&signam[n], sizeof(signam) - n, "gpg/");
- if (flags & VRFYSIG_SIGNPGP)
+ if (flags & PKGVERIFY_PGP)
n += n_snprintf(&signam[n], sizeof(signam) - n, "pgp/");
n_assert(n > 0);
@@ -163,29 +163,27 @@
signam);
return 0;
}
- unsigned qva_flags = RPMVSF_DEFAULT;
+ unsigned vfyflags = RPMVSF_DEFAULT;
- if ((flags & (VRFYSIG_SIGNPGP | VRFYSIG_SIGNGPG)) == 0) {
- qva_flags |= RPMVSF_MASK_NOSIGNATURES;
+ if ((flags & (PKGVERIFY_PGP | PKGVERIFY_GPG)) == 0) {
+ vfyflags |= RPMVSF_MASK_NOSIGNATURES;
}
// always check digests - without them rpmVerifySignature returns error
- //if ((flags & VRFYSIG_DGST) == 0)
- // qva_flags |= RPMVSF_MASK_NODIGESTS;
-
- memset(&qva, '\0', sizeof(qva));
- qva.qva_flags = qva_flags;
+ //if ((flags & PKGVERIFY_MD) == 0)
+ // vfyflags |= RPMVSF_MASK_NODIGESTS;
rc = -1;
fdt = Fopen(path, "r.ufdio");
if (fdt != NULL && Ferror(fdt) == 0) {
ts = rpmtsCreate();
+ rpmtsSetVfyFlags(ts, vfyflags);
rc = rpmVerifySignatures(&qva, ts, fdt, n_basenam(path));
rpmtsFree(ts);
DBGF("rpmVerifySignatures[md=%d, sign=%d] %s %s\n",
- flags & VRFYSIG_DGST ? 1:0, flags & VRFYSIG_SIGN ? 1:0,
+ flags & PKGVERIFY_MD ? 1:0, flags & (PKGVERIFY_GPG | PKGVERIFY_PGP) ? 1:0,
n_basenam(path), rc == 0 ? "OK" : "BAD");
}
@@ -196,24 +196,12 @@
static
int do_pm_rpm_verify_signature(void *pm_rpm, const char *path, unsigned flags)
{
- unsigned rpmflags = 0;
-
- pm_rpm = pm_rpm;
if (access(path, R_OK) != 0) {
logn(LOGERR, "%s: verify signature failed: %m", path);
return 0;
}
- if (flags & PKGVERIFY_GPG)
- rpmflags |= VRFYSIG_SIGNGPG;
-
- if (flags & PKGVERIFY_PGP)
- rpmflags |= VRFYSIG_SIGNPGP;
-
- if (flags & PKGVERIFY_MD)
- rpmflags |= VRFYSIG_DGST;
-
- return do_verify_signature(path, rpmflags);
+ return do_verify_signature(path, flags);
}
extern int pm_rpm_verbose;
--- poldek-0.42.2/pm/rpmorg/pm_rpm.h.orig 2020-10-07 23:34:34.276110954 +0200
+++ poldek-0.42.2/pm/rpmorg/pm_rpm.h 2020-10-07 23:34:40.173648478 +0200
@@ -69,10 +69,6 @@
struct poldek_ts *ts);
#include <rpm/rpmcli.h>
-#define VRFYSIG_DGST VERIFY_DIGEST
-#define VRFYSIG_SIGN VERIFY_SIGNATURE
-#define VRFYSIG_SIGNGPG VERIFY_SIGNATURE
-#define VRFYSIG_SIGNPGP VERIFY_SIGNATURE
int pm_rpm_verify_signature(void *pm_rpm, const char *path, unsigned flags);
|