Skip to content

Commit

Permalink
Use full keyid for the unknown keyid warning message tracking
Browse files Browse the repository at this point in the history
Just use the actual hex string, it's what the user needs to see
and makes no difference to the computer. Add a test as well.

Fixes: #3333
  • Loading branch information
pmatilai authored and ffesti committed Oct 22, 2024
1 parent 027ef64 commit 6699388
Show file tree
Hide file tree
Showing 4 changed files with 31 additions and 7 deletions.
7 changes: 4 additions & 3 deletions lib/package.cc
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@

#include "system.h"

#include <string>
#include <mutex>
#include <set>

Expand Down Expand Up @@ -115,13 +116,13 @@ rpmTagVal headerMergeLegacySigs(Header h, Header sigh, char **msg)
* @param keyid signature keyid
* @return 0 if new keyid, otherwise 1
*/
static int stashKeyid(unsigned int keyid)
static int stashKeyid(const char *keyid)
{
static std::mutex keyid_mutex;
static std::set<unsigned int> keyids;
static std::set<std::string> keyids;
int seen = 0;

if (keyid == 0)
if (keyid == NULL)
return 0;

std::lock_guard<std::mutex> lock(keyid_mutex);
Expand Down
5 changes: 2 additions & 3 deletions lib/rpmvs.cc
Original file line number Diff line number Diff line change
Expand Up @@ -196,7 +196,6 @@ static void rpmsinfoInit(const struct vfyinfo_s *vinfo,
char *lints = NULL;
int ec = pgpPrtParams2((const uint8_t *)data, dlen, PGPTAG_SIGNATURE,
&sinfo->sig, &lints);
const uint8_t *signid;
if (ec) {
if (lints) {
rasprintf(&sinfo->msg,
Expand All @@ -214,8 +213,7 @@ static void rpmsinfoInit(const struct vfyinfo_s *vinfo,
free(lints);
}
sinfo->hashalgo = pgpDigParamsAlgo(sinfo->sig, PGPVAL_HASHALGO);
signid = pgpDigParamsSignID(sinfo->sig); /* 8 bytes key id */
sinfo->keyid = signid[4] << 24 | signid[5] << 16 | signid[6] << 8 | signid[7];
sinfo->keyid = rpmhex(pgpDigParamsSignID(sinfo->sig), PGP_KEYID_LEN);
} else if (sinfo->type == RPMSIG_DIGEST_TYPE) {
if (td->type == RPM_BIN_TYPE) {
sinfo->dig = rpmhex((const uint8_t *)data, dlen);
Expand Down Expand Up @@ -251,6 +249,7 @@ static void rpmsinfoFini(struct rpmsinfo_s *sinfo)
rpmPubkeyFree(sinfo->key);
free(sinfo->msg);
free(sinfo->descr);
free(sinfo->keyid);
memset(sinfo, 0, sizeof(*sinfo));
}
}
Expand Down
2 changes: 1 addition & 1 deletion lib/rpmvs.hh
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ struct rpmsinfo_s {
int wrapped;
int strength;
rpmPubkey key;
unsigned int keyid;
char *keyid;
union {
pgpDigParams sig;
char *dig;
Expand Down
24 changes: 24 additions & 0 deletions tests/rpmsigdig.at
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,30 @@ m4_define([RPMOUTPUT_SEQUOIA], [m4_if(RPM_PGP, [sequoia], [$1
m4_define([RPMOUTPUT_LEGACY], [m4_if(RPM_PGP, [legacy], [$1
])])

AT_SETUP([seen signer id tracking])
AT_KEYWORDS([query signature])
RPMTEST_CHECK([
# stderr redirected to stdout to test the exact order of output
runroot rpm -qp \
/data/RPMS/hello-2.0-1.x86_64-signed.rpm \
/data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm \
/data/RPMS/hello-2.0-1.x86_64.rpm \
/data/RPMS/hello-2.0-1.x86_64-signed-with-new-subkey.rpm \
/data/RPMS/hello-2.0-1.x86_64-v3-signed.rpm 2>&1
],
[0],
[warning: /data/RPMS/hello-2.0-1.x86_64-signed.rpm: Header V4 RSA/SHA256 Signature, key ID 4344591e1964c5fc: NOKEY
hello-2.0-1.x86_64
warning: /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm: Header V4 RSA/SHA512 Signature, key ID 1f71177215217ee0: NOKEY
hello-2.0-1.x86_64
hello-2.0-1.x86_64
warning: /data/RPMS/hello-2.0-1.x86_64-signed-with-new-subkey.rpm: Header V4 EdDSA/SHA512 Signature, key ID 6323c42711450b6c: NOKEY
hello-2.0-1.x86_64
hello-2.0-1.x86_64
],
[])
RPMTEST_CLEANUP

# ------------------------------
# Test pre-built package verification
AT_SETUP([rpmkeys -Kv <unsigned> 1])
Expand Down

0 comments on commit 6699388

Please sign in to comment.