michal-grzedzicki / rpms / rpm

Forked from rpms/rpm 5 months ago
Clone
Blob Blame History Raw
From 1e0850cf7649578e1d7da815751efaa8101773e7 Mon Sep 17 00:00:00 2001
From: chantra <chantr4@gmail.com>
Date: Fri, 18 Feb 2022 11:29:06 -0800
Subject: [PATCH 27/30] [rpmchecksig] Refactor rpmpkgVerifySigs with custom
 verify callback

The current `rpmpkgVerifySigs` was conflating logging and the actual
package verification.

This change makes it possible to pass the verify callback and its data to
`rpmpkgVerifySigs` so callers can customize how they handle the outcome
of signature verifications.
---
 lib/rpmchecksig.c | 78 ++++++++++++++++++++++-------------------------
 lib/rpmextents.c  |  1 -
 2 files changed, 36 insertions(+), 43 deletions(-)

diff --git a/lib/rpmchecksig.c b/lib/rpmchecksig.c
index 7ad4e7034..c9fc3bbc9 100644
--- a/lib/rpmchecksig.c
+++ b/lib/rpmchecksig.c
@@ -222,16 +222,11 @@ exit:
 }
 
 static int rpmpkgVerifySigs(rpmKeyring keyring, int vfylevel, rpmVSFlags flags,
-			   FD_t fd, const char *fn)
+			   FD_t fd, rpmsinfoCb cb, void *cbdata)
 {
     char *msg = NULL;
-    struct vfydata_s vd = { .seen = 0,
-			    .bad = 0,
-			    .verbose = rpmIsVerbose(),
-    };
     int rc;
 
-    rpmlog(RPMLOG_NOTICE, "%s:%s", fn, vd.verbose ? "\n" : "");
 
     if(isTranscodedRpm(fd) == RPMRC_OK){
 	return extentsVerifySigs(fd);
@@ -244,19 +239,7 @@ static int rpmpkgVerifySigs(rpmKeyring keyring, int vfylevel, rpmVSFlags flags,
     if (rc)
 	goto exit;
 
-    rc = rpmvsVerify(vs, RPMSIG_VERIFIABLE_TYPE, vfyCb, &vd);
-
-    if (!vd.verbose) {
-	if (vd.seen & RPMSIG_DIGEST_TYPE) {
-	    rpmlog(RPMLOG_NOTICE, " %s", (vd.bad & RPMSIG_DIGEST_TYPE) ?
-					_("DIGESTS") : _("digests"));
-	}
-	if (vd.seen & RPMSIG_SIGNATURE_TYPE) {
-	    rpmlog(RPMLOG_NOTICE, " %s", (vd.bad & RPMSIG_SIGNATURE_TYPE) ?
-					_("SIGNATURES") : _("signatures"));
-	}
-	rpmlog(RPMLOG_NOTICE, " %s\n", rc ? _("NOT OK") : _("OK"));
-    }
+    rc = rpmvsVerify(vs, RPMSIG_VERIFIABLE_TYPE, cb, cbdata);
 
 exit:
     if (rc && msg)
@@ -266,38 +249,39 @@ exit:
     return rc;
 }
 
-static int rpmpkgVerifySigsFD(rpmKeyring keyring, int vfylevel, rpmVSFlags flags,
-			   FD_t fd, rpmsinfoCb cb, void *cbdata)
-{
-    char *msg = NULL;
-    int rc;
-    struct rpmvs_s *vs = rpmvsCreate(vfylevel, flags, keyring);
-
-    rc = rpmpkgRead(vs, fd, NULL, NULL, &msg);
-
-    if (rc)
-	goto exit;
-
-    rc = rpmvsVerify(vs, RPMSIG_VERIFIABLE_TYPE, cb, cbdata);
-
-exit:
-    if (rc && msg)
-	rpmlog(RPMLOG_ERR, "%s\n", msg);
-    rpmvsFree(vs);
-    free(msg);
-    return rc;
+static void rpmkgVerifySigsPreLogging(struct vfydata_s *vd, const char *fn){
+    rpmlog(RPMLOG_NOTICE, "%s:%s", fn, vd->verbose ? "\n" : "");
 }
 
+static void rpmkgVerifySigsPostLogging(struct vfydata_s *vd, int rc){
+    if (!vd->verbose) {
+	if (vd->seen & RPMSIG_DIGEST_TYPE) {
+	    rpmlog(RPMLOG_NOTICE, " %s", (vd->bad & RPMSIG_DIGEST_TYPE) ?
+					_("DIGESTS") : _("digests"));
+	}
+	if (vd->seen & RPMSIG_SIGNATURE_TYPE) {
+	    rpmlog(RPMLOG_NOTICE, " %s", (vd->bad & RPMSIG_SIGNATURE_TYPE) ?
+					_("SIGNATURES") : _("signatures"));
+	}
+	rpmlog(RPMLOG_NOTICE, " %s\n", rc ? _("NOT OK") : _("OK"));
+    }
+}
 
 /* Wrapper around rpmkVerifySigs to preserve API */
 int rpmVerifySignatures(QVA_t qva, rpmts ts, FD_t fd, const char * fn)
 {
     int rc = 1; /* assume failure */
+    struct vfydata_s vd = { .seen = 0,
+			    .bad = 0,
+			    .verbose = rpmIsVerbose(),
+    };
     if (ts && qva && fd && fn) {
 	rpmKeyring keyring = rpmtsGetKeyring(ts, 1);
 	rpmVSFlags vsflags = rpmtsVfyFlags(ts);
 	int vfylevel = rpmtsVfyLevel(ts);
-	rc = rpmpkgVerifySigs(keyring, vfylevel, vsflags, fd, fn);
+	rpmkgVerifySigsPreLogging(&vd, fn);
+	rc = rpmpkgVerifySigs(keyring, vfylevel, vsflags, fd, vfyCb, &vd);
+	rpmkgVerifySigsPostLogging(&vd, rc);
     	rpmKeyringFree(keyring);
     }
     return rc;
@@ -319,12 +303,22 @@ int rpmcliVerifySignatures(rpmts ts, ARGV_const_t argv)
 
     while ((arg = *argv++) != NULL) {
 	FD_t fd = Fopen(arg, "r.ufdio");
+	struct vfydata_s vd = { .seen = 0,
+				.bad = 0,
+				.verbose = rpmIsVerbose(),
+	};
 	if (fd == NULL || Ferror(fd)) {
 	    rpmlog(RPMLOG_ERR, _("%s: open failed: %s\n"), 
 		     arg, Fstrerror(fd));
 	    res++;
-	} else if (rpmpkgVerifySigs(keyring, vfylevel, vsflags, fd, arg)) {
+	} else {
+	    rpmkgVerifySigsPreLogging(&vd, arg);
+	    int rc = rpmpkgVerifySigs(keyring, vfylevel, vsflags, fd,
+				      vfyCb, &vd);
+	    rpmkgVerifySigsPostLogging(&vd, rc);
+	    if (rc) {
 	    res++;
+	    }
 	}
 
 	Fclose(fd);
@@ -373,7 +367,7 @@ int rpmcliVerifySignaturesFD(rpmts ts, FD_t fdi, char **msg)
 	rpmtsSetVfyLevel(ts, vfylevel);
     }
 
-    if (!rpmpkgVerifySigsFD(keyring, vfylevel, vsflags, fdi, vfyFDCb, &vd)) {
+    if (!rpmpkgVerifySigs(keyring, vfylevel, vsflags, fdi, vfyFDCb, &vd)) {
 	rc = RPMRC_OK;
     }
     *msg = strdup(vd.msg);
diff --git a/lib/rpmextents.c b/lib/rpmextents.c
index f28596f0b..59ba427a4 100644
--- a/lib/rpmextents.c
+++ b/lib/rpmextents.c
@@ -89,7 +89,6 @@ rpmRC extentsFooterFromFD(FD_t fd, struct extents_footer_t *footer) {
 	goto exit;
     }
     if (footer->magic != EXTENTS_MAGIC) {
-	rpmlog(RPMLOG_ERR, _("isTranscodedRpm: not transcoded\n"));
 	rc = RPMRC_NOTFOUND;
 	goto exit;
     }
-- 
2.35.1