RPM Package Manager, CVS Repository
http://rpm5.org/cvs/
____________________________________________________________________________
Server: rpm5.org Name: Jeff Johnson
Root: /v/rpm/cvs Email: [EMAIL PROTECTED]
Module: rpm Date: 16-Aug-2007 20:36:05
Branch: HEAD Handle: 2007081619360400
Modified files:
rpm CHANGES
rpm/lib rpmchecksig.c signature.c
Log:
- functional sign/verify on --nolead packages.
Summary:
Revision Changes Path
1.1576 +1 -0 rpm/CHANGES
1.126 +35 -2 rpm/lib/rpmchecksig.c
2.176 +25 -4 rpm/lib/signature.c
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: rpm/CHANGES
============================================================================
$ cvs diff -u -r1.1575 -r1.1576 CHANGES
--- rpm/CHANGES 15 Aug 2007 13:23:05 -0000 1.1575
+++ rpm/CHANGES 16 Aug 2007 18:36:04 -0000 1.1576
@@ -1,4 +1,5 @@
4.5 -> 5.0:
+ - jbj: functional sign/verify on --nolead packages.
- jbj: add rpmkey, a keyctl(1) clone.
- jbj: disable RPMv3 RSA/DSA signing.
- jbj: mark RPMv3 code for optional compilation.
@@ .
patch -p0 <<'@@ .'
Index: rpm/lib/rpmchecksig.c
============================================================================
$ cvs diff -u -r1.125 -r1.126 rpmchecksig.c
--- rpm/lib/rpmchecksig.c 14 Aug 2007 17:35:55 -0000 1.125
+++ rpm/lib/rpmchecksig.c 16 Aug 2007 18:36:04 -0000 1.126
@@ -26,6 +26,10 @@
/[EMAIL PROTECTED]@*/
int _print_pkts = 0;
+extern int _nolead;
+extern int _nosigh;
+extern int _newmagic;
+
/**
*/
/[EMAIL PROTECTED]@*/
@@ -211,6 +215,9 @@
/[EMAIL PROTECTED]@*/
memset(l, 0, sizeof(*l));
/[EMAIL PROTECTED]@*/
+ l->signature_type = RPMSIGTYPE_HEADERSIG;
+
+if (!_nolead) {
rc = readLead(fd, l);
if (rc != RPMRC_OK) {
rpmError(RPMERR_READLEAD, _("%s: not an rpm package\n"), rpm);
@@ -228,7 +235,9 @@
default:
/[EMAIL PROTECTED]@*/ break;
}
+}
+if (!_nosigh) {
msg = NULL;
rc = rpmReadSignature(fd, &sigh, l->signature_type, &msg);
switch (rc) {
@@ -246,6 +255,7 @@
/[EMAIL PROTECTED]@*/ break;
}
msg = _free(msg);
+}
/* Write the header and archive to a temp file */
/* ASSERT: ofd == NULL && sigtarget == NULL */
@@ -382,6 +392,7 @@
if (manageFile(&ofd, &trpm, O_WRONLY|O_CREAT|O_TRUNC, 0))
goto exit;
+if (!_nolead) {
l->signature_type = RPMSIGTYPE_HEADERSIG;
rc = writeLead(ofd, l);
if (rc != RPMRC_OK) {
@@ -389,12 +400,15 @@
Fstrerror(ofd));
goto exit;
}
+}
+if (!_nosigh) {
if (rpmWriteSignature(ofd, sigh)) {
rpmError(RPMERR_SIGGEN, _("%s: rpmWriteSignature failed: %s\n"),
trpm,
Fstrerror(ofd));
goto exit;
}
+}
/* Append the header and archive from the temp file */
/* ASSERT: fd == NULL && ofd != NULL */
@@ -650,6 +664,18 @@
0x8e, 0xad, 0xe8, 0x01, 0x00, 0x00, 0x00, 0x00
};
+#ifdef NOTYET
+/[EMAIL PROTECTED]@*/ /[EMAIL PROTECTED]@*/
+static unsigned char sigh_magic[8] = {
+ 0x8e, 0xad, 0xe8, 0x3e, 0x00, 0x00, 0x00, 0x00
+};
+#endif
+
+/[EMAIL PROTECTED]@*/ /[EMAIL PROTECTED]@*/
+static unsigned char meta_magic[8] = {
+ 0x8e, 0xad, 0xe8, 0x3f, 0x00, 0x00, 0x00, 0x00
+};
+
/**
* @todo If the GPG key was known available, the md5 digest could be skipped.
*/
@@ -674,6 +700,7 @@
dig->nbytes += headerSizeof(h);
if (headerIsEntry(h, RPMTAG_HEADERIMMUTABLE)) {
+ unsigned char * hmagic = (_newmagic ? meta_magic : header_magic);
void * uh;
int_32 uht, uhc;
@@ -685,10 +712,10 @@
goto exit;
}
dig->hdrsha1ctx = rpmDigestInit(PGPHASHALGO_SHA1, RPMDIGEST_NONE);
- (void) rpmDigestUpdate(dig->hdrsha1ctx, header_magic,
sizeof(header_magic));
+ (void) rpmDigestUpdate(dig->hdrsha1ctx, hmagic,
sizeof(header_magic));
(void) rpmDigestUpdate(dig->hdrsha1ctx, uh, uhc);
dig->hdrmd5ctx = rpmDigestInit(dig->signature.hash_algo,
RPMDIGEST_NONE);
- (void) rpmDigestUpdate(dig->hdrmd5ctx, header_magic,
sizeof(header_magic));
+ (void) rpmDigestUpdate(dig->hdrmd5ctx, hmagic,
sizeof(header_magic));
(void) rpmDigestUpdate(dig->hdrmd5ctx, uh, uhc);
uh = headerFreeData(uh, uht);
}
@@ -763,6 +790,9 @@
/[EMAIL PROTECTED]@*/
memset(l, 0, sizeof(*l));
/[EMAIL PROTECTED]@*/
+ l->signature_type = RPMSIGTYPE_HEADERSIG;
+
+if (!_nolead) {
rc = readLead(fd, l);
if (rc != RPMRC_OK) {
rpmError(RPMERR_READLEAD, _("%s: not an rpm package\n"), fn);
@@ -778,7 +808,9 @@
default:
/[EMAIL PROTECTED]@*/ break;
}
+}
+if (!_nosigh) {
msg = NULL;
rc = rpmReadSignature(fd, &sigh, l->signature_type, &msg);
switch (rc) {
@@ -798,6 +830,7 @@
/[EMAIL PROTECTED]@*/ break;
}
msg = _free(msg);
+}
/* Grab a hint of what needs doing to avoid duplication. */
sigtag = 0;
@@ .
patch -p0 <<'@@ .'
Index: rpm/lib/signature.c
============================================================================
$ cvs diff -u -r2.175 -r2.176 signature.c
--- rpm/lib/signature.c 14 Aug 2007 17:35:55 -0000 2.175
+++ rpm/lib/signature.c 16 Aug 2007 18:36:04 -0000 2.176
@@ -141,10 +141,25 @@
}
/[EMAIL PROTECTED]@*/
+extern int _newmagic;
+
+/[EMAIL PROTECTED]@*/
static unsigned char header_magic[8] = {
0x8e, 0xad, 0xe8, 0x01, 0x00, 0x00, 0x00, 0x00
};
+/[EMAIL PROTECTED]@*/ /[EMAIL PROTECTED]@*/
+static unsigned char sigh_magic[8] = {
+ 0x8e, 0xad, 0xe8, 0x3e, 0x00, 0x00, 0x00, 0x00
+};
+
+#ifdef NOTYET
+/[EMAIL PROTECTED]@*/ /[EMAIL PROTECTED]@*/
+static unsigned char meta_magic[8] = {
+ 0x8e, 0xad, 0xe8, 0x3f, 0x00, 0x00, 0x00, 0x00
+};
+#endif
+
rpmRC rpmReadSignature(void * _fd, Header * sighp, sigType sig_type,
const char ** msg)
{
@@ -171,8 +186,11 @@
buf[0] = '\0';
- if (sig_type != RPMSIGTYPE_HEADERSIG)
+ if (sig_type != RPMSIGTYPE_HEADERSIG) {
+ (void) snprintf(buf, sizeof(buf),
+ _("sigh type(%d): BAD\n"), sig_type);
goto exit;
+ }
memset(block, 0, sizeof(block));
if ((xx = timedRead(fd, (void *)block, sizeof(block))) != sizeof(block))
{
@@ -180,10 +198,13 @@
_("sigh size(%d): BAD, read returned %d\n"),
(int)sizeof(block), xx);
goto exit;
}
- if (memcmp(block, header_magic, sizeof(header_magic))) {
- (void) snprintf(buf, sizeof(buf),
+ { unsigned char * hmagic = (_newmagic ? sigh_magic : header_magic);
+
+ if (memcmp(block, hmagic, sizeof(header_magic))) {
+ (void) snprintf(buf, sizeof(buf),
_("sigh magic: BAD\n"));
- goto exit;
+ goto exit;
+ }
}
il = ntohl(block[2]);
if (il < 0 || il > 32) {
@@ .
______________________________________________________________________
RPM Package Manager http://rpm5.org
CVS Sources Repository rpm-cvs@rpm5.org
