michal-grzedzicki / rpms / rpm

Forked from rpms/rpm 4 months ago
Clone

Blame SOURCES/0017-rpmsign-Add-helper-to-indicate-file-signing-enabled.patch

45afda
From dbb4f464d177e2c3bfa13b1b2bb511fa6fde40d9 Mon Sep 17 00:00:00 2001
45afda
From: Jes Sorensen <jsorensen@fb.com>
45afda
Date: Wed, 27 May 2020 16:49:03 -0400
45afda
Subject: [PATCH 17/33] rpmsign: Add helper to indicate file signing enabled
45afda
45afda
Helper function returning true if either IMA or VERITY signatures are
45afda
to be applied. This simplifies the code and makes it easier to read.
45afda
45afda
Signed-off-by: Jes Sorensen <jsorensen@fb.com>
45afda
---
45afda
 rpmsign.c | 10 +++++++---
45afda
 1 file changed, 7 insertions(+), 3 deletions(-)
45afda
45afda
diff --git a/rpmsign.c b/rpmsign.c
45afda
index 8861c2c59..94cbf1d1a 100644
45afda
--- a/rpmsign.c
45afda
+++ b/rpmsign.c
45afda
@@ -67,6 +67,11 @@ static struct poptOption optionsTable[] = {
45afda
 };
45afda
 
45afda
 #if defined(WITH_IMAEVM) || defined(WITH_FSVERITY)
45afda
+static int flags_sign_files(int flags)
45afda
+{
45afda
+	return (flags & (RPMSIGN_FLAG_IMA | RPMSIGN_FLAG_FSVERITY) ? 1 : 0);
45afda
+}
45afda
+
45afda
 static char *get_fskpass(void)
45afda
 {
45afda
     struct termios flags, tmp_flags;
45afda
@@ -118,7 +123,7 @@ static int doSign(poptContext optCon, struct rpmSignArgs *sargs)
45afda
 	rpmPushMacro(NULL, "_file_signing_key", NULL, fileSigningKey, RMIL_GLOBAL);
45afda
     }
45afda
 
45afda
-    if (sargs->signflags & (RPMSIGN_FLAG_IMA | RPMSIGN_FLAG_FSVERITY)) {
45afda
+    if (flags_sign_files(sargs->signflags)) {
45afda
 	char *fileSigningKeyPassword = NULL;
45afda
 	char *key = rpmExpand("%{?_file_signing_key}", NULL);
45afda
 	if (rstreq(key, "")) {
45afda
@@ -173,8 +178,7 @@ int main(int argc, char *argv[])
45afda
     }
45afda
 
45afda
 #if defined(WITH_IMAEVM) || defined(WITH_FSVERITY)
45afda
-    if (fileSigningKey &&
45afda
-	!(sargs.signflags & (RPMSIGN_FLAG_IMA | RPMSIGN_FLAG_FSVERITY))) {
45afda
+    if (fileSigningKey && !(flags_sign_files(sargs.signflags))) {
45afda
 	argerror(_("--fskpath may only be specified when signing files"));
45afda
     }
45afda
 #endif
45afda
-- 
45afda
2.27.0
45afda