RPM Package Manager, CVS Repository
http://rpm5.org/cvs/
____________________________________________________________________________
Server: rpm5.org Name: Jeff Johnson
Root: /v/rpm/cvs Email: jbj@rpm5.org
Module: rpm Date: 29-Dec-2007 22:34:21
Branch: HEAD Handle: 2007122921342100
Modified files:
rpm CHANGES
rpm/lib depends.c rpmns.c tpgp.c
Log:
- re-add all the debugging spew under --rpmnsdebug for now.
- functional signature(...) name space probe.
Summary:
Revision Changes Path
1.2038 +2 -0 rpm/CHANGES
1.376 +32 -0 rpm/lib/depends.c
1.9 +51 -10 rpm/lib/rpmns.c
2.13 +1 -1 rpm/lib/tpgp.c
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: rpm/CHANGES
============================================================================
$ cvs diff -u -r1.2037 -r1.2038 CHANGES
--- rpm/CHANGES 29 Dec 2007 20:18:46 -0000 1.2037
+++ rpm/CHANGES 29 Dec 2007 21:34:21 -0000 1.2038
@@ -1,4 +1,6 @@
5.0b3 -> 5.0b4:
+ - jbj: re-add all the debugging spew under --rpmnsdebug for now.
+ - jbj: functional signature(...) name space probe.
- jbj: add rpmnsProbeSignature() & "signature(/text:/sig) = /pub:id" probe.
- jbj: pgpReadPkts: truncate binary encoded pgp pktlen to actual length.
- jbj: pgpReadPkts: identify binary encoded pgp pkts correctly.
@@ .
patch -p0 <<'@@ .'
Index: rpm/lib/depends.c
============================================================================
$ cvs diff -u -r1.375 -r1.376 depends.c
--- rpm/lib/depends.c 28 Dec 2007 14:00:30 -0000 1.375
+++ rpm/lib/depends.c 29 Dec 2007 21:34:21 -0000 1.376
@@ -821,6 +821,35 @@
goto exit;
}
+ if (NSType == RPMNS_TYPE_SIGNATURE) {
+ const char * EVR = rpmdsEVR(dep);
+ char * fn = xstrdup(Name);
+ char * sigfn = NULL;
+ char * pubfn = ((EVR && *EVR) ? xstrdup(EVR) : NULL);
+ char * pubid = NULL;
+
+ /* Split /fn:/sig */
+ if ((sigfn = strrchr(fn, ':')) != NULL)
+ *sigfn++ = '\0';
+
+ /* Split /pub:id */
+ if (pubfn) {
+ if ((pubid = strrchr(pubfn, ':')) != NULL)
+ *pubid++ = '\0';
+ }
+
+ xx = rpmnsProbeSignature(ts, fn, sigfn, pubfn, pubid);
+ rc = (xx ? 0 : 1);
+
+ fn = _free(fn);
+ pubfn = _free(pubfn);
+
+ if (Flags & RPMSENSE_MISSINGOK)
+ goto unsatisfied;
+ rpmdsNotify(dep, _("(signature probe)"), rc);
+ goto exit;
+ }
+
if (NSType == RPMNS_TYPE_GNUPG) {
const char * EVR = rpmdsEVR(dep);
if (!(EVR && *EVR)) {
@@ -1749,6 +1778,9 @@
case RPMNS_TYPE_MACRO:
case RPMNS_TYPE_ENVVAR:
case RPMNS_TYPE_RUNNING:
+ case RPMNS_TYPE_SANITY:
+ case RPMNS_TYPE_VCHECK:
+ case RPMNS_TYPE_SIGNATURE:
return 0;
/*@notreached@*/ break;
default:
@@ .
patch -p0 <<'@@ .'
Index: rpm/lib/rpmns.c
============================================================================
$ cvs diff -u -r1.8 -r1.9 rpmns.c
--- rpm/lib/rpmns.c 29 Dec 2007 20:18:47 -0000 1.8
+++ rpm/lib/rpmns.c 29 Dec 2007 21:34:21 -0000 1.9
@@ -269,11 +269,16 @@
int rc = 0;
int xx;
+if (_rpmns_debug)
+fprintf(stderr, "==> check(%s, %s, %s, %s)\n", fn, sigfn, pubfn, pubid);
+
/* Load the signature. Use sigfn if specified, otherwise clearsign. */
- if (sigfn != NULL) {
+ if (sigfn && *sigfn) {
const char * _sigfn = rpmExpand(sigfn, NULL);
xx = pgpReadPkts(_sigfn, &sigpkt, &sigpktlen);
if (xx != PGPARMOR_SIGNATURE) {
+if (_rpmns_debug)
+fprintf(stderr, "==> pgpReadPkts(%s) SIG %p[%u] ret %d\n", _sigfn, sigpkt, sigpktlen, xx);
_sigfn = _free(_sigfn);
goto exit;
}
@@ -282,41 +287,57 @@
const char * _sigfn = rpmExpand(fn, NULL);
xx = pgpReadPkts(_sigfn, &sigpkt, &sigpktlen);
if (xx != PGPARMOR_SIGNATURE) {
+if (_rpmns_debug)
+fprintf(stderr, "==> pgpReadPkts(%s) SIG %p[%u] ret %d\n", _sigfn, sigpkt, sigpktlen, xx);
_sigfn = _free(_sigfn);
goto exit;
}
_sigfn = _free(_sigfn);
}
xx = pgpPrtPkts((uint8_t *)sigpkt, sigpktlen, dig, printing);
- if (xx)
+ if (xx) {
+if (_rpmns_debug)
+fprintf(stderr, "==> pgpPrtPkts SIG %p[%u] ret %d\n", sigpkt, sigpktlen, xx);
goto exit;
+ }
sigp = pgpGetSignature(dig);
- if (sigp->version != 3 && sigp->version != 4)
+ if (sigp->version != 3 && sigp->version != 4) {
+if (_rpmns_debug)
+fprintf(stderr, "==> unverifiable V%d\n", sigp->version);
goto exit;
+ }
/* Load the pubkey. Use pubfn if specified, otherwise rpmdb keyring. */
- if (pubfn != NULL) {
+ if (pubfn && *pubfn) {
const char * _pubfn = rpmExpand(pubfn, NULL);
xx = pgpReadPkts(_pubfn, &ts->pkpkt, &ts->pkpktlen);
if (xx != PGPARMOR_PUBKEY) {
+if (_rpmns_debug)
+fprintf(stderr, "==> pgpReadPkts(%s) PUB %p[%u] ret %d\n", _pubfn, ts->pkpkt, ts->pkpktlen, xx);
_pubfn = _free(_pubfn);
goto exit;
}
_pubfn = _free(_pubfn);
xx = pgpPrtPkts((uint8_t *)ts->pkpkt, ts->pkpktlen, dig, printing);
- if (xx)
+ if (xx) {
+if (_rpmns_debug)
+fprintf(stderr, "==> pgpPrtPkts PUB %p[%u] ret %d\n", ts->pkpkt, ts->pkpktlen, xx);
goto exit;
+ }
} else {
- if (pgpFindPubkey(dig) != RPMRC_OK)
+ if ((xx = pgpFindPubkey(dig)) != RPMRC_OK) {
+if (_rpmns_debug)
+fprintf(stderr, "==> pgpFindPubkey ret %d\n", xx);
goto exit;
+ }
}
pubp = pgpGetPubkey(dig);
/* Is this the requested pubkey? */
- if (pubid != NULL) {
+ if (pubid && *pubid) {
size_t ns = strlen(pubid);
const char * s;
char * t;
@@ -347,8 +368,12 @@
if (pubp->pubkey_algo == PGPPUBKEYALGO_RSA)
xx = 0;
- if (xx)
+ if (xx) {
+if (_rpmns_debug)
+fprintf(stderr, "==> mismatched: pubkey id (%08x %08x) != %s\n",
+pgpGrab(pubp->signid, 4), pgpGrab(pubp->signid+4, 4), pubid);
goto exit;
+ }
}
/* Do the parameters match the signature? */
@@ -357,8 +382,16 @@
&& sigp->hash_algo == pubp->hash_algo
#endif
/* XXX HACK: V4 RSA key id's are wonky atm. */
- && (pubp->pubkey_algo == PGPPUBKEYALGO_RSA || !memcmp(sigp->signid, pubp->signid, sizeof(sigp->signid))) ) )
+ && (pubp->pubkey_algo == PGPPUBKEYALGO_RSA || !memcmp(sigp->signid, pubp->signid, sizeof(sigp->signid))) ) ) {
+if (_rpmns_debug) {
+fprintf(stderr, "==> mismatch between signature and pubkey\n");
+fprintf(stderr, "\tpubkey_algo: %u %u\n", sigp->pubkey_algo, pubp->pubkey_algo);
+fprintf(stderr, "\tsignid: %08X %08X %08X %08X\n",
+pgpGrab(sigp->signid, 4), pgpGrab(sigp->signid+4, 4),
+pgpGrab(pubp->signid, 4), pgpGrab(pubp->signid+4, 4));
+}
goto exit;
+ }
/* Compute the message digest. */
ctx = rpmDigestInit(sigp->hash_algo, RPMDIGEST_NONE);
@@ -372,6 +405,8 @@
int _rc = rpmioSlurp(_fn, &b, &blen);
if (!(_rc == 0 && b != NULL && blen > 0)) {
+if (_rpmns_debug)
+fprintf(stderr, "==> rpmioSlurp(%s) MSG %p[%u] ret %d\n", _fn, b, blen, _rc);
b = _free(b);
_fn = _free(_fn);
goto exit;
@@ -431,8 +466,11 @@
xx = pgpImplSetRSA(ctx, dig, sigp);
break;
}
- if (xx)
+ if (xx) {
+if (_rpmns_debug)
+fprintf(stderr, "==> can't load pubkey_algo(%u)\n", sigp->pubkey_algo);
goto exit;
+ }
/* Verify the signature. */
switch(sigp->pubkey_algo) {
@@ -453,5 +491,8 @@
ts->pkpktlen = 0;
rpmtsCleanDig(ts);
+if (_rpmns_debug)
+fprintf(stderr, "============================ verify: rc %d\n", rc);
+
return rc;
}
@@ .
patch -p0 <<'@@ .'
Index: rpm/lib/tpgp.c
============================================================================
$ cvs diff -u -r2.12 -r2.13 tpgp.c
--- rpm/lib/tpgp.c 29 Dec 2007 19:38:44 -0000 2.12
+++ rpm/lib/tpgp.c 29 Dec 2007 21:34:21 -0000 2.13
@@ -125,7 +125,7 @@
rpmRC res = pgpFindPubkey(dig);
if (res != RPMRC_OK) {
if (_debug)
-fprintf(stderr, "==> rpmtsFindPubkey ret %d\n", res);
+fprintf(stderr, "==> pgpFindPubkey ret %d\n", res);
goto exit;
}
}
@@ .
Received on Sat Dec 29 22:34:21 2007