diff options
| author | Panu Matilainen <pmatilai@redhat.com> | 2017-10-10 11:44:10 +0300 |
|---|---|---|
| committer | Panu Matilainen <pmatilai@redhat.com> | 2017-10-10 12:18:36 +0300 |
| commit | f558e886050c4e98f6cdde391df679a411b3f62c (patch) | |
| tree | c27d5ad0fa262616c6bade0017d68cab70d74ec7 /sign/rpmsignfiles.c | |
| parent | 13644fa07b3e6ee1c40996b32008918c22399e6b (diff) | |
| download | rpm-f558e886050c4e98f6cdde391df679a411b3f62c.tar.gz | |
Place file signatures into the signature header where they belong
The original file signing puts the file signatures into the main header
immutable region, invalidating all previous signatures and digests so
the package no longer appears to be what it was when it came out of the
assembly line. Which is bad. Doing that also requires recalculating
everything again which is just added complexity, and since it adds
stuff to different place from the rest of the signing, it requires yet
complexity to deal with that. Moving the file signatures into the
signature header solves all that and allows removing a big pile of
now unnecessary code.
Because this means retrofitting tags bass-ackwards into the signature
header, the tag definitions are backwards to everything else. Other
options would certainly be possible, but this makes things look more
normal on the signature header side. "Users" only ever see the
unchanged file signature tags as they have always been.
This also means the signature header can be MUCH bigger than ever before,
so bump up the limit (to 64MB, arbitrary something for now), and
permit string array types to be migrated from the signature header
on package read.
Caveats:
This loses the check for identical existing signatures to keep the
complexity down, it's hardly a critical thing and can be added back later.
While file signing could now be done separately to other signing, that
is not handled here.
Diffstat (limited to 'sign/rpmsignfiles.c')
| -rw-r--r-- | sign/rpmsignfiles.c | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/sign/rpmsignfiles.c b/sign/rpmsignfiles.c index 1fc127cb1..2dcc50400 100644 --- a/sign/rpmsignfiles.c +++ b/sign/rpmsignfiles.c @@ -80,7 +80,7 @@ char *keypass) return siglen + 1; } -rpmRC rpmSignFiles(Header h, const char *key, char *keypass) +rpmRC rpmSignFiles(Header sigh, Header h, const char *key, char *keypass) { struct rpmtd_s digests, td; int algo; @@ -107,19 +107,19 @@ rpmRC rpmSignFiles(Header h, const char *key, char *keypass) return RPMRC_FAIL; } - headerDel(h, RPMTAG_FILESIGNATURELENGTH); - headerDel(h, RPMTAG_FILESIGNATURES); + headerDel(sigh, RPMTAG_FILESIGNATURELENGTH); + headerDel(sigh, RPMTAG_FILESIGNATURES); siglen = signatureLength(algoname, diglen, key, keypass); rpmtdReset(&td); - td.tag = RPMTAG_FILESIGNATURELENGTH; + td.tag = RPMSIGTAG_FILESIGNATURELENGTH; td.type = RPM_INT32_TYPE; td.data = &siglen; td.count = 1; - headerPut(h, &td, HEADERPUT_DEFAULT); + headerPut(sigh, &td, HEADERPUT_DEFAULT); rpmtdReset(&td); - td.tag = RPMTAG_FILESIGNATURES; + td.tag = RPMSIGTAG_FILESIGNATURES; td.type = RPM_STRING_ARRAY_TYPE; td.data = NULL; /* set in the loop below */ td.count = 1; @@ -133,7 +133,7 @@ rpmRC rpmSignFiles(Header h, const char *key, char *keypass) goto exit; } td.data = &signature; - if (!headerPut(h, &td, HEADERPUT_APPEND)) { + if (!headerPut(sigh, &td, HEADERPUT_APPEND)) { free(signature); rpmlog(RPMLOG_ERR, _("headerPutString failed\n")); rc = RPMRC_FAIL; |