/** \ingroup header
* Duplicate a header.
* @param h header
* @return new header instance
*/
Header headerCopy(Header h)
{
Header nh = headerNew();
HeaderIterator hi;
struct rpmtd_s td;
hi = headerInitIterator(h);
while (headerNext(hi, &td)) {
if (rpmtdCount(&td) > 0) {
(void) headerPut(nh, &td, HEADERPUT_DEFAULT);
}
rpmtdFreeData(&td);
}
hi = headerFreeIterator(hi);
return headerReload(nh, HEADER_IMAGE);
}
static rpmRC writeHdr(FD_t fd, Header pkgh)
{
/* Reallocate the header into one contiguous region for writing. */
Header h = headerReload(headerCopy(pkgh), RPMTAG_HEADERIMMUTABLE);
rpmRC rc = RPMRC_FAIL;
if (h == NULL) {
rpmlog(RPMLOG_ERR,_("Unable to create immutable header region\n"));
goto exit;
}
if (headerWrite(fd, h, HEADER_MAGIC_YES)) {
rpmlog(RPMLOG_ERR, _("Unable to write header to %s: %s\n"),
Fdescr(fd), Fstrerror(fd));
goto exit;
}
(void) Fflush(fd);
rc = RPMRC_OK;
exit:
headerFree(h);
return rc;
}
static rpmRC writeRPM(Header *hdrp, unsigned char ** pkgidp, const char *fileName,
CSA_t csa, char **cookie)
{
FD_t fd = NULL;
FD_t ifd = NULL;
ssize_t count;
char * sigtarget = NULL;;
char * rpmio_flags = NULL;
char * SHA1 = NULL;
const char *s;
char *buf = NULL;
Header h;
Header sig = NULL;
int xx;
rpmRC rc = RPMRC_OK;
struct rpmtd_s td;
rpmTagVal sizetag;
rpmTagVal payloadtag;
/* Transfer header reference form *hdrp to h. */
h = headerLink(*hdrp);
*hdrp = headerFree(*hdrp);
if (pkgidp)
*pkgidp = NULL;
/* Save payload information */
if (headerIsSource(h))
rpmio_flags = rpmExpand("%{?_source_payload}", NULL);
else
rpmio_flags = rpmExpand("%{?_binary_payload}", NULL);
if (!(rpmio_flags && *rpmio_flags)) {
rpmio_flags = _free(rpmio_flags);
rpmio_flags = xstrdup("w9.gzdio");
}
s = strchr(rpmio_flags, '.');
if (s) {
const char *compr = NULL;
headerPutString(h, RPMTAG_PAYLOADFORMAT, "cpio");
if (rstreq(s+1, "ufdio")) {
compr = NULL;
} else if (rstreq(s+1, "gzdio")) {
compr = "gzip";
#if HAVE_BZLIB_H
} else if (rstreq(s+1, "bzdio")) {
compr = "bzip2";
/* Add prereq on rpm version that understands bzip2 payloads */
(void) rpmlibNeedsFeature(h, "PayloadIsBzip2", "3.0.5-1");
#endif
#if HAVE_LZMA_H
} else if (rstreq(s+1, "xzdio")) {
compr = "xz";
(void) rpmlibNeedsFeature(h, "PayloadIsXz", "5.2-1");
} else if (rstreq(s+1, "lzdio")) {
compr = "lzma";
(void) rpmlibNeedsFeature(h, "PayloadIsLzma", "4.4.6-1");
#endif
} else {
rpmlog(RPMLOG_ERR, _("Unknown payload compression: %s\n"),
rpmio_flags);
rc = RPMRC_FAIL;
goto exit;
}
if (compr)
headerPutString(h, RPMTAG_PAYLOADCOMPRESSOR, compr);
buf = xstrdup(rpmio_flags);
buf[s - rpmio_flags] = '\0';
headerPutString(h, RPMTAG_PAYLOADFLAGS, buf+1);
free(buf);
}
/* Create and add the cookie */
if (cookie) {
rasprintf(cookie, "%s %d", buildHost(), (int) (*getBuildTime()));
headerPutString(h, RPMTAG_COOKIE, *cookie);
}
/* Reallocate the header into one contiguous region. */
h = headerReload(h, RPMTAG_HEADERIMMUTABLE);
if (h == NULL) { /* XXX can't happen */
rc = RPMRC_FAIL;
rpmlog(RPMLOG_ERR, _("Unable to create immutable header region.\n"));
goto exit;
}
/* Re-reference reallocated header. */
*hdrp = headerLink(h);
/*
* Write the header+archive into a temp file so that the size of
* archive (after compression) can be added to the header.
*/
fd = rpmMkTempFile(NULL, &sigtarget);
if (fd == NULL || Ferror(fd)) {
rc = RPMRC_FAIL;
rpmlog(RPMLOG_ERR, _("Unable to open temp file.\n"));
goto exit;
}
fdInitDigest(fd, PGPHASHALGO_SHA1, 0);
if (headerWrite(fd, h, HEADER_MAGIC_YES)) {
rc = RPMRC_FAIL;
rpmlog(RPMLOG_ERR, _("Unable to write temp header\n"));
} else { /* Write the archive and get the size */
(void) Fflush(fd);
fdFiniDigest(fd, PGPHASHALGO_SHA1, (void **)&SHA1, NULL, 1);
if (csa->cpioList != NULL) {
rc = cpio_doio(fd, h, csa, rpmio_flags);
} else if (Fileno(csa->cpioFdIn) >= 0) {
rc = cpio_copy(fd, csa);
} else {
rc = RPMRC_FAIL;
rpmlog(RPMLOG_ERR, _("Bad CSA data\n"));
}
}
if (rc != RPMRC_OK)
goto exit;
(void) Fclose(fd);
fd = NULL;
(void) unlink(fileName);
/* Generate the signature */
(void) fflush(stdout);
sig = rpmNewSignature();
/*
* There should be rpmlib() dependency on this, but that doesn't
* really do much good as these are signature tags that get read
* way before dependency checking has a chance to figure out anything.
* On the positive side, not inserting the 32bit tag at all means
* older rpm will just bail out with error message on attempt to read
* such a package.
*/
if (csa->cpioArchiveSize < UINT32_MAX) {
sizetag = RPMSIGTAG_SIZE;
payloadtag = RPMSIGTAG_PAYLOADSIZE;
} else {
sizetag = RPMSIGTAG_LONGSIZE;
payloadtag = RPMSIGTAG_LONGARCHIVESIZE;
}
(void) rpmGenDigest(sig, sigtarget, sizetag);
(void) rpmGenDigest(sig, sigtarget, RPMSIGTAG_MD5);
if (SHA1) {
/* XXX can't use rpmtdFromFoo() on RPMSIGTAG_* items */
rpmtdReset(&td);
td.tag = RPMSIGTAG_SHA1;
td.type = RPM_STRING_TYPE;
td.data = SHA1;
td.count = 1;
headerPut(sig, &td, HEADERPUT_DEFAULT);
SHA1 = _free(SHA1);
}
{
/* XXX can't use headerPutType() on legacy RPMSIGTAG_* items */
rpmtdReset(&td);
td.tag = payloadtag;
td.count = 1;
if (payloadtag == RPMSIGTAG_PAYLOADSIZE) {
rpm_off_t asize = csa->cpioArchiveSize;
td.type = RPM_INT32_TYPE;
td.data = &asize;
headerPut(sig, &td, HEADERPUT_DEFAULT);
} else {
rpm_loff_t asize = csa->cpioArchiveSize;
td.type = RPM_INT64_TYPE;
td.data = &asize;
headerPut(sig, &td, HEADERPUT_DEFAULT);
}
}
/* Reallocate the signature into one contiguous region. */
sig = headerReload(sig, RPMTAG_HEADERSIGNATURES);
if (sig == NULL) { /* XXX can't happen */
rc = RPMRC_FAIL;
rpmlog(RPMLOG_ERR, _("Unable to reload signature header.\n"));
goto exit;
}
/* Open the output file */
fd = Fopen(fileName, "w.ufdio");
if (fd == NULL || Ferror(fd)) {
rc = RPMRC_FAIL;
rpmlog(RPMLOG_ERR, _("Could not open %s: %s\n"),
fileName, Fstrerror(fd));
goto exit;
}
/* Write the lead section into the package. */
{
rpmlead lead = rpmLeadFromHeader(h);
rc = rpmLeadWrite(fd, lead);
lead = rpmLeadFree(lead);
if (rc != RPMRC_OK) {
rc = RPMRC_FAIL;
rpmlog(RPMLOG_ERR, _("Unable to write package: %s\n"),
Fstrerror(fd));
goto exit;
}
}
/* Write the signature section into the package. */
if (rpmWriteSignature(fd, sig)) {
rc = RPMRC_FAIL;
goto exit;
}
/* Append the header and archive */
ifd = Fopen(sigtarget, "r.ufdio");
if (ifd == NULL || Ferror(ifd)) {
rc = RPMRC_FAIL;
rpmlog(RPMLOG_ERR, _("Unable to open sigtarget %s: %s\n"),
sigtarget, Fstrerror(ifd));
goto exit;
}
/* Add signatures to header, and write header into the package. */
/* XXX header+payload digests/signatures might be checked again here. */
{ Header nh = headerRead(ifd, HEADER_MAGIC_YES);
if (nh == NULL) {
rc = RPMRC_FAIL;
rpmlog(RPMLOG_ERR, _("Unable to read header from %s: %s\n"),
sigtarget, Fstrerror(ifd));
goto exit;
}
#ifdef NOTYET
(void) headerMergeLegacySigs(nh, sig);
#endif
xx = headerWrite(fd, nh, HEADER_MAGIC_YES);
nh = headerFree(nh);
if (xx) {
rc = RPMRC_FAIL;
rpmlog(RPMLOG_ERR, _("Unable to write header to %s: %s\n"),
fileName, Fstrerror(fd));
goto exit;
}
}
/* Write the payload into the package. */
buf = xmalloc(BUFSIZ);
while ((count = Fread(buf, 1, BUFSIZ, ifd)) > 0) {
if (count == -1) {
free(buf);
rc = RPMRC_FAIL;
rpmlog(RPMLOG_ERR, _("Unable to read payload from %s: %s\n"),
sigtarget, Fstrerror(ifd));
goto exit;
}
if (Fwrite(buf, sizeof(buf[0]), count, fd) != count) {
free(buf);
rc = RPMRC_FAIL;
rpmlog(RPMLOG_ERR, _("Unable to write payload to %s: %s\n"),
fileName, Fstrerror(fd));
goto exit;
}
}
free(buf);
rc = RPMRC_OK;
exit:
rpmio_flags = _free(rpmio_flags);
SHA1 = _free(SHA1);
h = headerFree(h);
/* XXX Fish the pkgid out of the signature header. */
if (sig != NULL && pkgidp != NULL) {
struct rpmtd_s md5tag;
headerGet(sig, RPMSIGTAG_MD5, &md5tag, HEADERGET_DEFAULT);
if (rpmtdType(&md5tag) == RPM_BIN_TYPE &&
md5tag.count == 16 && md5tag.data != NULL) {
*pkgidp = md5tag.data;
}
}
sig = rpmFreeSignature(sig);
if (ifd) {
(void) Fclose(ifd);
ifd = NULL;
}
if (fd) {
(void) Fclose(fd);
fd = NULL;
}
if (sigtarget) {
(void) unlink(sigtarget);
sigtarget = _free(sigtarget);
}
if (rc == RPMRC_OK)
rpmlog(RPMLOG_NOTICE, _("Wrote: %s\n"), fileName);
else
(void) unlink(fileName);
return rc;
}
/** \ingroup rpmcli
* Create/modify elements in signature header.
* @param rpm path to package
* @param deleting adding or deleting signature?
* @param signfiles sign files if non-zero
* @return 0 on success, -1 on error
*/
static int rpmSign(const char *rpm, int deleting, int signfiles)
{
FD_t fd = NULL;
FD_t ofd = NULL;
char *trpm = NULL;
Header sigh = NULL;
Header h = NULL;
char *msg = NULL;
int res = -1; /* assume failure */
rpmRC rc;
struct rpmtd_s utd;
off_t headerStart;
off_t sigStart;
struct sigTarget_s sigt_v3;
struct sigTarget_s sigt_v4;
unsigned int origSigSize;
int insSig = 0;
fprintf(stdout, "%s:\n", rpm);
if (manageFile(&fd, rpm, O_RDWR))
goto exit;
if ((rc = rpmLeadRead(fd, &msg)) != RPMRC_OK) {
rpmlog(RPMLOG_ERR, "%s: %s\n", rpm, msg);
goto exit;
}
sigStart = Ftell(fd);
rc = rpmReadSignature(fd, &sigh, &msg);
if (rc != RPMRC_OK) {
rpmlog(RPMLOG_ERR, _("%s: rpmReadSignature failed: %s"), rpm,
(msg && *msg ? msg : "\n"));
goto exit;
}
headerStart = Ftell(fd);
if (rpmReadHeader(NULL, fd, &h, &msg) != RPMRC_OK) {
rpmlog(RPMLOG_ERR, _("%s: headerRead failed: %s\n"), rpm, msg);
goto exit;
}
if (!headerIsEntry(h, RPMTAG_HEADERIMMUTABLE)) {
rpmlog(RPMLOG_ERR, _("Cannot sign RPM v3 packages\n"));
goto exit;
}
unloadImmutableRegion(&sigh, RPMTAG_HEADERSIGNATURES);
origSigSize = headerSizeof(sigh, HEADER_MAGIC_YES);
if (signfiles) {
if (includeFileSignatures(&sigh, &h))
goto exit;
}
if (deleting) { /* Nuke all the signature tags. */
deleteSigs(sigh);
} else {
/* Signature target containing header + payload */
sigt_v3.fd = fd;
sigt_v3.start = headerStart;
sigt_v3.fileName = rpm;
sigt_v3.size = fdSize(fd) - headerStart;
/* Signature target containing only header */
sigt_v4 = sigt_v3;
sigt_v4.size = headerSizeof(h, HEADER_MAGIC_YES);
res = replaceSignature(sigh, &sigt_v3, &sigt_v4);
if (res != 0) {
if (res == 1) {
rpmlog(RPMLOG_WARNING,
_("%s already contains identical signature, skipping\n"),
rpm);
/* Identical signature is not an error */
res = 0;
}
goto exit;
}
res = -1;
}
/* Try to make new signature smaller to have size of original signature */
rpmtdReset(&utd);
if (headerGet(sigh, RPMSIGTAG_RESERVEDSPACE, &utd, HEADERGET_MINMEM)) {
int diff;
int count;
char *reservedSpace = NULL;
count = utd.count;
diff = headerSizeof(sigh, HEADER_MAGIC_YES) - origSigSize;
if (diff < count) {
reservedSpace = xcalloc(count - diff, sizeof(char));
headerDel(sigh, RPMSIGTAG_RESERVEDSPACE);
rpmtdReset(&utd);
utd.tag = RPMSIGTAG_RESERVEDSPACE;
utd.count = count - diff;
utd.type = RPM_BIN_TYPE;
utd.data = reservedSpace;
headerPut(sigh, &utd, HEADERPUT_DEFAULT);
free(reservedSpace);
insSig = 1;
}
}
/* Reallocate the signature into one contiguous region. */
sigh = headerReload(sigh, RPMTAG_HEADERSIGNATURES);
if (sigh == NULL) /* XXX can't happen */
goto exit;
if (insSig) {
/* Insert new signature into original rpm */
if (Fseek(fd, sigStart, SEEK_SET) < 0) {
rpmlog(RPMLOG_ERR, _("Could not seek in file %s: %s\n"),
rpm, Fstrerror(fd));
goto exit;
}
if (rpmWriteSignature(fd, sigh)) {
rpmlog(RPMLOG_ERR, _("%s: rpmWriteSignature failed: %s\n"), rpm,
Fstrerror(fd));
goto exit;
}
res = 0;
} else {
/* Replace orignal rpm with new rpm containing new signature */
rasprintf(&trpm, "%s.XXXXXX", rpm);
ofd = rpmMkTemp(trpm);
if (ofd == NULL || Ferror(ofd)) {
rpmlog(RPMLOG_ERR, _("rpmMkTemp failed\n"));
goto exit;
}
/* Write the lead/signature of the output rpm */
rc = rpmLeadWrite(ofd, h);
if (rc != RPMRC_OK) {
rpmlog(RPMLOG_ERR, _("%s: writeLead failed: %s\n"), trpm,
Fstrerror(ofd));
goto exit;
}
if (rpmWriteSignature(ofd, sigh)) {
rpmlog(RPMLOG_ERR, _("%s: rpmWriteSignature failed: %s\n"), trpm,
Fstrerror(ofd));
goto exit;
}
if (Fseek(fd, headerStart, SEEK_SET) < 0) {
rpmlog(RPMLOG_ERR, _("Could not seek in file %s: %s\n"),
rpm, Fstrerror(fd));
goto exit;
}
/* Append the header and archive from the temp file */
if (copyFile(&fd, rpm, &ofd, trpm) == 0) {
struct stat st;
/* Move final target into place, restore file permissions. */
if (stat(rpm, &st) == 0 && unlink(rpm) == 0 &&
rename(trpm, rpm) == 0 && chmod(rpm, st.st_mode) == 0) {
res = 0;
} else {
rpmlog(RPMLOG_ERR, _("replacing %s failed: %s\n"),
rpm, strerror(errno));
}
}
}
exit:
if (fd) (void) closeFile(&fd);
if (ofd) (void) closeFile(&ofd);
headerFree(sigh);
headerFree(h);
free(msg);
/* Clean up intermediate target */
if (trpm) {
(void) unlink(trpm);
free(trpm);
}
return res;
}
rpmRC rpmGenerateSignature(char *SHA1, uint8_t *MD5, rpm_loff_t size,
rpm_loff_t payloadSize, FD_t fd)
{
Header sig = headerNew();
struct rpmtd_s td;
rpmRC rc = RPMRC_OK;
char *reservedSpace;
int spaceSize = 32; /* always reserve a bit of space */
int gpgSize = rpmExpandNumeric("%{__gpg_reserved_space}");
/* Prepare signature */
rpmtdReset(&td);
td.tag = RPMSIGTAG_SHA1;
td.count = 1;
td.type = RPM_STRING_TYPE;
td.data = SHA1;
headerPut(sig, &td, HEADERPUT_DEFAULT);
rpmtdReset(&td);
td.tag = RPMSIGTAG_MD5;
td.count = 16;
td.type = RPM_BIN_TYPE;
td.data = MD5;
headerPut(sig, &td, HEADERPUT_DEFAULT);
rpmtdReset(&td);
td.count = 1;
if (payloadSize < UINT32_MAX) {
rpm_off_t p = payloadSize;
rpm_off_t s = size;
td.type = RPM_INT32_TYPE;
td.tag = RPMSIGTAG_PAYLOADSIZE;
td.data = &p;
headerPut(sig, &td, HEADERPUT_DEFAULT);
td.tag = RPMSIGTAG_SIZE;
td.data = &s;
headerPut(sig, &td, HEADERPUT_DEFAULT);
} else {
rpm_loff_t p = payloadSize;
rpm_loff_t s = size;
td.type = RPM_INT64_TYPE;
td.tag = RPMSIGTAG_LONGARCHIVESIZE;
td.data = &p;
headerPut(sig, &td, HEADERPUT_DEFAULT);
td.tag = RPMSIGTAG_LONGSIZE;
td.data = &s;
headerPut(sig, &td, HEADERPUT_DEFAULT);
/* adjust for the size difference between 64- and 32bit tags */
spaceSize -= 8;
}
if (gpgSize > 0)
spaceSize += gpgSize;
if(spaceSize > 0) {
reservedSpace = xcalloc(spaceSize, sizeof(char));
rpmtdReset(&td);
td.tag = RPMSIGTAG_RESERVEDSPACE;
td.count = spaceSize;
td.type = RPM_BIN_TYPE;
td.data = reservedSpace;
headerPut(sig, &td, HEADERPUT_DEFAULT);
free(reservedSpace);
}
/* Reallocate the signature into one contiguous region. */
sig = headerReload(sig, RPMTAG_HEADERSIGNATURES);
if (sig == NULL) { /* XXX can't happen */
rpmlog(RPMLOG_ERR, _("Unable to reload signature header.\n"));
rc = RPMRC_FAIL;
goto exit;
}
/* Write the signature section into the package. */
if (rpmWriteSignature(fd, sig)) {
rc = RPMRC_FAIL;
goto exit;
}
exit:
headerFree(sig);
return rc;
}
/* Build pubkey header. */
static int makePubkeyHeader(rpmts ts, rpmPubkey key, Header * hdrp)
{
Header h = headerNew();
const char * afmt = "%{pubkeys:armor}";
const char * group = "Public Keys";
const char * license = "pubkey";
const char * buildhost = "localhost";
const char * userid;
rpmsenseFlags pflags = (RPMSENSE_KEYRING|RPMSENSE_EQUAL);
uint32_t zero = 0;
uint32_t keytime = 0;
pgpDig dig = NULL;
pgpDigParams pubp = NULL;
char * d = NULL;
char * enc = NULL;
char * n = NULL;
char * u = NULL;
char * v = NULL;
char * r = NULL;
char * evr = NULL;
int rc = -1;
if ((enc = rpmPubkeyBase64(key)) == NULL)
goto exit;
if ((dig = rpmPubkeyDig(key)) == NULL)
goto exit;
if ((pubp = pgpDigGetParams(dig, PGPTAG_PUBLIC_KEY)) == NULL)
goto exit;
/* Build header elements. */
v = pgpHexStr(pubp->signid, sizeof(pubp->signid));
r = pgpHexStr(pubp->time, sizeof(pubp->time));
userid = pubp->userid ? pubp->userid : "none";
keytime = pgpGrab(pubp->time, sizeof(pubp->time));
rasprintf(&n, "gpg(%s)", v+8);
rasprintf(&u, "gpg(%s)", userid);
rasprintf(&evr, "%d:%s-%s", pubp->version, v, r);
headerPutString(h, RPMTAG_PUBKEYS, enc);
if ((d = headerFormat(h, afmt, NULL)) == NULL)
goto exit;
headerPutString(h, RPMTAG_NAME, "gpg-pubkey");
headerPutString(h, RPMTAG_VERSION, v+8);
headerPutString(h, RPMTAG_RELEASE, r);
headerPutString(h, RPMTAG_DESCRIPTION, d);
headerPutString(h, RPMTAG_GROUP, group);
headerPutString(h, RPMTAG_LICENSE, license);
headerPutString(h, RPMTAG_SUMMARY, u);
headerPutString(h, RPMTAG_PACKAGER, userid);
headerPutUint32(h, RPMTAG_SIZE, &zero, 1);
headerPutString(h, RPMTAG_PROVIDENAME, u);
headerPutString(h, RPMTAG_PROVIDEVERSION, evr);
headerPutUint32(h, RPMTAG_PROVIDEFLAGS, &pflags, 1);
headerPutString(h, RPMTAG_PROVIDENAME, n);
headerPutString(h, RPMTAG_PROVIDEVERSION, evr);
headerPutUint32(h, RPMTAG_PROVIDEFLAGS, &pflags, 1);
headerPutString(h, RPMTAG_RPMVERSION, RPMVERSION);
headerPutString(h, RPMTAG_BUILDHOST, buildhost);
headerPutUint32(h, RPMTAG_BUILDTIME, &keytime, 1);
headerPutString(h, RPMTAG_SOURCERPM, "(none)");
/* Reload the lot to immutable region and stomp sha1 digest on it */
h = headerReload(h, RPMTAG_HEADERIMMUTABLE);
if (h != NULL) {
char *sha1 = NULL;
unsigned int blen = 0;
const void *blob = headerExport(h, &blen);
/* XXX FIXME: bah, this code is repeated in way too many places */
DIGEST_CTX ctx = rpmDigestInit(PGPHASHALGO_SHA1, RPMDIGEST_NONE);
rpmDigestUpdate(ctx, rpm_header_magic, sizeof(rpm_header_magic));
rpmDigestUpdate(ctx, blob, blen);
rpmDigestFinal(ctx, (void **)&sha1, NULL, 1);
if (sha1) {
headerPutString(h, RPMTAG_SHA1HEADER, sha1);
*hdrp = headerLink(h);
rc = 0;
}
free(sha1);
}
exit:
headerFree(h);
pgpFreeDig(dig);
free(n);
free(u);
free(v);
free(r);
free(evr);
free(enc);
free(d);
return rc;
}
static rpmRC includeFileSignatures(FD_t fd, const char *rpm,
Header *sigp, Header *hdrp,
off_t sigStart, off_t headerStart)
{
FD_t ofd = NULL;
char *trpm = NULL;
char *key;
char *keypass;
char *SHA1 = NULL;
uint8_t *MD5 = NULL;
size_t sha1len;
size_t md5len;
off_t sigTargetSize;
rpmRC rc = RPMRC_OK;
struct rpmtd_s osigtd;
char *o_sha1 = NULL;
uint8_t o_md5[16];
#ifndef WITH_IMAEVM
rpmlog(RPMLOG_ERR, _("missing libimaevm\n"));
return RPMRC_FAIL;
#endif
unloadImmutableRegion(hdrp, RPMTAG_HEADERIMMUTABLE);
key = rpmExpand("%{?_file_signing_key}", NULL);
keypass = rpmExpand("%{_file_signing_key_password}", NULL);
if (rstreq(keypass, "")) {
free(keypass);
keypass = NULL;
}
rc = rpmSignFiles(*hdrp, key, keypass);
if (rc != RPMRC_OK) {
goto exit;
}
*hdrp = headerReload(*hdrp, RPMTAG_HEADERIMMUTABLE);
if (*hdrp == NULL) {
rc = RPMRC_FAIL;
rpmlog(RPMLOG_ERR, _("headerReload failed\n"));
goto exit;
}
ofd = rpmMkTempFile(NULL, &trpm);
if (ofd == NULL || Ferror(ofd)) {
rc = RPMRC_FAIL;
rpmlog(RPMLOG_ERR, _("rpmMkTemp failed\n"));
goto exit;
}
/* Copy archive to temp file */
if (copyFile(&fd, rpm, &ofd, trpm)) {
rc = RPMRC_FAIL;
rpmlog(RPMLOG_ERR, _("copyFile failed\n"));
goto exit;
}
if (Fseek(fd, headerStart, SEEK_SET) < 0) {
rc = RPMRC_FAIL;
rpmlog(RPMLOG_ERR, _("Could not seek in file %s: %s\n"),
rpm, Fstrerror(fd));
goto exit;
}
/* Start MD5 calculation */
fdInitDigest(fd, PGPHASHALGO_MD5, 0);
/* Write header to rpm and recalculate SHA1 */
fdInitDigest(fd, PGPHASHALGO_SHA1, 0);
rc = headerWrite(fd, *hdrp, HEADER_MAGIC_YES);
if (rc != RPMRC_OK) {
rpmlog(RPMLOG_ERR, _("headerWrite failed\n"));
goto exit;
}
fdFiniDigest(fd, PGPHASHALGO_SHA1, (void **)&SHA1, &sha1len, 1);
/* Copy archive from temp file */
if (Fseek(ofd, 0, SEEK_SET) < 0) {
rc = RPMRC_FAIL;
rpmlog(RPMLOG_ERR, _("Could not seek in file %s: %s\n"),
rpm, Fstrerror(fd));
goto exit;
}
if (copyFile(&ofd, trpm, &fd, rpm)) {
rc = RPMRC_FAIL;
rpmlog(RPMLOG_ERR, _("copyFile failed\n"));
goto exit;
}
unlink(trpm);
sigTargetSize = Ftell(fd) - headerStart;
fdFiniDigest(fd, PGPHASHALGO_MD5, (void **)&MD5, &md5len, 0);
if (headerGet(*sigp, RPMSIGTAG_MD5, &osigtd, HEADERGET_DEFAULT)) {
memcpy(o_md5, osigtd.data, 16);
rpmtdFreeData(&osigtd);
}
if (headerGet(*sigp, RPMSIGTAG_SHA1, &osigtd, HEADERGET_DEFAULT)) {
o_sha1 = xstrdup(osigtd.data);
rpmtdFreeData(&osigtd);
}
if (memcmp(MD5, o_md5, md5len) == 0 && strcmp(SHA1, o_sha1) == 0)
rpmlog(RPMLOG_WARNING,
_("%s already contains identical file signatures\n"),
rpm);
else
replaceSigDigests(fd, rpm, sigp, sigStart, sigTargetSize, SHA1, MD5);
exit:
free(trpm);
free(MD5);
free(SHA1);
free(o_sha1);
free(keypass);
free(key);
if (ofd)
(void) closeFile(&ofd);
return rc;
}
