static rpmRC includeFileSignatures(Header *sigp, Header *hdrp)
{
#ifdef WITH_IMAEVM
rpmRC rc;
char *key;
char *keypass;
key = rpmExpand("%{?_file_signing_key}", NULL);
keypass = rpmExpand("%{?_file_signing_key_password}", NULL);
if (rstreq(keypass, "")) {
free(keypass);
keypass = NULL;
}
rc = rpmSignFiles(*sigp, *hdrp, key, keypass);
free(keypass);
free(key);
return rc;
#else
rpmlog(RPMLOG_ERR, _("file signing support not built in\n"));
return RPMRC_FAIL;
#endif
}
static rpmRC includeFileSignatures(FD_t fd, const char *rpm,
Header *sigp, Header *hdrp,
off_t sigStart, off_t headerStart)
{
FD_t ofd = NULL;
char *trpm = NULL;
char *key;
char *keypass;
char *SHA1 = NULL;
uint8_t *MD5 = NULL;
size_t sha1len;
size_t md5len;
off_t sigTargetSize;
rpmRC rc = RPMRC_OK;
struct rpmtd_s osigtd;
char *o_sha1 = NULL;
uint8_t o_md5[16];
#ifndef WITH_IMAEVM
rpmlog(RPMLOG_ERR, _("missing libimaevm\n"));
return RPMRC_FAIL;
#endif
unloadImmutableRegion(hdrp, RPMTAG_HEADERIMMUTABLE);
key = rpmExpand("%{?_file_signing_key}", NULL);
keypass = rpmExpand("%{_file_signing_key_password}", NULL);
if (rstreq(keypass, "")) {
free(keypass);
keypass = NULL;
}
rc = rpmSignFiles(*hdrp, key, keypass);
if (rc != RPMRC_OK) {
goto exit;
}
*hdrp = headerReload(*hdrp, RPMTAG_HEADERIMMUTABLE);
if (*hdrp == NULL) {
rc = RPMRC_FAIL;
rpmlog(RPMLOG_ERR, _("headerReload failed\n"));
goto exit;
}
ofd = rpmMkTempFile(NULL, &trpm);
if (ofd == NULL || Ferror(ofd)) {
rc = RPMRC_FAIL;
rpmlog(RPMLOG_ERR, _("rpmMkTemp failed\n"));
goto exit;
}
/* Copy archive to temp file */
if (copyFile(&fd, rpm, &ofd, trpm)) {
rc = RPMRC_FAIL;
rpmlog(RPMLOG_ERR, _("copyFile failed\n"));
goto exit;
}
if (Fseek(fd, headerStart, SEEK_SET) < 0) {
rc = RPMRC_FAIL;
rpmlog(RPMLOG_ERR, _("Could not seek in file %s: %s\n"),
rpm, Fstrerror(fd));
goto exit;
}
/* Start MD5 calculation */
fdInitDigest(fd, PGPHASHALGO_MD5, 0);
/* Write header to rpm and recalculate SHA1 */
fdInitDigest(fd, PGPHASHALGO_SHA1, 0);
rc = headerWrite(fd, *hdrp, HEADER_MAGIC_YES);
if (rc != RPMRC_OK) {
rpmlog(RPMLOG_ERR, _("headerWrite failed\n"));
goto exit;
}
fdFiniDigest(fd, PGPHASHALGO_SHA1, (void **)&SHA1, &sha1len, 1);
/* Copy archive from temp file */
if (Fseek(ofd, 0, SEEK_SET) < 0) {
rc = RPMRC_FAIL;
rpmlog(RPMLOG_ERR, _("Could not seek in file %s: %s\n"),
rpm, Fstrerror(fd));
goto exit;
}
if (copyFile(&ofd, trpm, &fd, rpm)) {
rc = RPMRC_FAIL;
rpmlog(RPMLOG_ERR, _("copyFile failed\n"));
goto exit;
}
unlink(trpm);
sigTargetSize = Ftell(fd) - headerStart;
fdFiniDigest(fd, PGPHASHALGO_MD5, (void **)&MD5, &md5len, 0);
if (headerGet(*sigp, RPMSIGTAG_MD5, &osigtd, HEADERGET_DEFAULT)) {
memcpy(o_md5, osigtd.data, 16);
rpmtdFreeData(&osigtd);
}
if (headerGet(*sigp, RPMSIGTAG_SHA1, &osigtd, HEADERGET_DEFAULT)) {
o_sha1 = xstrdup(osigtd.data);
rpmtdFreeData(&osigtd);
}
if (memcmp(MD5, o_md5, md5len) == 0 && strcmp(SHA1, o_sha1) == 0)
rpmlog(RPMLOG_WARNING,
_("%s already contains identical file signatures\n"),
rpm);
else
replaceSigDigests(fd, rpm, sigp, sigStart, sigTargetSize, SHA1, MD5);
exit:
free(trpm);
free(MD5);
free(SHA1);
free(o_sha1);
free(keypass);
free(key);
if (ofd)
(void) closeFile(&ofd);
return rc;
}
