richardphibel / rpms / dnf

Forked from rpms/dnf 2 years ago
Clone

Blame SOURCES/0003-Pass-the-package-to-rpmkeys-stdin.patch

6cc3d3
From 134b095b0833956cadfc02a9a1e7ca1344cd5aaa Mon Sep 17 00:00:00 2001
6cc3d3
From: Demi Marie Obenour <demi@invisiblethingslab.com>
6cc3d3
Date: Tue, 27 Apr 2021 21:07:19 -0400
6cc3d3
Subject: [PATCH] Pass the package to rpmkeys stdin
6cc3d3
6cc3d3
This avoids having to compute the expected stdout value, which will
6cc3d3
always be the constant "-: digests signatures OK\n".
6cc3d3
---
6cc3d3
 dnf/rpm/miscutils.py | 10 ++++++----
6cc3d3
 1 file changed, 6 insertions(+), 4 deletions(-)
6cc3d3
6cc3d3
diff --git a/dnf/rpm/miscutils.py b/dnf/rpm/miscutils.py
6cc3d3
index 7e33d4c..5f2621c 100644
6cc3d3
--- a/dnf/rpm/miscutils.py
6cc3d3
+++ b/dnf/rpm/miscutils.py
6cc3d3
@@ -29,7 +29,8 @@ from shutil import which
6cc3d3
 logger = logging.getLogger('dnf')
6cc3d3
 
6cc3d3
 
6cc3d3
-def _verifyPkgUsingRpmkeys(package, installroot):
6cc3d3
+def _verifyPkgUsingRpmkeys(package, installroot, fdno):
6cc3d3
+    os.lseek(fdno, 0, os.SEEK_SET)
6cc3d3
     rpmkeys_binary = '/usr/bin/rpmkeys'
6cc3d3
     if not os.path.isfile(rpmkeys_binary):
6cc3d3
         rpmkeys_binary = which("rpmkeys")
6cc3d3
@@ -40,15 +41,16 @@ def _verifyPkgUsingRpmkeys(package, installroot):
6cc3d3
         logger.critical(_('Cannot find rpmkeys executable to verify signatures.'))
6cc3d3
         return 0
6cc3d3
 
6cc3d3
-    args = ('rpmkeys', '--checksig', '--root', installroot, '--define', '_pkgverify_level all', '--', package)
6cc3d3
+    args = ('rpmkeys', '--checksig', '--root', installroot, '--define', '_pkgverify_level all', '-')
6cc3d3
     with subprocess.Popen(
6cc3d3
             args=args,
6cc3d3
             executable=rpmkeys_binary,
6cc3d3
             env={'LC_ALL': 'C'},
6cc3d3
+            stdin=fdno,
6cc3d3
             stdout=subprocess.PIPE,
6cc3d3
             cwd='/') as p:
6cc3d3
         data, err = p.communicate()
6cc3d3
-    if p.returncode != 0 or data != (package.encode('ascii', 'strict') + b': digests signatures OK\n'):
6cc3d3
+    if p.returncode != 0 or data != b'-: digests signatures OK\n':
6cc3d3
         return 0
6cc3d3
     else:
6cc3d3
         return 1
6cc3d3
@@ -85,7 +87,7 @@ def checkSig(ts, package):
6cc3d3
 
6cc3d3
             if siginfo == '(none)':
6cc3d3
                 value = 4
6cc3d3
-            elif "Key ID" in siginfo and _verifyPkgUsingRpmkeys(package, ts.ts.rootDir):
6cc3d3
+            elif "Key ID" in siginfo and _verifyPkgUsingRpmkeys(package, ts.ts.rootDir, fdno):
6cc3d3
                 value = 0
6cc3d3
             else:
6cc3d3
                 raise ValueError('Unexpected return value %r from hdr.sprintf when checking signature.' % siginfo)
6cc3d3
--
6cc3d3
libgit2 1.0.1
6cc3d3