|
|
6cc3d3 |
From 134b095b0833956cadfc02a9a1e7ca1344cd5aaa Mon Sep 17 00:00:00 2001
|
|
|
6cc3d3 |
From: Demi Marie Obenour <demi@invisiblethingslab.com>
|
|
|
6cc3d3 |
Date: Tue, 27 Apr 2021 21:07:19 -0400
|
|
|
6cc3d3 |
Subject: [PATCH] Pass the package to rpmkeys stdin
|
|
|
6cc3d3 |
|
|
|
6cc3d3 |
This avoids having to compute the expected stdout value, which will
|
|
|
6cc3d3 |
always be the constant "-: digests signatures OK\n".
|
|
|
6cc3d3 |
---
|
|
|
6cc3d3 |
dnf/rpm/miscutils.py | 10 ++++++----
|
|
|
6cc3d3 |
1 file changed, 6 insertions(+), 4 deletions(-)
|
|
|
6cc3d3 |
|
|
|
6cc3d3 |
diff --git a/dnf/rpm/miscutils.py b/dnf/rpm/miscutils.py
|
|
|
6cc3d3 |
index 7e33d4c..5f2621c 100644
|
|
|
6cc3d3 |
--- a/dnf/rpm/miscutils.py
|
|
|
6cc3d3 |
+++ b/dnf/rpm/miscutils.py
|
|
|
6cc3d3 |
@@ -29,7 +29,8 @@ from shutil import which
|
|
|
6cc3d3 |
logger = logging.getLogger('dnf')
|
|
|
6cc3d3 |
|
|
|
6cc3d3 |
|
|
|
6cc3d3 |
-def _verifyPkgUsingRpmkeys(package, installroot):
|
|
|
6cc3d3 |
+def _verifyPkgUsingRpmkeys(package, installroot, fdno):
|
|
|
6cc3d3 |
+ os.lseek(fdno, 0, os.SEEK_SET)
|
|
|
6cc3d3 |
rpmkeys_binary = '/usr/bin/rpmkeys'
|
|
|
6cc3d3 |
if not os.path.isfile(rpmkeys_binary):
|
|
|
6cc3d3 |
rpmkeys_binary = which("rpmkeys")
|
|
|
6cc3d3 |
@@ -40,15 +41,16 @@ def _verifyPkgUsingRpmkeys(package, installroot):
|
|
|
6cc3d3 |
logger.critical(_('Cannot find rpmkeys executable to verify signatures.'))
|
|
|
6cc3d3 |
return 0
|
|
|
6cc3d3 |
|
|
|
6cc3d3 |
- args = ('rpmkeys', '--checksig', '--root', installroot, '--define', '_pkgverify_level all', '--', package)
|
|
|
6cc3d3 |
+ args = ('rpmkeys', '--checksig', '--root', installroot, '--define', '_pkgverify_level all', '-')
|
|
|
6cc3d3 |
with subprocess.Popen(
|
|
|
6cc3d3 |
args=args,
|
|
|
6cc3d3 |
executable=rpmkeys_binary,
|
|
|
6cc3d3 |
env={'LC_ALL': 'C'},
|
|
|
6cc3d3 |
+ stdin=fdno,
|
|
|
6cc3d3 |
stdout=subprocess.PIPE,
|
|
|
6cc3d3 |
cwd='/') as p:
|
|
|
6cc3d3 |
data, err = p.communicate()
|
|
|
6cc3d3 |
- if p.returncode != 0 or data != (package.encode('ascii', 'strict') + b': digests signatures OK\n'):
|
|
|
6cc3d3 |
+ if p.returncode != 0 or data != b'-: digests signatures OK\n':
|
|
|
6cc3d3 |
return 0
|
|
|
6cc3d3 |
else:
|
|
|
6cc3d3 |
return 1
|
|
|
6cc3d3 |
@@ -85,7 +87,7 @@ def checkSig(ts, package):
|
|
|
6cc3d3 |
|
|
|
6cc3d3 |
if siginfo == '(none)':
|
|
|
6cc3d3 |
value = 4
|
|
|
6cc3d3 |
- elif "Key ID" in siginfo and _verifyPkgUsingRpmkeys(package, ts.ts.rootDir):
|
|
|
6cc3d3 |
+ elif "Key ID" in siginfo and _verifyPkgUsingRpmkeys(package, ts.ts.rootDir, fdno):
|
|
|
6cc3d3 |
value = 0
|
|
|
6cc3d3 |
else:
|
|
|
6cc3d3 |
raise ValueError('Unexpected return value %r from hdr.sprintf when checking signature.' % siginfo)
|
|
|
6cc3d3 |
--
|
|
|
6cc3d3 |
libgit2 1.0.1
|
|
|
6cc3d3 |
|