diff options
author | Panu Matilainen <pmatilai@redhat.com> | 2023-04-27 15:21:55 +0300 |
---|---|---|
committer | Panu Matilainen <pmatilai@redhat.com> | 2023-04-28 12:57:21 +0300 |
commit | 14aac7d27ea79feeae37106d2d3a570adecc50e9 (patch) | |
tree | 75d02a917c4cfd7bd5c3f3b1bc8e9bf34899386b | |
parent | e6a44dbbf9442f070d486e7dc67e9269bd142d4d (diff) | |
download | rpm-14aac7d27ea79feeae37106d2d3a570adecc50e9.tar.gz |
Fix file signatures getting loaded when not asked for
Our compound masks for disabling file info bits per operation never got
updated to include the two separate file signature types. This was
discovered by rpm-ostree on older rpm version crashing on an IMA signature
despite passing in RPMFI_FLAGS_ONLY_FILENAMES.
Add the file signatures to the most obvious masks, and add a simple test
as well.
Fixes: #2425
-rw-r--r-- | include/rpm/rpmfiles.h | 2 | ||||
-rw-r--r-- | tests/rpmpython.at | 11 |
2 files changed, 13 insertions, 0 deletions
diff --git a/include/rpm/rpmfiles.h b/include/rpm/rpmfiles.h index 29bca259e..ad9e269cc 100644 --- a/include/rpm/rpmfiles.h +++ b/include/rpm/rpmfiles.h @@ -160,6 +160,7 @@ typedef rpmFlags rpmfiFlags; #define RPMFI_FLAGS_ERASE \ (RPMFI_NOFILECLASS | RPMFI_NOFILELANGS | \ RPMFI_NOFILEMTIMES | RPMFI_NOFILERDEVS | \ + RPMFI_NOFILESIGNATURES | RPMFI_NOVERITYSIGNATURES | \ RPMFI_NOFILEVERIFYFLAGS) #define RPMFI_FLAGS_INSTALL \ @@ -179,6 +180,7 @@ typedef rpmFlags rpmfiFlags; RPMFI_NOFILESIZES | RPMFI_NOFILECAPS | RPMFI_NOFILELINKTOS | \ RPMFI_NOFILEDIGESTS | RPMFI_NOFILEMTIMES | RPMFI_NOFILERDEVS | \ RPMFI_NOFILEINODES | RPMFI_NOFILECOLORS | \ + RPMFI_NOFILESIGNATURES | RPMFI_NOVERITYSIGNATURES | \ RPMFI_NOFILEVERIFYFLAGS | RPMFI_NOFILEFLAGS) #define RPMFI_FLAGS_ONLY_FILENAMES \ diff --git a/tests/rpmpython.at b/tests/rpmpython.at index 107d993d4..dea79724e 100644 --- a/tests/rpmpython.at +++ b/tests/rpmpython.at @@ -634,9 +634,20 @@ for p in ['imatest-1.0-1.fc34.noarch.rpm', 'capstest-1.0-1.noarch.rpm']: if sig: sig = sig.hex() myprint('%s: %s' % (f.name, sig)) + files = rpm.files(h, flags = rpm.RPMFI_FLAGS_ONLY_FILENAMES) + for f in files: + sig = f.imasig + if sig: + sig = sig.hex() + myprint('%s: %s' % (f.name, sig)) ], [/usr/share/example1: 030204a598255400483046022100e5117bdafa73baaeb1f1dc46ecaa46981a62d417745a33532572b63dc6d95d16022100c789107ac5b91e2d915e1df3c7b78414f6b3f50899d44c1de381d0e938dfc82b /usr/share/example2: 030204a598255400473045022100c10943795bff5d9c0db53dd4f8e4b845615fd08a2be295c30a80f5bdb4e6a41302203038840cc6abaab92acb56cb3e3ce520b17f22ff7444a8d5d0f703a44d5307a3 +/usr/share/example1: None +/usr/share/example2: None +/a/emptyCaps1: None +/a/emptyCaps2: None +/a/noCaps: None /a/emptyCaps1: None /a/emptyCaps2: None /a/noCaps: None |