1 --- poldek-0.42.2/pm/rpmorg/signature.c.orig 2020-10-07 23:33:17.051835958 +0200
2 +++ poldek-0.42.2/pm/rpmorg/signature.c 2020-10-07 23:34:10.408960665 +0200
5 case RPMSIGTAG_PGP5: /* XXX legacy */
7 - flags |= VRFYSIG_SIGNPGP;
8 + flags |= PKGVERIFY_PGP;
13 - flags |= VRFYSIG_SIGNGPG;
14 + flags |= PKGVERIFY_GPG;
17 case RPMSIGTAG_LEMD5_2:
18 case RPMSIGTAG_LEMD5_1:
20 - flags |= VRFYSIG_DGST;
21 + flags |= PKGVERIFY_MD;
29 - n_assert(flags & (VRFYSIG_DGST | VRFYSIG_SIGN));
30 + n_assert(flags & (PKGVERIFY_MD | PKGVERIFY_GPG | PKGVERIFY_PGP));
32 if (!rpm_signatures(path, &presented_signs, NULL))
38 - if (flags & VRFYSIG_DGST)
39 + if (flags & PKGVERIFY_MD)
40 n += n_snprintf(&signam[n], sizeof(signam) - n, "digest/");
42 - if (flags & VRFYSIG_SIGNGPG)
43 + if (flags & PKGVERIFY_GPG)
44 n += n_snprintf(&signam[n], sizeof(signam) - n, "gpg/");
46 - if (flags & VRFYSIG_SIGNPGP)
47 + if (flags & PKGVERIFY_PGP)
48 n += n_snprintf(&signam[n], sizeof(signam) - n, "pgp/");
55 - unsigned qva_flags = RPMVSF_DEFAULT;
56 + unsigned vfyflags = RPMVSF_DEFAULT;
58 - if ((flags & (VRFYSIG_SIGNPGP | VRFYSIG_SIGNGPG)) == 0) {
59 - qva_flags |= RPMVSF_MASK_NOSIGNATURES;
60 + if ((flags & (PKGVERIFY_PGP | PKGVERIFY_GPG)) == 0) {
61 + vfyflags |= RPMVSF_MASK_NOSIGNATURES;
64 // always check digests - without them rpmVerifySignature returns error
65 - //if ((flags & VRFYSIG_DGST) == 0)
66 - // qva_flags |= RPMVSF_MASK_NODIGESTS;
68 - memset(&qva, '\0', sizeof(qva));
69 - qva.qva_flags = qva_flags;
70 + //if ((flags & PKGVERIFY_MD) == 0)
71 + // vfyflags |= RPMVSF_MASK_NODIGESTS;
74 fdt = Fopen(path, "r.ufdio");
76 if (fdt != NULL && Ferror(fdt) == 0) {
78 + rpmtsSetVfyFlags(ts, vfyflags);
79 rc = rpmVerifySignatures(&qva, ts, fdt, n_basenam(path));
82 DBGF("rpmVerifySignatures[md=%d, sign=%d] %s %s\n",
83 - flags & VRFYSIG_DGST ? 1:0, flags & VRFYSIG_SIGN ? 1:0,
84 + flags & PKGVERIFY_MD ? 1:0, flags & (PKGVERIFY_GPG | PKGVERIFY_PGP) ? 1:0,
85 n_basenam(path), rc == 0 ? "OK" : "BAD");
90 int do_pm_rpm_verify_signature(void *pm_rpm, const char *path, unsigned flags)
92 - unsigned rpmflags = 0;
95 if (access(path, R_OK) != 0) {
96 logn(LOGERR, "%s: verify signature failed: %m", path);
100 - if (flags & PKGVERIFY_GPG)
101 - rpmflags |= VRFYSIG_SIGNGPG;
103 - if (flags & PKGVERIFY_PGP)
104 - rpmflags |= VRFYSIG_SIGNPGP;
106 - if (flags & PKGVERIFY_MD)
107 - rpmflags |= VRFYSIG_DGST;
109 - return do_verify_signature(path, rpmflags);
110 + return do_verify_signature(path, flags);
113 extern int pm_rpm_verbose;
114 --- poldek-0.42.2/pm/rpmorg/pm_rpm.h.orig 2020-10-07 23:34:34.276110954 +0200
115 +++ poldek-0.42.2/pm/rpmorg/pm_rpm.h 2020-10-07 23:34:40.173648478 +0200
117 struct poldek_ts *ts);
119 #include <rpm/rpmcli.h>
120 -#define VRFYSIG_DGST VERIFY_DIGEST
121 -#define VRFYSIG_SIGN VERIFY_SIGNATURE
122 -#define VRFYSIG_SIGNGPG VERIFY_SIGNATURE
123 -#define VRFYSIG_SIGNPGP VERIFY_SIGNATURE
125 int pm_rpm_verify_signature(void *pm_rpm, const char *path, unsigned flags);