RPM Package Manager, CVS Repository
http://rpm5.org/cvs/
____________________________________________________________________________
Server: rpm5.org Name: Jeff Johnson
Root: /v/rpm/cvs Email: [EMAIL PROTECTED]
Module: rpm Date: 29-Sep-2007 18:23:40
Branch: HEAD Handle: 2007092917233901
Modified files:
rpm CHANGES
rpm/lib librpm.vers package.c rpmlib.h rpmrollback.c
rpmts.c rpmts.h
rpm/rpmdb hdrNVR.c header.h librpmdb.vers pkgio.c
Log:
- jbj: add _RPMTS_PRINT to keep rpmrollback.c happy.
- jbj: rearrange package.c internals to new locations.
Summary:
Revision Changes Path
1.1646 +2 -0 rpm/CHANGES
1.19 +0 -6 rpm/lib/librpm.vers
2.162 +0 -501 rpm/lib/package.c
2.436 +0 -19 rpm/lib/rpmlib.h
1.13 +1 -0 rpm/lib/rpmrollback.c
2.100 +4 -0 rpm/lib/rpmts.c
2.76 +2 -2 rpm/lib/rpmts.h
1.10 +156 -0 rpm/rpmdb/hdrNVR.c
1.24 +19 -0 rpm/rpmdb/header.h
1.17 +7 -0 rpm/rpmdb/librpmdb.vers
1.6 +407 -2 rpm/rpmdb/pkgio.c
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: rpm/CHANGES
============================================================================
$ cvs diff -u -r1.1645 -r1.1646 CHANGES
--- rpm/CHANGES 29 Sep 2007 01:20:51 -0000 1.1645
+++ rpm/CHANGES 29 Sep 2007 16:23:39 -0000 1.1646
@@ -1,4 +1,6 @@
4.5 -> 5.0:
+ - jbj: add _RPMTS_PRINT to keep rpmrollback.c happy.
+ - jbj: rearrange package.c internals to new locations.
- jbj: start eliminating rpmtsSetSig by inlining.
- jbj: eliminate rpmtsSigFoo() getters.
- jbj: finish refactoring vsflags out of rpmts.
@@ .
patch -p0 <<'@@ .'
Index: rpm/lib/librpm.vers
============================================================================
$ cvs diff -u -r1.18 -r1.19 librpm.vers
--- rpm/lib/librpm.vers 29 Sep 2007 00:07:43 -0000 1.18
+++ rpm/lib/librpm.vers 29 Sep 2007 16:23:39 -0000 1.19
@@ -33,9 +33,6 @@
getStringBuf;
giFlags;
global_depFlags;
- headerCheck;
- headerMergeLegacySigs;
- headerRegenSigHeader;
IDTXfree;
IDTXglob;
IDTXgrow;
@@ -333,7 +330,6 @@
rpmtsCheckDSIProblems;
rpmtsChrootDone;
rpmtsClean;
- rpmtsCleanDig;
rpmtsCloseDB;
rpmtsCloseSDB;
rpmtsColor;
@@ -342,7 +338,6 @@
_rpmts_debug;
rpmtsDbmode;
rpmtsDFlags;
- rpmtsDig;
rpmtsDoARBGoal;
rpmtsElement;
rpmtsEmpty;
@@ -368,7 +363,6 @@
rpmtsOrder;
rpmtsPRCO;
rpmtsProblems;
- rpmtsPubkey;
rpmtsRebuildDB;
rpmtsREContext;
rpmtsRelocateElement;
@@ .
patch -p0 <<'@@ .'
Index: rpm/lib/package.c
============================================================================
$ cvs diff -u -r2.161 -r2.162 package.c
--- rpm/lib/package.c 29 Sep 2007 01:20:51 -0000 2.161
+++ rpm/lib/package.c 29 Sep 2007 16:23:39 -0000 2.162
@@ -42,159 +42,6 @@
extern int _nolead;
extern int _nosigh;
-void headerMergeLegacySigs(Header h, const Header sigh)
-{
- HFD_t hfd = (HFD_t) headerFreeData;
- HeaderIterator hi;
- int_32 tag, type, count;
- const void * ptr;
- int xx;
-
- if (h == NULL || sigh == NULL)
- return;
-
- for (hi = headerInitIterator(sigh);
- headerNextIterator(hi, &tag, &type, &ptr, &count);
- ptr = hfd(ptr, type))
- {
- switch (tag) {
- /* XXX Translate legacy signature tag values. */
- case RPMSIGTAG_SIZE:
- tag = RPMTAG_SIGSIZE;
- /[EMAIL PROTECTED]@*/ break;
-#if defined(SUPPORT_RPMV3_BROKEN)
- case RPMSIGTAG_LEMD5_1:
- tag = RPMTAG_SIGLEMD5_1;
- /[EMAIL PROTECTED]@*/ break;
- case RPMSIGTAG_LEMD5_2:
- tag = RPMTAG_SIGLEMD5_2;
- /[EMAIL PROTECTED]@*/ break;
-#endif
-#if defined(SUPPORT_RPMV3_VERIFY_RSA)
- case RPMSIGTAG_PGP:
- tag = RPMTAG_SIGPGP;
- /[EMAIL PROTECTED]@*/ break;
- case RPMSIGTAG_PGP5:
- tag = RPMTAG_SIGPGP5;
- /[EMAIL PROTECTED]@*/ break;
-#endif
- case RPMSIGTAG_MD5:
- tag = RPMTAG_SIGMD5;
- /[EMAIL PROTECTED]@*/ break;
-#if defined(SUPPORT_RPMV3_VERIFY_DSA)
- case RPMSIGTAG_GPG:
- tag = RPMTAG_SIGGPG;
- /[EMAIL PROTECTED]@*/ break;
-#endif
- case RPMSIGTAG_PAYLOADSIZE:
- tag = RPMTAG_ARCHIVESIZE;
- /[EMAIL PROTECTED]@*/ break;
- case RPMSIGTAG_SHA1:
- case RPMSIGTAG_DSA:
- case RPMSIGTAG_RSA:
- default:
- if (!(tag >= HEADER_SIGBASE && tag < HEADER_TAGBASE))
- continue;
- /[EMAIL PROTECTED]@*/ break;
- }
- if (ptr == NULL) continue; /* XXX can't happen */
- if (!headerIsEntry(h, tag)) {
- if (hdrchkType(type))
- continue;
- if (count < 0 || hdrchkData(count))
- continue;
- switch(type) {
- case RPM_NULL_TYPE:
- continue;
- /[EMAIL PROTECTED]@*/ /[EMAIL PROTECTED]@*/ break;
- case RPM_CHAR_TYPE:
- case RPM_INT8_TYPE:
- case RPM_INT16_TYPE:
- case RPM_INT32_TYPE:
- if (count != 1)
- continue;
- /[EMAIL PROTECTED]@*/ break;
- case RPM_STRING_TYPE:
- case RPM_BIN_TYPE:
- if (count >= 16*1024)
- continue;
- /[EMAIL PROTECTED]@*/ break;
- case RPM_STRING_ARRAY_TYPE:
- case RPM_I18NSTRING_TYPE:
- continue;
- /[EMAIL PROTECTED]@*/ /[EMAIL PROTECTED]@*/ break;
- }
- xx = headerAddEntry(h, tag, type, ptr, count);
- }
- }
- hi = headerFreeIterator(hi);
-}
-
-Header headerRegenSigHeader(const Header h, int noArchiveSize)
-{
- HFD_t hfd = (HFD_t) headerFreeData;
- Header sigh = headerNew();
- HeaderIterator hi;
- int_32 tag, stag, type, count;
- const void * ptr;
- int xx;
-
- for (hi = headerInitIterator(h);
- headerNextIterator(hi, &tag, &type, &ptr, &count);
- ptr = hfd(ptr, type))
- {
- switch (tag) {
- /* XXX Translate legacy signature tag values. */
- case RPMTAG_SIGSIZE:
- stag = RPMSIGTAG_SIZE;
- /[EMAIL PROTECTED]@*/ break;
-#if defined(SUPPORT_RPMV3_BROKEN)
- case RPMTAG_SIGLEMD5_1:
- stag = RPMSIGTAG_LEMD5_1;
- /[EMAIL PROTECTED]@*/ break;
- case RPMTAG_SIGLEMD5_2:
- stag = RPMSIGTAG_LEMD5_2;
- /[EMAIL PROTECTED]@*/ break;
-#endif
-#if defined(SUPPORT_RPMV3_VERIFY_RSA)
- case RPMTAG_SIGPGP:
- stag = RPMSIGTAG_PGP;
- /[EMAIL PROTECTED]@*/ break;
- case RPMTAG_SIGPGP5:
- stag = RPMSIGTAG_PGP5;
- /[EMAIL PROTECTED]@*/ break;
-#endif
- case RPMTAG_SIGMD5:
- stag = RPMSIGTAG_MD5;
- /[EMAIL PROTECTED]@*/ break;
-#if defined(SUPPORT_RPMV3_VERIFY_DSA)
- case RPMTAG_SIGGPG:
- stag = RPMSIGTAG_GPG;
- /[EMAIL PROTECTED]@*/ break;
-#endif
- case RPMTAG_ARCHIVESIZE:
- /* XXX rpm-4.1 and later has archive size in signature header. */
- if (noArchiveSize)
- continue;
- stag = RPMSIGTAG_PAYLOADSIZE;
- /[EMAIL PROTECTED]@*/ break;
- case RPMTAG_SHA1HEADER:
- case RPMTAG_DSAHEADER:
- case RPMTAG_RSAHEADER:
- default:
- if (!(tag >= HEADER_SIGBASE && tag < HEADER_TAGBASE))
- continue;
- stag = tag;
- /[EMAIL PROTECTED]@*/ break;
- }
- if (ptr == NULL) continue; /* XXX can't happen */
- if (!headerIsEntry(sigh, stag))
- xx = headerAddEntry(sigh, stag, type, ptr, count);
- }
- hi = headerFreeIterator(hi);
- return sigh;
-}
-
/**
* Remember current key id.
* @param dig container
@@ -238,354 +85,6 @@
return 0;
}
-/**
- * Check header consistency, performing headerGetEntry() the hard way.
- *
- * Sanity checks on the header are performed while looking for a
- * header-only digest or signature to verify the blob. If found,
- * the digest or signature is verified.
- *
- * @param ts transaction set
- * @param uh unloaded header blob
- * @param uc no. of bytes in blob (or 0 to disable)
- * @retval *msg signature verification msg
- * @return RPMRC_OK/RPMRC_NOTFOUND/RPMRC_FAIL
- */
-rpmRC headerCheck(rpmts ts, const void * uh, size_t uc, const char ** msg)
-{
- pgpDig dig = rpmtsDig(ts);
- char buf[8*BUFSIZ];
- int_32 * ei = (int_32 *) uh;
-/[EMAIL PROTECTED]@*/
- int_32 il = ntohl(ei[0]);
- int_32 dl = ntohl(ei[1]);
-/[EMAIL PROTECTED]@*/
- entryInfo pe = (entryInfo) &ei[2];
-/[EMAIL PROTECTED]@*/
-/[EMAIL PROTECTED]@*/
- int_32 ildl[2];
- int_32 pvlen = sizeof(ildl) + (il * sizeof(*pe)) + dl;
- unsigned char * dataStart = (unsigned char *) (pe + il);
- indexEntry entry = memset(alloca(sizeof(*entry)), 0, sizeof(*entry));
- entryInfo info = memset(alloca(sizeof(*info)), 0, sizeof(*info));
- const void * sig = NULL;
- unsigned char * b;
- rpmVSFlags vsflags = pgpGetVSFlags(dig);
- rpmop op;
- int siglen = 0;
- int blen;
- size_t nb;
- int_32 ril = 0;
- unsigned char * regionEnd = NULL;
- rpmRC rc = RPMRC_FAIL; /* assume failure */
- int xx;
- int i;
- static int hclvl;
-
- hclvl++;
-/[EMAIL PROTECTED]@*/
- buf[0] = '\0';
-/[EMAIL PROTECTED]@*/
-
- /* Is the blob the right size? */
- if (uc > 0 && pvlen != uc) {
- (void) snprintf(buf, sizeof(buf),
- _("blob size(%d): BAD, 8 + 16 * il(%d) + dl(%d)\n"),
- (int)uc, (int)il, (int)dl);
- goto exit;
- }
-
- /* Check (and convert) the 1st tag element. */
- xx = headerVerifyInfo(1, dl, pe, &entry->info, 0);
- if (xx != -1) {
- (void) snprintf(buf, sizeof(buf),
- _("tag[%d]: BAD, tag %d type %d offset %d count %d\n"),
- 0, entry->info.tag, entry->info.type,
- entry->info.offset, entry->info.count);
- goto exit;
- }
-
- /* Is there an immutable header region tag? */
-/[EMAIL PROTECTED]@*/
- if (!(entry->info.tag == RPMTAG_HEADERIMMUTABLE
- && entry->info.type == RPM_BIN_TYPE
- && entry->info.count == REGION_TAG_COUNT))
- {
- rc = RPMRC_NOTFOUND;
- goto exit;
- }
-/[EMAIL PROTECTED]@*/
-
- /* Is the offset within the data area? */
- if (entry->info.offset >= dl) {
- (void) snprintf(buf, sizeof(buf),
- _("region offset: BAD, tag %d type %d offset %d count %d\n"),
- entry->info.tag, entry->info.type,
- entry->info.offset, entry->info.count);
- goto exit;
- }
-
- /* Is there an immutable header region tag trailer? */
- regionEnd = dataStart + entry->info.offset;
-/[EMAIL PROTECTED]@*/
-/[EMAIL PROTECTED]@*/
- (void) memcpy(info, regionEnd, REGION_TAG_COUNT);
-/[EMAIL PROTECTED]@*/
- regionEnd += REGION_TAG_COUNT;
-
- xx = headerVerifyInfo(1, dl, info, &entry->info, 1);
- if (xx != -1 ||
- !(entry->info.tag == RPMTAG_HEADERIMMUTABLE
- && entry->info.type == RPM_BIN_TYPE
- && entry->info.count == REGION_TAG_COUNT))
- {
- (void) snprintf(buf, sizeof(buf),
- _("region trailer: BAD, tag %d type %d offset %d count %d\n"),
- entry->info.tag, entry->info.type,
- entry->info.offset, entry->info.count);
- goto exit;
- }
-/[EMAIL PROTECTED]@*/
-/[EMAIL PROTECTED]@*/
- memset(info, 0, sizeof(*info));
-/[EMAIL PROTECTED]@*/
-
- /* Is the no. of tags in the region less than the total no. of tags? */
- ril = entry->info.offset/sizeof(*pe);
- if ((entry->info.offset % sizeof(*pe)) || ril > il) {
- (void) snprintf(buf, sizeof(buf),
- _("region size: BAD, ril(%d) > il(%d)\n"), ril, il);
- goto exit;
- }
-
- /* Find a header-only digest/signature tag. */
- for (i = ril; i < il; i++) {
- xx = headerVerifyInfo(1, dl, pe+i, &entry->info, 0);
- if (xx != -1) {
- (void) snprintf(buf, sizeof(buf),
- _("tag[%d]: BAD, tag %d type %d offset %d count %d\n"),
- i, entry->info.tag, entry->info.type,
- entry->info.offset, entry->info.count);
- goto exit;
- }
-
- switch (entry->info.tag) {
- case RPMTAG_SHA1HEADER:
- if (vsflags & RPMVSF_NOSHA1HEADER)
- /[EMAIL PROTECTED]@*/ break;
- blen = 0;
-/[EMAIL PROTECTED]@*/
- for (b = dataStart + entry->info.offset; *b != '\0'; b++) {
- if (strchr("0123456789abcdefABCDEF", *b) == NULL)
- /[EMAIL PROTECTED]@*/ break;
- blen++;
- }
- if (entry->info.type != RPM_STRING_TYPE || *b != '\0' || blen != 40)
- {
- (void) snprintf(buf, sizeof(buf), _("hdr SHA1: BAD, not
hex\n"));
- goto exit;
- }
-/[EMAIL PROTECTED]@*/
- if (info->tag == 0) {
-/[EMAIL PROTECTED]@*/
- *info = entry->info; /* structure assignment */
-/[EMAIL PROTECTED]@*/
- siglen = blen + 1;
- }
- /[EMAIL PROTECTED]@*/ break;
- case RPMTAG_RSAHEADER:
- if (vsflags & RPMVSF_NORSAHEADER)
- /[EMAIL PROTECTED]@*/ break;
- if (entry->info.type != RPM_BIN_TYPE) {
- (void) snprintf(buf, sizeof(buf), _("hdr RSA: BAD, not
binary\n"));
- goto exit;
- }
-/[EMAIL PROTECTED]@*/
- *info = entry->info; /* structure assignment */
-/[EMAIL PROTECTED]@*/
- siglen = info->count;
- /[EMAIL PROTECTED]@*/ break;
- case RPMTAG_DSAHEADER:
- if (vsflags & RPMVSF_NODSAHEADER)
- /[EMAIL PROTECTED]@*/ break;
- if (entry->info.type != RPM_BIN_TYPE) {
- (void) snprintf(buf, sizeof(buf), _("hdr DSA: BAD, not
binary\n"));
- goto exit;
- }
-/[EMAIL PROTECTED]@*/
- *info = entry->info; /* structure assignment */
-/[EMAIL PROTECTED]@*/
- siglen = info->count;
- /[EMAIL PROTECTED]@*/ break;
- default:
- /[EMAIL PROTECTED]@*/ break;
- }
- }
- rc = RPMRC_NOTFOUND;
-
-exit:
- /* Return determined RPMRC_OK/RPMRC_FAIL conditions. */
- if (rc != RPMRC_NOTFOUND) {
-/[EMAIL PROTECTED]@*/
- buf[sizeof(buf)-1] = '\0';
- if (msg) *msg = xstrdup(buf);
-/[EMAIL PROTECTED]@*/
- hclvl--;
- return rc;
- }
-
- /* If no header-only digest/signature, then do simple sanity check. */
- if (info->tag == 0) {
- xx = headerVerifyInfo(ril-1, dl, pe+1, &entry->info, 0);
- if (xx != -1) {
- (void) snprintf(buf, sizeof(buf),
- _("tag[%d]: BAD, tag %d type %d offset %d count %d\n"),
- xx+1, entry->info.tag, entry->info.type,
- entry->info.offset, entry->info.count);
- rc = RPMRC_FAIL;
- } else {
- (void) snprintf(buf, sizeof(buf), "Header sanity check: OK\n");
- rc = RPMRC_OK;
- }
-/[EMAIL PROTECTED]@*/
- buf[sizeof(buf)-1] = '\0';
- if (msg) *msg = xstrdup(buf);
-/[EMAIL PROTECTED]@*/
- hclvl--;
- return rc;
- }
-
- /* Verify header-only digest/signature. */
-assert(dig);
- dig->nbytes = 0;
-
-/[EMAIL PROTECTED]@*/
- sig = memcpy(xmalloc(siglen), dataStart + info->offset, siglen);
-/[EMAIL PROTECTED]@*/
- {
- const void * osig = pgpGetSig(dig);
- int_32 osigtype = pgpGetSigtype(dig);
- if (osig && osigtype)
- osig = headerFreeData(osig, osigtype);
- (void) pgpSetSig(dig, info->tag, info->type, sig, info->count);
- }
-
- switch (info->tag) {
- case RPMTAG_RSAHEADER:
- /* Parse the parameters from the OpenPGP packets that will be needed. */
- xx = pgpPrtPkts(sig, info->count, dig, (_print_pkts & rpmIsDebug()));
- if (dig->signature.version != 3 && dig->signature.version != 4) {
- rpmMessage(RPMMESS_ERROR,
- _("skipping header with unverifiable V%u signature\n"),
- dig->signature.version);
- rpmtsCleanDig(ts);
- rc = RPMRC_FAIL;
- goto exit;
- }
-
- ildl[0] = htonl(ril);
- ildl[1] = (regionEnd - dataStart);
- ildl[1] = htonl(ildl[1]);
-
- op = pgpStatsAccumulator(dig, 10); /* RPMTS_OP_DIGEST */
- (void) rpmswEnter(op, 0);
- dig->hdrmd5ctx = rpmDigestInit(dig->signature.hash_algo,
RPMDIGEST_NONE);
-
- b = NULL; nb = 0;
- (void) headerGetMagic(NULL, &b, &nb);
- if (b && nb > 0) {
- (void) rpmDigestUpdate(dig->hdrmd5ctx, b, nb);
- dig->nbytes += nb;
- }
-
- b = (unsigned char *) ildl;
- nb = sizeof(ildl);
- (void) rpmDigestUpdate(dig->hdrmd5ctx, b, nb);
- dig->nbytes += nb;
-
- b = (unsigned char *) pe;
- nb = (htonl(ildl[0]) * sizeof(*pe));
- (void) rpmDigestUpdate(dig->hdrmd5ctx, b, nb);
- dig->nbytes += nb;
-
- b = (unsigned char *) dataStart;
- nb = htonl(ildl[1]);
- (void) rpmDigestUpdate(dig->hdrmd5ctx, b, nb);
- dig->nbytes += nb;
- (void) rpmswExit(op, dig->nbytes);
-
- break;
- case RPMTAG_DSAHEADER:
- /* Parse the parameters from the OpenPGP packets that will be needed. */
- xx = pgpPrtPkts(sig, info->count, dig, (_print_pkts & rpmIsDebug()));
- if (dig->signature.version != 3 && dig->signature.version != 4) {
- rpmMessage(RPMMESS_ERROR,
- _("skipping header with unverifiable V%u signature\n"),
- dig->signature.version);
- rpmtsCleanDig(ts);
- rc = RPMRC_FAIL;
- goto exit;
- }
- /[EMAIL PROTECTED]@*/
- case RPMTAG_SHA1HEADER:
-/[EMAIL PROTECTED]@*/
- ildl[0] = htonl(ril);
- ildl[1] = (regionEnd - dataStart);
- ildl[1] = htonl(ildl[1]);
-/[EMAIL PROTECTED]@*/
-
- op = pgpStatsAccumulator(dig, 10); /* RPMTS_OP_DIGEST */
- (void) rpmswEnter(op, 0);
- dig->hdrsha1ctx = rpmDigestInit(PGPHASHALGO_SHA1, RPMDIGEST_NONE);
-
- b = NULL; nb = 0;
- (void) headerGetMagic(NULL, &b, &nb);
- if (b && nb > 0) {
- (void) rpmDigestUpdate(dig->hdrsha1ctx, b, nb);
- dig->nbytes += nb;
- }
-
- b = (unsigned char *) ildl;
- nb = sizeof(ildl);
- (void) rpmDigestUpdate(dig->hdrsha1ctx, b, nb);
- dig->nbytes += nb;
-
- b = (unsigned char *) pe;
- nb = (htonl(ildl[0]) * sizeof(*pe));
- (void) rpmDigestUpdate(dig->hdrsha1ctx, b, nb);
- dig->nbytes += nb;
-
- b = (unsigned char *) dataStart;
- nb = htonl(ildl[1]);
- (void) rpmDigestUpdate(dig->hdrsha1ctx, b, nb);
- dig->nbytes += nb;
- (void) rpmswExit(op, dig->nbytes);
-
- break;
- default:
- sig = _free(sig);
- break;
- }
-
-/[EMAIL PROTECTED]@*/
- buf[0] = '\0';
-/[EMAIL PROTECTED]@*/
- rc = rpmVerifySignature(dig, buf);
-
-/[EMAIL PROTECTED]@*/
- buf[sizeof(buf)-1] = '\0';
- if (msg) *msg = xstrdup(buf);
-/[EMAIL PROTECTED]@*/
-
- /* XXX headerCheck can recurse, free info only at top level. */
- if (hclvl == 1)
- rpmtsCleanDig(ts);
- if (info->tag == RPMTAG_SHA1HEADER)
- sig = _free(sig);
- hclvl--;
- return rc;
-}
-
rpmRC rpmReadHeader(rpmts ts, void * _fd, Header *hdrp, const char ** msg)
{
pgpDig dig = rpmtsDig(ts);
@@ .
patch -p0 <<'@@ .'
Index: rpm/lib/rpmlib.h
============================================================================
$ cvs diff -u -r2.435 -r2.436 rpmlib.h
--- rpm/lib/rpmlib.h 28 Sep 2007 22:26:49 -0000 2.435
+++ rpm/lib/rpmlib.h 29 Sep 2007 16:23:39 -0000 2.436
@@ -112,25 +112,6 @@
*/
typedef /[EMAIL PROTECTED]@*/ /[EMAIL PROTECTED]@*/ struct rpmgi_s * rpmgi;
-/** \ingroup header
- * Translate and merge legacy signature tags into header.
- * @todo Remove headerSort() through headerInitIterator() modifies sig.
- * @param h header
- * @param sigh signature header
- */
-void headerMergeLegacySigs(Header h, const Header sigh)
- /[EMAIL PROTECTED] h, sigh @*/;
-
-/** \ingroup header
- * Regenerate signature header.
- * @todo Remove headerSort() through headerInitIterator() modifies h.
- * @param h header
- * @param noArchiveSize don't copy archive size tag (pre rpm-4.1)
- * @return regenerated signature header
- */
-Header headerRegenSigHeader(const Header h, int noArchiveSize)
- /[EMAIL PROTECTED] h @*/;
-
/**
* Automatically generated table of tag name/value pairs.
*/
@@ .
patch -p0 <<'@@ .'
Index: rpm/lib/rpmrollback.c
============================================================================
$ cvs diff -u -r1.12 -r1.13 rpmrollback.c
--- rpm/lib/rpmrollback.c 5 Sep 2007 23:08:01 -0000 1.12
+++ rpm/lib/rpmrollback.c 29 Sep 2007 16:23:39 -0000 1.13
@@ -13,6 +13,7 @@
#define _RPMTE_INTERNAL /* XXX findErases needs rpmte
internals. */
#include "rpmte.h" /* XXX: rpmteChain */
#define _RPMTS_INTERNAL /* XXX ts->teErase, ts->probs */
+#define _RPMTS_PRINT
#include "rpmts.h"
#include "manifest.h"
@@ .
patch -p0 <<'@@ .'
Index: rpm/lib/rpmts.c
============================================================================
$ cvs diff -u -r2.99 -r2.100 rpmts.c
--- rpm/lib/rpmts.c 29 Sep 2007 00:07:43 -0000 2.99
+++ rpm/lib/rpmts.c 29 Sep 2007 16:23:39 -0000 2.100
@@ -715,6 +715,7 @@
return ps;
}
+#ifdef DYING
void rpmtsCleanDig(rpmts ts)
{
if (ts && ts->dig) {
@@ -727,6 +728,7 @@
ts->dig = pgpFreeDig(ts->dig);
}
}
+#endif
void rpmtsClean(rpmts ts)
{
@@ -1101,6 +1103,7 @@
return otid;
}
+#ifdef DYING
int rpmtsSetSig(rpmts ts,
int_32 sigtag, int_32 sigtype, const void * sig, int_32 siglen)
{
@@ -1130,6 +1133,7 @@
{
return pgpGetPubkey(rpmtsDig(ts));
}
+#endif
rpmdb rpmtsGetRdb(rpmts ts)
{
@@ .
patch -p0 <<'@@ .'
Index: rpm/lib/rpmts.h
============================================================================
$ cvs diff -u -r2.75 -r2.76 rpmts.h
--- rpm/lib/rpmts.h 29 Sep 2007 00:07:43 -0000 2.75
+++ rpm/lib/rpmts.h 29 Sep 2007 16:23:39 -0000 2.76
@@ -1010,7 +1010,7 @@
/[EMAIL PROTECTED] ts, h, rpmGlobalMacroContext, fileSystem,
internalState @*/;
#if !defined(SWIG)
-#if defined(_RPMTS_INTERNAL)
+#if defined(_RPMTS_PRINT)
/**
* Print current transaction set contents.
* @param ts transaction set
@@ -1038,7 +1038,7 @@
tsi = rpmtsiFree(tsi);
return 0;
}
-#endif /* defined(_RPMTS_INTERNAL) */
+#endif /* defined(_RPMTS_PRINT) */
#endif /* !defined(SWIG) */
#ifdef __cplusplus
@@ .
patch -p0 <<'@@ .'
Index: rpm/rpmdb/hdrNVR.c
============================================================================
$ cvs diff -u -r1.9 -r1.10 hdrNVR.c
--- rpm/rpmdb/hdrNVR.c 19 Aug 2007 17:43:04 -0000 1.9
+++ rpm/rpmdb/hdrNVR.c 29 Sep 2007 16:23:40 -0000 1.10
@@ -6,6 +6,9 @@
#include <rpmlib.h>
#include <rpmio.h>
#include <rpmmacro.h>
+
+#include "header_internal.h" /* XXX hdrchkType(), hdrchkData() */
+
#include "debug.h"
/**
@@ -195,3 +198,156 @@
return hcolor;
}
+
+void headerMergeLegacySigs(Header h, const Header sigh)
+{
+ HFD_t hfd = (HFD_t) headerFreeData;
+ HeaderIterator hi;
+ int_32 tag, type, count;
+ const void * ptr;
+ int xx;
+
+ if (h == NULL || sigh == NULL)
+ return;
+
+ for (hi = headerInitIterator(sigh);
+ headerNextIterator(hi, &tag, &type, &ptr, &count);
+ ptr = hfd(ptr, type))
+ {
+ switch (tag) {
+ /* XXX Translate legacy signature tag values. */
+ case RPMSIGTAG_SIZE:
+ tag = RPMTAG_SIGSIZE;
+ /[EMAIL PROTECTED]@*/ break;
+#if defined(SUPPORT_RPMV3_BROKEN)
+ case RPMSIGTAG_LEMD5_1:
+ tag = RPMTAG_SIGLEMD5_1;
+ /[EMAIL PROTECTED]@*/ break;
+ case RPMSIGTAG_LEMD5_2:
+ tag = RPMTAG_SIGLEMD5_2;
+ /[EMAIL PROTECTED]@*/ break;
+#endif
+#if defined(SUPPORT_RPMV3_VERIFY_RSA)
+ case RPMSIGTAG_PGP:
+ tag = RPMTAG_SIGPGP;
+ /[EMAIL PROTECTED]@*/ break;
+ case RPMSIGTAG_PGP5:
+ tag = RPMTAG_SIGPGP5;
+ /[EMAIL PROTECTED]@*/ break;
+#endif
+ case RPMSIGTAG_MD5:
+ tag = RPMTAG_SIGMD5;
+ /[EMAIL PROTECTED]@*/ break;
+#if defined(SUPPORT_RPMV3_VERIFY_DSA)
+ case RPMSIGTAG_GPG:
+ tag = RPMTAG_SIGGPG;
+ /[EMAIL PROTECTED]@*/ break;
+#endif
+ case RPMSIGTAG_PAYLOADSIZE:
+ tag = RPMTAG_ARCHIVESIZE;
+ /[EMAIL PROTECTED]@*/ break;
+ case RPMSIGTAG_SHA1:
+ case RPMSIGTAG_DSA:
+ case RPMSIGTAG_RSA:
+ default:
+ if (!(tag >= HEADER_SIGBASE && tag < HEADER_TAGBASE))
+ continue;
+ /[EMAIL PROTECTED]@*/ break;
+ }
+ if (ptr == NULL) continue; /* XXX can't happen */
+ if (!headerIsEntry(h, tag)) {
+ if (hdrchkType(type))
+ continue;
+ if (count < 0 || hdrchkData(count))
+ continue;
+ switch(type) {
+ case RPM_NULL_TYPE:
+ continue;
+ /[EMAIL PROTECTED]@*/ /[EMAIL PROTECTED]@*/ break;
+ case RPM_CHAR_TYPE:
+ case RPM_INT8_TYPE:
+ case RPM_INT16_TYPE:
+ case RPM_INT32_TYPE:
+ if (count != 1)
+ continue;
+ /[EMAIL PROTECTED]@*/ break;
+ case RPM_STRING_TYPE:
+ case RPM_BIN_TYPE:
+ if (count >= 16*1024)
+ continue;
+ /[EMAIL PROTECTED]@*/ break;
+ case RPM_STRING_ARRAY_TYPE:
+ case RPM_I18NSTRING_TYPE:
+ continue;
+ /[EMAIL PROTECTED]@*/ /[EMAIL PROTECTED]@*/ break;
+ }
+ xx = headerAddEntry(h, tag, type, ptr, count);
+ }
+ }
+ hi = headerFreeIterator(hi);
+}
+
+Header headerRegenSigHeader(const Header h, int noArchiveSize)
+{
+ HFD_t hfd = (HFD_t) headerFreeData;
+ Header sigh = headerNew();
+ HeaderIterator hi;
+ int_32 tag, stag, type, count;
+ const void * ptr;
+ int xx;
+
+ for (hi = headerInitIterator(h);
+ headerNextIterator(hi, &tag, &type, &ptr, &count);
+ ptr = hfd(ptr, type))
+ {
+ switch (tag) {
+ /* XXX Translate legacy signature tag values. */
+ case RPMTAG_SIGSIZE:
+ stag = RPMSIGTAG_SIZE;
+ /[EMAIL PROTECTED]@*/ break;
+#if defined(SUPPORT_RPMV3_BROKEN)
+ case RPMTAG_SIGLEMD5_1:
+ stag = RPMSIGTAG_LEMD5_1;
+ /[EMAIL PROTECTED]@*/ break;
+ case RPMTAG_SIGLEMD5_2:
+ stag = RPMSIGTAG_LEMD5_2;
+ /[EMAIL PROTECTED]@*/ break;
+#endif
+#if defined(SUPPORT_RPMV3_VERIFY_RSA)
+ case RPMTAG_SIGPGP:
+ stag = RPMSIGTAG_PGP;
+ /[EMAIL PROTECTED]@*/ break;
+ case RPMTAG_SIGPGP5:
+ stag = RPMSIGTAG_PGP5;
+ /[EMAIL PROTECTED]@*/ break;
+#endif
+ case RPMTAG_SIGMD5:
+ stag = RPMSIGTAG_MD5;
+ /[EMAIL PROTECTED]@*/ break;
+#if defined(SUPPORT_RPMV3_VERIFY_DSA)
+ case RPMTAG_SIGGPG:
+ stag = RPMSIGTAG_GPG;
+ /[EMAIL PROTECTED]@*/ break;
+#endif
+ case RPMTAG_ARCHIVESIZE:
+ /* XXX rpm-4.1 and later has archive size in signature header. */
+ if (noArchiveSize)
+ continue;
+ stag = RPMSIGTAG_PAYLOADSIZE;
+ /[EMAIL PROTECTED]@*/ break;
+ case RPMTAG_SHA1HEADER:
+ case RPMTAG_DSAHEADER:
+ case RPMTAG_RSAHEADER:
+ default:
+ if (!(tag >= HEADER_SIGBASE && tag < HEADER_TAGBASE))
+ continue;
+ stag = tag;
+ /[EMAIL PROTECTED]@*/ break;
+ }
+ if (ptr == NULL) continue; /* XXX can't happen */
+ if (!headerIsEntry(sigh, stag))
+ xx = headerAddEntry(sigh, stag, type, ptr, count);
+ }
+ hi = headerFreeIterator(hi);
+ return sigh;
+}
@@ .
patch -p0 <<'@@ .'
Index: rpm/rpmdb/header.h
============================================================================
$ cvs diff -u -r1.23 -r1.24 header.h
--- rpm/rpmdb/header.h 8 Sep 2007 23:44:00 -0000 1.23
+++ rpm/rpmdb/header.h 29 Sep 2007 16:23:40 -0000 1.24
@@ -912,6 +912,25 @@
uint_32 hGetColor(Header h)
/[EMAIL PROTECTED] h @*/;
+/** \ingroup header
+ * Translate and merge legacy signature tags into header.
+ * @todo Remove headerSort() through headerInitIterator() modifies sig.
+ * @param h header
+ * @param sigh signature header
+ */
+void headerMergeLegacySigs(Header h, const Header sigh)
+ /[EMAIL PROTECTED] h, sigh @*/;
+
+/** \ingroup header
+ * Regenerate signature header.
+ * @todo Remove headerSort() through headerInitIterator() modifies h.
+ * @param h header
+ * @param noArchiveSize don't copy archive size tag (pre rpm-4.1)
+ * @return regenerated signature header
+ */
+Header headerRegenSigHeader(const Header h, int noArchiveSize)
+ /[EMAIL PROTECTED] h @*/;
+
#ifdef __cplusplus
}
#endif
@@ .
patch -p0 <<'@@ .'
Index: rpm/rpmdb/librpmdb.vers
============================================================================
$ cvs diff -u -r1.16 -r1.17 librpmdb.vers
--- rpm/rpmdb/librpmdb.vers 8 Sep 2007 18:55:46 -0000 1.16
+++ rpm/rpmdb/librpmdb.vers 29 Sep 2007 16:23:40 -0000 1.17
@@ -27,6 +27,7 @@
_hdr_loadops;
_hdr_stats;
hdrVec;
+ headerCheck;
headerCompoundFormats;
headerDefaultFormats;
headerDump;
@@ -34,7 +35,9 @@
headerGetRawEntry;
headerMacrosLoad;
headerMacrosUnload;
+ headerMergeLegacySigs;
headerNEVRA;
+ headerRegenSigHeader;
headerVerifyInfo;
hGetColor;
_init;
@@ -82,6 +85,10 @@
rpmTagTable;
rpmTagTableSize;
rpmTags;
+ rpmtsCleanDig;
+ rpmtsDig;
+ rpmtsPubkey;
+ rpmtsSetSig;
sqlitevec;
XrpmdbLink;
XrpmdbUnlink;
@@ .
patch -p0 <<'@@ .'
Index: rpm/rpmdb/pkgio.c
============================================================================
$ cvs diff -u -r1.5 -r1.6 pkgio.c
--- rpm/rpmdb/pkgio.c 9 Sep 2007 05:02:44 -0000 1.5
+++ rpm/rpmdb/pkgio.c 29 Sep 2007 16:23:40 -0000 1.6
@@ -11,17 +11,69 @@
#include <netinet/in.h>
-#include <rpmio.h>
+#include <rpmio_internal.h>
#include <rpmlib.h>
+#define _RPMTS_INTERNAL
+#include "rpmts.h"
+
#include "header_internal.h"
#include <pkgio.h>
#include "debug.h"
-
/[EMAIL PROTECTED] entryInfo @*/ /* XXX rdSignature */
/[EMAIL PROTECTED] indexEntry @*/ /* XXX rdSignature */
+/[EMAIL PROTECTED]@*/
+static int _print_pkts = 0;
+
+/*===============================================*/
+
+void rpmtsCleanDig(rpmts ts)
+{
+ if (ts && ts->dig) {
+ int opx;
+ opx = RPMTS_OP_DIGEST;
+ (void) rpmswAdd(rpmtsOp(ts, opx), pgpStatsAccumulator(ts->dig, opx));
+ opx = RPMTS_OP_SIGNATURE;
+ (void) rpmswAdd(rpmtsOp(ts, opx), pgpStatsAccumulator(ts->dig, opx));
+ (void) rpmtsSetSig(ts, 0, 0, NULL, 0); /* XXX headerFreeData */
+ ts->dig = pgpFreeDig(ts->dig);
+ }
+}
+
+int rpmtsSetSig(rpmts ts,
+ int_32 sigtag, int_32 sigtype, const void * sig, int_32 siglen)
+{
+ int ret = 0;
+ if (ts != NULL) {
+ const void * osig = pgpGetSig(rpmtsDig(ts));
+ int_32 osigtype = pgpGetSigtype(rpmtsDig(ts));
+ if (osig && osigtype)
+ osig = headerFreeData(osig, osigtype);
+ ret = pgpSetSig(rpmtsDig(ts), sigtag, sigtype, sig, siglen);
+ }
+ return ret;
+}
+
+pgpDig rpmtsDig(rpmts ts)
+{
+/[EMAIL PROTECTED]@*/ /* FIX: hide lazy malloc for now */
+ if (ts->dig == NULL) {
+ ts->dig = pgpNewDig(0);
+ (void) pgpSetFindPubkey(ts->dig, (int (*)(void *, void
*))rpmtsFindPubkey, ts);
+ }
+/[EMAIL PROTECTED]@*/
+ return ts->dig;
+}
+
+pgpDigParams rpmtsPubkey(const rpmts ts)
+{
+ return pgpGetPubkey(rpmtsDig(ts));
+}
+
+/*===============================================*/
+
/**
* The lead data structure.
* The lead needs to be 8 byte aligned.
@@ -166,6 +218,7 @@
return rc;
}
+/*===============================================*/
/[EMAIL PROTECTED]@*/
extern int _newmagic;
@@ -441,6 +494,358 @@
return rc;
}
+/*===============================================*/
+
+/**
+ * Check header consistency, performing headerGetEntry() the hard way.
+ *
+ * Sanity checks on the header are performed while looking for a
+ * header-only digest or signature to verify the blob. If found,
+ * the digest or signature is verified.
+ *
+ * @param ts transaction set
+ * @param uh unloaded header blob
+ * @param uc no. of bytes in blob (or 0 to disable)
+ * @retval *msg signature verification msg
+ * @return RPMRC_OK/RPMRC_NOTFOUND/RPMRC_FAIL
+ */
+rpmRC headerCheck(rpmts ts, const void * uh, size_t uc, const char ** msg)
+{
+ pgpDig dig = rpmtsDig(ts);
+ char buf[8*BUFSIZ];
+ int_32 * ei = (int_32 *) uh;
+/[EMAIL PROTECTED]@*/
+ int_32 il = ntohl(ei[0]);
+ int_32 dl = ntohl(ei[1]);
+/[EMAIL PROTECTED]@*/
+ entryInfo pe = (entryInfo) &ei[2];
+/[EMAIL PROTECTED]@*/
+/[EMAIL PROTECTED]@*/
+ int_32 ildl[2];
+ int_32 pvlen = sizeof(ildl) + (il * sizeof(*pe)) + dl;
+ unsigned char * dataStart = (unsigned char *) (pe + il);
+ indexEntry entry = memset(alloca(sizeof(*entry)), 0, sizeof(*entry));
+ entryInfo info = memset(alloca(sizeof(*info)), 0, sizeof(*info));
+ const void * sig = NULL;
+ unsigned char * b;
+ rpmVSFlags vsflags = pgpGetVSFlags(dig);
+ rpmop op;
+ int siglen = 0;
+ int blen;
+ size_t nb;
+ int_32 ril = 0;
+ unsigned char * regionEnd = NULL;
+ rpmRC rc = RPMRC_FAIL; /* assume failure */
+ int xx;
+ int i;
+ static int hclvl;
+
+ hclvl++;
+/[EMAIL PROTECTED]@*/
+ buf[0] = '\0';
+/[EMAIL PROTECTED]@*/
+
+ /* Is the blob the right size? */
+ if (uc > 0 && pvlen != uc) {
+ (void) snprintf(buf, sizeof(buf),
+ _("blob size(%d): BAD, 8 + 16 * il(%d) + dl(%d)\n"),
+ (int)uc, (int)il, (int)dl);
+ goto exit;
+ }
+
+ /* Check (and convert) the 1st tag element. */
+ xx = headerVerifyInfo(1, dl, pe, &entry->info, 0);
+ if (xx != -1) {
+ (void) snprintf(buf, sizeof(buf),
+ _("tag[%d]: BAD, tag %d type %d offset %d count %d\n"),
+ 0, entry->info.tag, entry->info.type,
+ entry->info.offset, entry->info.count);
+ goto exit;
+ }
+
+ /* Is there an immutable header region tag? */
+/[EMAIL PROTECTED]@*/
+ if (!(entry->info.tag == RPMTAG_HEADERIMMUTABLE
+ && entry->info.type == RPM_BIN_TYPE
+ && entry->info.count == REGION_TAG_COUNT))
+ {
+ rc = RPMRC_NOTFOUND;
+ goto exit;
+ }
+/[EMAIL PROTECTED]@*/
+
+ /* Is the offset within the data area? */
+ if (entry->info.offset >= dl) {
+ (void) snprintf(buf, sizeof(buf),
+ _("region offset: BAD, tag %d type %d offset %d count %d\n"),
+ entry->info.tag, entry->info.type,
+ entry->info.offset, entry->info.count);
+ goto exit;
+ }
+
+ /* Is there an immutable header region tag trailer? */
+ regionEnd = dataStart + entry->info.offset;
+/[EMAIL PROTECTED]@*/
+/[EMAIL PROTECTED]@*/
+ (void) memcpy(info, regionEnd, REGION_TAG_COUNT);
+/[EMAIL PROTECTED]@*/
+ regionEnd += REGION_TAG_COUNT;
+
+ xx = headerVerifyInfo(1, dl, info, &entry->info, 1);
+ if (xx != -1 ||
+ !(entry->info.tag == RPMTAG_HEADERIMMUTABLE
+ && entry->info.type == RPM_BIN_TYPE
+ && entry->info.count == REGION_TAG_COUNT))
+ {
+ (void) snprintf(buf, sizeof(buf),
+ _("region trailer: BAD, tag %d type %d offset %d count %d\n"),
+ entry->info.tag, entry->info.type,
+ entry->info.offset, entry->info.count);
+ goto exit;
+ }
+/[EMAIL PROTECTED]@*/
+/[EMAIL PROTECTED]@*/
+ memset(info, 0, sizeof(*info));
+/[EMAIL PROTECTED]@*/
+
+ /* Is the no. of tags in the region less than the total no. of tags? */
+ ril = entry->info.offset/sizeof(*pe);
+ if ((entry->info.offset % sizeof(*pe)) || ril > il) {
+ (void) snprintf(buf, sizeof(buf),
+ _("region size: BAD, ril(%d) > il(%d)\n"), ril, il);
+ goto exit;
+ }
+
+ /* Find a header-only digest/signature tag. */
+ for (i = ril; i < il; i++) {
+ xx = headerVerifyInfo(1, dl, pe+i, &entry->info, 0);
+ if (xx != -1) {
+ (void) snprintf(buf, sizeof(buf),
+ _("tag[%d]: BAD, tag %d type %d offset %d count %d\n"),
+ i, entry->info.tag, entry->info.type,
+ entry->info.offset, entry->info.count);
+ goto exit;
+ }
+
+ switch (entry->info.tag) {
+ case RPMTAG_SHA1HEADER:
+ if (vsflags & RPMVSF_NOSHA1HEADER)
+ /[EMAIL PROTECTED]@*/ break;
+ blen = 0;
+/[EMAIL PROTECTED]@*/
+ for (b = dataStart + entry->info.offset; *b != '\0'; b++) {
+ if (strchr("0123456789abcdefABCDEF", *b) == NULL)
+ /[EMAIL PROTECTED]@*/ break;
+ blen++;
+ }
+ if (entry->info.type != RPM_STRING_TYPE || *b != '\0' || blen != 40)
+ {
+ (void) snprintf(buf, sizeof(buf), _("hdr SHA1: BAD, not
hex\n"));
+ goto exit;
+ }
+/[EMAIL PROTECTED]@*/
+ if (info->tag == 0) {
+/[EMAIL PROTECTED]@*/
+ *info = entry->info; /* structure assignment */
+/[EMAIL PROTECTED]@*/
+ siglen = blen + 1;
+ }
+ /[EMAIL PROTECTED]@*/ break;
+ case RPMTAG_RSAHEADER:
+ if (vsflags & RPMVSF_NORSAHEADER)
+ /[EMAIL PROTECTED]@*/ break;
+ if (entry->info.type != RPM_BIN_TYPE) {
+ (void) snprintf(buf, sizeof(buf), _("hdr RSA: BAD, not
binary\n"));
+ goto exit;
+ }
+/[EMAIL PROTECTED]@*/
+ *info = entry->info; /* structure assignment */
+/[EMAIL PROTECTED]@*/
+ siglen = info->count;
+ /[EMAIL PROTECTED]@*/ break;
+ case RPMTAG_DSAHEADER:
+ if (vsflags & RPMVSF_NODSAHEADER)
+ /[EMAIL PROTECTED]@*/ break;
+ if (entry->info.type != RPM_BIN_TYPE) {
+ (void) snprintf(buf, sizeof(buf), _("hdr DSA: BAD, not
binary\n"));
+ goto exit;
+ }
+/[EMAIL PROTECTED]@*/
+ *info = entry->info; /* structure assignment */
+/[EMAIL PROTECTED]@*/
+ siglen = info->count;
+ /[EMAIL PROTECTED]@*/ break;
+ default:
+ /[EMAIL PROTECTED]@*/ break;
+ }
+ }
+ rc = RPMRC_NOTFOUND;
+
+exit:
+ /* Return determined RPMRC_OK/RPMRC_FAIL conditions. */
+ if (rc != RPMRC_NOTFOUND) {
+/[EMAIL PROTECTED]@*/
+ buf[sizeof(buf)-1] = '\0';
+ if (msg) *msg = xstrdup(buf);
+/[EMAIL PROTECTED]@*/
+ hclvl--;
+ return rc;
+ }
+
+ /* If no header-only digest/signature, then do simple sanity check. */
+ if (info->tag == 0) {
+ xx = headerVerifyInfo(ril-1, dl, pe+1, &entry->info, 0);
+ if (xx != -1) {
+ (void) snprintf(buf, sizeof(buf),
+ _("tag[%d]: BAD, tag %d type %d offset %d count %d\n"),
+ xx+1, entry->info.tag, entry->info.type,
+ entry->info.offset, entry->info.count);
+ rc = RPMRC_FAIL;
+ } else {
+ (void) snprintf(buf, sizeof(buf), "Header sanity check: OK\n");
+ rc = RPMRC_OK;
+ }
+/[EMAIL PROTECTED]@*/
+ buf[sizeof(buf)-1] = '\0';
+ if (msg) *msg = xstrdup(buf);
+/[EMAIL PROTECTED]@*/
+ hclvl--;
+ return rc;
+ }
+
+ /* Verify header-only digest/signature. */
+assert(dig);
+ dig->nbytes = 0;
+
+/[EMAIL PROTECTED]@*/
+ sig = memcpy(xmalloc(siglen), dataStart + info->offset, siglen);
+/[EMAIL PROTECTED]@*/
+ {
+ const void * osig = pgpGetSig(dig);
+ int_32 osigtype = pgpGetSigtype(dig);
+ if (osig && osigtype)
+ osig = headerFreeData(osig, osigtype);
+ (void) pgpSetSig(dig, info->tag, info->type, sig, info->count);
+ }
+
+ switch (info->tag) {
+ case RPMTAG_RSAHEADER:
+ /* Parse the parameters from the OpenPGP packets that will be needed. */
+ xx = pgpPrtPkts(sig, info->count, dig, (_print_pkts & rpmIsDebug()));
+ if (dig->signature.version != 3 && dig->signature.version != 4) {
+ rpmMessage(RPMMESS_ERROR,
+ _("skipping header with unverifiable V%u signature\n"),
+ dig->signature.version);
+ rpmtsCleanDig(ts);
+ rc = RPMRC_FAIL;
+ goto exit;
+ }
+
+ ildl[0] = htonl(ril);
+ ildl[1] = (regionEnd - dataStart);
+ ildl[1] = htonl(ildl[1]);
+
+ op = pgpStatsAccumulator(dig, 10); /* RPMTS_OP_DIGEST */
+ (void) rpmswEnter(op, 0);
+ dig->hdrmd5ctx = rpmDigestInit(dig->signature.hash_algo,
RPMDIGEST_NONE);
+
+ b = NULL; nb = 0;
+ (void) headerGetMagic(NULL, &b, &nb);
+ if (b && nb > 0) {
+ (void) rpmDigestUpdate(dig->hdrmd5ctx, b, nb);
+ dig->nbytes += nb;
+ }
+
+ b = (unsigned char *) ildl;
+ nb = sizeof(ildl);
+ (void) rpmDigestUpdate(dig->hdrmd5ctx, b, nb);
+ dig->nbytes += nb;
+
+ b = (unsigned char *) pe;
+ nb = (htonl(ildl[0]) * sizeof(*pe));
+ (void) rpmDigestUpdate(dig->hdrmd5ctx, b, nb);
+ dig->nbytes += nb;
+
+ b = (unsigned char *) dataStart;
+ nb = htonl(ildl[1]);
+ (void) rpmDigestUpdate(dig->hdrmd5ctx, b, nb);
+ dig->nbytes += nb;
+ (void) rpmswExit(op, dig->nbytes);
+
+ break;
+ case RPMTAG_DSAHEADER:
+ /* Parse the parameters from the OpenPGP packets that will be needed. */
+ xx = pgpPrtPkts(sig, info->count, dig, (_print_pkts & rpmIsDebug()));
+ if (dig->signature.version != 3 && dig->signature.version != 4) {
+ rpmMessage(RPMMESS_ERROR,
+ _("skipping header with unverifiable V%u signature\n"),
+ dig->signature.version);
+ rpmtsCleanDig(ts);
+ rc = RPMRC_FAIL;
+ goto exit;
+ }
+ /[EMAIL PROTECTED]@*/
+ case RPMTAG_SHA1HEADER:
+/[EMAIL PROTECTED]@*/
+ ildl[0] = htonl(ril);
+ ildl[1] = (regionEnd - dataStart);
+ ildl[1] = htonl(ildl[1]);
+/[EMAIL PROTECTED]@*/
+
+ op = pgpStatsAccumulator(dig, 10); /* RPMTS_OP_DIGEST */
+ (void) rpmswEnter(op, 0);
+ dig->hdrsha1ctx = rpmDigestInit(PGPHASHALGO_SHA1, RPMDIGEST_NONE);
+
+ b = NULL; nb = 0;
+ (void) headerGetMagic(NULL, &b, &nb);
+ if (b && nb > 0) {
+ (void) rpmDigestUpdate(dig->hdrsha1ctx, b, nb);
+ dig->nbytes += nb;
+ }
+
+ b = (unsigned char *) ildl;
+ nb = sizeof(ildl);
+ (void) rpmDigestUpdate(dig->hdrsha1ctx, b, nb);
+ dig->nbytes += nb;
+
+ b = (unsigned char *) pe;
+ nb = (htonl(ildl[0]) * sizeof(*pe));
+ (void) rpmDigestUpdate(dig->hdrsha1ctx, b, nb);
+ dig->nbytes += nb;
+
+ b = (unsigned char *) dataStart;
+ nb = htonl(ildl[1]);
+ (void) rpmDigestUpdate(dig->hdrsha1ctx, b, nb);
+ dig->nbytes += nb;
+ (void) rpmswExit(op, dig->nbytes);
+
+ break;
+ default:
+ sig = _free(sig);
+ break;
+ }
+
+/[EMAIL PROTECTED]@*/
+ buf[0] = '\0';
+/[EMAIL PROTECTED]@*/
+ rc = rpmVerifySignature(dig, buf);
+
+/[EMAIL PROTECTED]@*/
+ buf[sizeof(buf)-1] = '\0';
+ if (msg) *msg = xstrdup(buf);
+/[EMAIL PROTECTED]@*/
+
+ /* XXX headerCheck can recurse, free info only at top level. */
+ if (hclvl == 1)
+ rpmtsCleanDig(ts);
+ if (info->tag == RPMTAG_SHA1HEADER)
+ sig = _free(sig);
+ hclvl--;
+ return rc;
+}
+
+/*===============================================*/
+
size_t rpmpkgSizeof(const char * fn)
{
size_t len = 0;
@@ .
______________________________________________________________________
RPM Package Manager http://rpm5.org
CVS Sources Repository rpm-cvs@rpm5.org
