Fix signature reserved space not restored on --delsign (#2382)

Fixes a regression from commit 5c279fb149a44a1bc4d19e11c3c01942732b8486
simplifying this a bit too much, and failing to restore the reclaimed
reserved signature space on after --delsign. Add a test-case to ensure
--addsign + --delsign returns the package to its original state
bit-by-bit.

Fixes: #2382
(cherry picked from commit be950eabb84a88e5773e096435c37b92e3d47ebb)

2 files changed, 29 insertions, 4 deletions

diff --git a/sign/rpmgensig.c b/sign/rpmgensig.c
index 553a58ec1..33a48f8f0 100644
--- a/sign/rpmgensig.c
+++ b/sign/rpmgensig.c
@@ -639,14 +639,20 @@ static int rpmSign(const char *rpm, int deleting, int flags)
 	res = -1;
     }
 
-    /* Try to make new signature smaller to have size of original signature */
+    /* Adjust reserved size for added/removed signatures */
     if (headerGet(sigh, RPMSIGTAG_RESERVEDSPACE, &utd, HEADERGET_MINMEM)) {
 	int diff = headerSizeof(sigh, HEADER_MAGIC_YES) - origSigSize;
 
-	if (diff > 0 && diff < utd.count) {
+	/* diff can be zero if nothing was added or removed */
+	if (diff) {
 	    utd.count -= diff;
-	    headerMod(sigh, &utd);
-	    insSig = 1;
+	    if (utd.count > 0 && utd.count < origSigSize) {
+		char *zeros = xcalloc(utd.count, sizeof(*zeros));
+		utd.data = zeros;
+		headerMod(sigh, &utd);
+		insSig = 1;
+		free(zeros);
+	    }
 	}
     }
 
diff --git a/tests/rpmsigdig.at b/tests/rpmsigdig.at
index da8321091..8de7f4bc4 100644
--- a/tests/rpmsigdig.at
+++ b/tests/rpmsigdig.at
@@ -781,6 +781,25 @@ POST-DELSIGN
 ],
 [])
 
+# test --delsign restores the old package bit-per-bit
+AT_CHECK([
+RPMDB_INIT
+
+ORIG="${RPMTEST}/data/RPMS/hello-2.0-1.x86_64.rpm"
+NEW="${RPMTEST}/tmp/hello-2.0-1.x86_64.rpm"
+
+cp ${ORIG} "${RPMTEST}"/tmp/
+run rpmsign --key-id 1964C5FC --addsign ${NEW} > /dev/null
+cmp -s ${ORIG} ${NEW}; echo $?
+run rpmsign --delsign ${NEW} > /dev/null
+cmp -s ${ORIG} ${NEW}; echo $?
+],
+[ignore],
+[1
+0
+],
+[])
+
 # rpmsign --addsign <signed>
 AT_CHECK([
 RPMDB_INIT