RPM Package Manager, CVS Repository http://rpm5.org/cvs/ ____________________________________________________________________________
Server: rpm5.org Name: Jeff Johnson Root: /v/rpm/cvs Email: [EMAIL PROTECTED] Module: rpm Date: 16-Aug-2007 20:36:05 Branch: HEAD Handle: 2007081619360400 Modified files: rpm CHANGES rpm/lib rpmchecksig.c signature.c Log: - functional sign/verify on --nolead packages. Summary: Revision Changes Path 1.1576 +1 -0 rpm/CHANGES 1.126 +35 -2 rpm/lib/rpmchecksig.c 2.176 +25 -4 rpm/lib/signature.c ____________________________________________________________________________ patch -p0 <<'@@ .' Index: rpm/CHANGES ============================================================================ $ cvs diff -u -r1.1575 -r1.1576 CHANGES --- rpm/CHANGES 15 Aug 2007 13:23:05 -0000 1.1575 +++ rpm/CHANGES 16 Aug 2007 18:36:04 -0000 1.1576 @@ -1,4 +1,5 @@ 4.5 -> 5.0: + - jbj: functional sign/verify on --nolead packages. - jbj: add rpmkey, a keyctl(1) clone. - jbj: disable RPMv3 RSA/DSA signing. - jbj: mark RPMv3 code for optional compilation. @@ . patch -p0 <<'@@ .' Index: rpm/lib/rpmchecksig.c ============================================================================ $ cvs diff -u -r1.125 -r1.126 rpmchecksig.c --- rpm/lib/rpmchecksig.c 14 Aug 2007 17:35:55 -0000 1.125 +++ rpm/lib/rpmchecksig.c 16 Aug 2007 18:36:04 -0000 1.126 @@ -26,6 +26,10 @@ /[EMAIL PROTECTED]@*/ int _print_pkts = 0; +extern int _nolead; +extern int _nosigh; +extern int _newmagic; + /** */ /[EMAIL PROTECTED]@*/ @@ -211,6 +215,9 @@ /[EMAIL PROTECTED]@*/ memset(l, 0, sizeof(*l)); /[EMAIL PROTECTED]@*/ + l->signature_type = RPMSIGTYPE_HEADERSIG; + +if (!_nolead) { rc = readLead(fd, l); if (rc != RPMRC_OK) { rpmError(RPMERR_READLEAD, _("%s: not an rpm package\n"), rpm); @@ -228,7 +235,9 @@ default: /[EMAIL PROTECTED]@*/ break; } +} +if (!_nosigh) { msg = NULL; rc = rpmReadSignature(fd, &sigh, l->signature_type, &msg); switch (rc) { @@ -246,6 +255,7 @@ /[EMAIL PROTECTED]@*/ break; } msg = _free(msg); +} /* Write the header and archive to a temp file */ /* ASSERT: ofd == NULL && sigtarget == NULL */ @@ -382,6 +392,7 @@ if (manageFile(&ofd, &trpm, O_WRONLY|O_CREAT|O_TRUNC, 0)) goto exit; +if (!_nolead) { l->signature_type = RPMSIGTYPE_HEADERSIG; rc = writeLead(ofd, l); if (rc != RPMRC_OK) { @@ -389,12 +400,15 @@ Fstrerror(ofd)); goto exit; } +} +if (!_nosigh) { if (rpmWriteSignature(ofd, sigh)) { rpmError(RPMERR_SIGGEN, _("%s: rpmWriteSignature failed: %s\n"), trpm, Fstrerror(ofd)); goto exit; } +} /* Append the header and archive from the temp file */ /* ASSERT: fd == NULL && ofd != NULL */ @@ -650,6 +664,18 @@ 0x8e, 0xad, 0xe8, 0x01, 0x00, 0x00, 0x00, 0x00 }; +#ifdef NOTYET +/[EMAIL PROTECTED]@*/ /[EMAIL PROTECTED]@*/ +static unsigned char sigh_magic[8] = { + 0x8e, 0xad, 0xe8, 0x3e, 0x00, 0x00, 0x00, 0x00 +}; +#endif + +/[EMAIL PROTECTED]@*/ /[EMAIL PROTECTED]@*/ +static unsigned char meta_magic[8] = { + 0x8e, 0xad, 0xe8, 0x3f, 0x00, 0x00, 0x00, 0x00 +}; + /** * @todo If the GPG key was known available, the md5 digest could be skipped. */ @@ -674,6 +700,7 @@ dig->nbytes += headerSizeof(h); if (headerIsEntry(h, RPMTAG_HEADERIMMUTABLE)) { + unsigned char * hmagic = (_newmagic ? meta_magic : header_magic); void * uh; int_32 uht, uhc; @@ -685,10 +712,10 @@ goto exit; } dig->hdrsha1ctx = rpmDigestInit(PGPHASHALGO_SHA1, RPMDIGEST_NONE); - (void) rpmDigestUpdate(dig->hdrsha1ctx, header_magic, sizeof(header_magic)); + (void) rpmDigestUpdate(dig->hdrsha1ctx, hmagic, sizeof(header_magic)); (void) rpmDigestUpdate(dig->hdrsha1ctx, uh, uhc); dig->hdrmd5ctx = rpmDigestInit(dig->signature.hash_algo, RPMDIGEST_NONE); - (void) rpmDigestUpdate(dig->hdrmd5ctx, header_magic, sizeof(header_magic)); + (void) rpmDigestUpdate(dig->hdrmd5ctx, hmagic, sizeof(header_magic)); (void) rpmDigestUpdate(dig->hdrmd5ctx, uh, uhc); uh = headerFreeData(uh, uht); } @@ -763,6 +790,9 @@ /[EMAIL PROTECTED]@*/ memset(l, 0, sizeof(*l)); /[EMAIL PROTECTED]@*/ + l->signature_type = RPMSIGTYPE_HEADERSIG; + +if (!_nolead) { rc = readLead(fd, l); if (rc != RPMRC_OK) { rpmError(RPMERR_READLEAD, _("%s: not an rpm package\n"), fn); @@ -778,7 +808,9 @@ default: /[EMAIL PROTECTED]@*/ break; } +} +if (!_nosigh) { msg = NULL; rc = rpmReadSignature(fd, &sigh, l->signature_type, &msg); switch (rc) { @@ -798,6 +830,7 @@ /[EMAIL PROTECTED]@*/ break; } msg = _free(msg); +} /* Grab a hint of what needs doing to avoid duplication. */ sigtag = 0; @@ . patch -p0 <<'@@ .' Index: rpm/lib/signature.c ============================================================================ $ cvs diff -u -r2.175 -r2.176 signature.c --- rpm/lib/signature.c 14 Aug 2007 17:35:55 -0000 2.175 +++ rpm/lib/signature.c 16 Aug 2007 18:36:04 -0000 2.176 @@ -141,10 +141,25 @@ } /[EMAIL PROTECTED]@*/ +extern int _newmagic; + +/[EMAIL PROTECTED]@*/ static unsigned char header_magic[8] = { 0x8e, 0xad, 0xe8, 0x01, 0x00, 0x00, 0x00, 0x00 }; +/[EMAIL PROTECTED]@*/ /[EMAIL PROTECTED]@*/ +static unsigned char sigh_magic[8] = { + 0x8e, 0xad, 0xe8, 0x3e, 0x00, 0x00, 0x00, 0x00 +}; + +#ifdef NOTYET +/[EMAIL PROTECTED]@*/ /[EMAIL PROTECTED]@*/ +static unsigned char meta_magic[8] = { + 0x8e, 0xad, 0xe8, 0x3f, 0x00, 0x00, 0x00, 0x00 +}; +#endif + rpmRC rpmReadSignature(void * _fd, Header * sighp, sigType sig_type, const char ** msg) { @@ -171,8 +186,11 @@ buf[0] = '\0'; - if (sig_type != RPMSIGTYPE_HEADERSIG) + if (sig_type != RPMSIGTYPE_HEADERSIG) { + (void) snprintf(buf, sizeof(buf), + _("sigh type(%d): BAD\n"), sig_type); goto exit; + } memset(block, 0, sizeof(block)); if ((xx = timedRead(fd, (void *)block, sizeof(block))) != sizeof(block)) { @@ -180,10 +198,13 @@ _("sigh size(%d): BAD, read returned %d\n"), (int)sizeof(block), xx); goto exit; } - if (memcmp(block, header_magic, sizeof(header_magic))) { - (void) snprintf(buf, sizeof(buf), + { unsigned char * hmagic = (_newmagic ? sigh_magic : header_magic); + + if (memcmp(block, hmagic, sizeof(header_magic))) { + (void) snprintf(buf, sizeof(buf), _("sigh magic: BAD\n")); - goto exit; + goto exit; + } } il = ntohl(block[2]); if (il < 0 || il > 32) { @@ . ______________________________________________________________________ RPM Package Manager http://rpm5.org CVS Sources Repository rpm-cvs@rpm5.org