Skip to content

Commit

Permalink
Add support for multiple OpenPGP signatures per package, part 2/2
Browse files Browse the repository at this point in the history
Add a tag extension for RPMTAG_OPENPGP (on top of the concrete tag) to
handle compatibility with v3/v4 signatures: the extension collects all
legacy signatures under the same umbrella so users don't need to query
multiple different tags, you just query for RPMTAG_OPENPGP to get all
them at once. Extend :pgpsig tag format to handle the new string
array/base64 variant.

Update --info/-i query to use the extension and output all existing
signatures, one per line. The no-signature case of "Signature  : (none)"
is preserved as-is to help backwards compatibility with scripts parsing
the output.

Related: rpm-software-management#3385
  • Loading branch information
pmatilai authored and ffesti committed Nov 19, 2024
1 parent 5630cf4 commit bea8f45
Show file tree
Hide file tree
Showing 4 changed files with 97 additions and 4 deletions.
24 changes: 21 additions & 3 deletions lib/formats.cc
Original file line number Diff line number Diff line change
Expand Up @@ -419,12 +419,12 @@ static char *jsonFormat(rpmtd td, char **emsg)
}

/* signature fingerprint and time formatting */
static char * pgpsigFormat(rpmtd td, char **emsg)
static char * pgpsigFormatOne(uint8_t *pkt, size_t pktlen, char **emsg)
{
char * val = NULL;
pgpDigParams sigp = NULL;

if (pgpPrtParams((uint8_t*)td->data, td->count, PGPTAG_SIGNATURE, &sigp)) {
if (pgpPrtParams(pkt, pktlen, PGPTAG_SIGNATURE, &sigp)) {
*emsg = xstrdup(_("(not an OpenPGP signature)"));
} else {
char dbuf[BUFSIZ];
Expand All @@ -451,6 +451,24 @@ static char * pgpsigFormat(rpmtd td, char **emsg)
return val;
}

static char * pgpsigFormat(rpmtd td, char **emsg)
{
char *val = NULL;
if (rpmtdType(td) == RPM_BIN_TYPE) {
val = pgpsigFormatOne((uint8_t *)td->data, td->count, emsg);
} else if (rpmtdType(td) == RPM_STRING_ARRAY_TYPE) {
uint8_t *pkt = NULL;
size_t pktlen = 0;
if (rpmBase64Decode(rpmtdGetString(td), (void **)&pkt, &pktlen) == 0) {
val = pgpsigFormatOne(pkt, pktlen, emsg);
free(pkt);
}
} else {
*emsg = xstrdup(_("(invalid type)"));
}
return val;
}

/* dependency flags formatting */
static char * depflagsFormat(rpmtd td, char **emsg)
{
Expand Down Expand Up @@ -581,7 +599,7 @@ static const struct headerFmt_s rpmHeaderFormats[] = {
{ RPMTD_FORMAT_BASE64, "base64",
RPM_BINARY_CLASS, base64Format },
{ RPMTD_FORMAT_PGPSIG, "pgpsig",
RPM_BINARY_CLASS, pgpsigFormat },
RPM_NULL_CLASS, pgpsigFormat },
{ RPMTD_FORMAT_DEPFLAGS, "depflags",
RPM_NUMERIC_CLASS, depflagsFormat },
{ RPMTD_FORMAT_DEPTYPE, "deptype",
Expand Down
34 changes: 34 additions & 0 deletions lib/tagexts.cc
Original file line number Diff line number Diff line change
Expand Up @@ -1052,6 +1052,39 @@ static int sysusersTag(Header h, rpmtd td, headerGetFlags hgflags)
return (td->count > 0);
}

static void trySigTag(Header h, rpmTagVal tag, ARGV_t *sigs)
{
struct rpmtd_s td;
if (headerGet(h, tag, &td, HEADERGET_ALLOC)) {
char *b64 = rpmBase64Encode((uint8_t *)td.data, td.count, 0);
if (b64) {
argvAdd(sigs, b64);
free(b64);
}
rpmtdFreeData(&td);
}
}

static int openpgpTag(Header h, rpmtd td, headerGetFlags hgflags)
{
if (headerGet(h, RPMTAG_OPENPGP, td, HEADERGET_ALLOC))
return 1;

ARGV_t sigs = NULL;
trySigTag(h, RPMTAG_RSAHEADER, &sigs);
trySigTag(h, RPMTAG_DSAHEADER, &sigs);
trySigTag(h, RPMTAG_SIGPGP, &sigs);
trySigTag(h, RPMTAG_SIGGPG, &sigs);

if (sigs) {
td->data = sigs;
td->count = argvCount(sigs);
td->type = RPM_STRING_ARRAY_TYPE;
td->flags = RPMTD_ALLOCED|RPMTD_PTR_ALLOCED;
}
return td->count != 0;
}

static const struct headerTagFunc_s rpmHeaderTagExtensions[] = {
{ RPMTAG_GROUP, groupTag },
{ RPMTAG_DESCRIPTION, descriptionTag },
Expand Down Expand Up @@ -1093,6 +1126,7 @@ static const struct headerTagFunc_s rpmHeaderTagExtensions[] = {
{ RPMTAG_FILENLINKS, filenlinksTag },
{ RPMTAG_SYSUSERS, sysusersTag },
{ RPMTAG_FILEMIMES, filemimesTag },
{ RPMTAG_OPENPGP, openpgpTag },
{ 0, NULL }
};

Expand Down
2 changes: 1 addition & 1 deletion rpmpopt.in
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,7 @@ Install Date: %|INSTALLTIME?{%{INSTALLTIME:date}}:{(not installed)}|\n\
Group : %{GROUP}\n\
Size : %{LONGSIZE}\n\
%|LICENSE?{License : %{LICENSE}}|\n\
Signature : %|DSAHEADER?{%{DSAHEADER:pgpsig}}:{%|RSAHEADER?{%{RSAHEADER:pgpsig}}:{%|SIGGPG?{%{SIGGPG:pgpsig}}:{%|SIGPGP?{%{SIGPGP:pgpsig}}:{(none)}|}|}|}|\n\
Signature :%|OPENPGP?{[\n %{OPENPGP:pgpsig}]}:{ (none)}|\n\
Source RPM : %{SOURCERPM}\n\
Build Date : %{BUILDTIME:date}\n\
Build Host : %{BUILDHOST}\n\
Expand Down
41 changes: 41 additions & 0 deletions tests/rpmquery.at
Original file line number Diff line number Diff line change
Expand Up @@ -420,6 +420,18 @@ rpm \
[RSA/SHA256, Thu Apr 6 13:02:33 2017, Key ID 4344591e1964c5fc],
[warning: /data/RPMS/hello-2.0-1.x86_64-signed.rpm: Header OpenPGP V4 RSA/SHA256 signature, key ID 4344591e1964c5fc: NOKEY
])

RPMTEST_CHECK([[
runroot rpm \
--nosignature \
--qf "[%{openpgp:pgpsig}\n]" \
-qp /data/RPMS/hello-2.0-1.x86_64-signed.rpm
]],
[0],
[RSA/SHA256, Thu Apr 6 13:02:33 2017, Key ID 4344591e1964c5fc
RSA/SHA256, Thu Apr 6 13:02:32 2017, Key ID 4344591e1964c5fc
],
[])
RPMTEST_CLEANUP

# ------------------------------
Expand Down Expand Up @@ -1396,3 +1408,32 @@ runroot rpm -qp --filemime /build/RPMS/noarch/filetypes-1.0-1.noarch.rpm | sed -
],
[])
RPMTEST_CLEANUP

AT_SETUP([info query output])
AT_KEYWORDS([query signature])
RPMTEST_CHECK([
runroot rpm -qi --nosignature /data/RPMS/hello-2.0-1.x86_64-signed.rpm
],
[0],
[[Name : hello
Version : 2.0
Release : 1
Architecture: x86_64
Install Date: (not installed)
Group : Testing
Size : 7243
License : GPL
Signature :
RSA/SHA256, Thu Apr 6 13:02:33 2017, Key ID 4344591e1964c5fc
RSA/SHA256, Thu Apr 6 13:02:32 2017, Key ID 4344591e1964c5fc
Source RPM : hello-2.0-1.src.rpm
Build Date : Sat Nov 22 12:00:00 2008
Build Host : localhost
Relocations : /usr
Summary : hello -- hello, world rpm
Description :
Simple rpm demonstration.
]],
[])
RPMTEST_CLEANUP

0 comments on commit bea8f45

Please sign in to comment.