/*
* Validate generated signature and insert to header if it looks sane.
* NSS doesn't support everything GPG does. Basic tests to see if the
* generated signature is something we can use.
* Return 0 on success, 1 on failure.
*/
static int putSignature(Header sigh, int ishdr, uint8_t *pkt, size_t pktlen)
{
pgpDigParams sigp = NULL;
rpmTagVal sigtag;
struct rpmtd_s sigtd;
int rc = 1; /* assume failure */
unsigned int hash_algo;
unsigned int pubkey_algo;
if (pgpPrtParams(pkt, pktlen, PGPTAG_SIGNATURE, &sigp)) {
rpmlog(RPMLOG_ERR, _("Unsupported PGP signature\n"));
goto exit;
}
hash_algo = pgpDigParamsAlgo(sigp, PGPVAL_HASHALGO);
if (rpmDigestLength(hash_algo) == 0) {
rpmlog(RPMLOG_ERR, _("Unsupported PGP hash algorithm %u\n"), hash_algo);
goto exit;
}
pubkey_algo = pgpDigParamsAlgo(sigp, PGPVAL_PUBKEYALGO);
switch (pubkey_algo) {
case PGPPUBKEYALGO_DSA:
sigtag = ishdr ? RPMSIGTAG_DSA : RPMSIGTAG_GPG;
break;
case PGPPUBKEYALGO_RSA:
sigtag = ishdr ? RPMSIGTAG_RSA : RPMSIGTAG_PGP;
break;
default:
rpmlog(RPMLOG_ERR, _("Unsupported PGP pubkey algorithm %u\n"),
pubkey_algo);
goto exit;
break;
}
/* Looks sane, insert into header */
rpmtdReset(&sigtd);
sigtd.count = pktlen;
sigtd.data = pkt;
sigtd.type = RPM_BIN_TYPE;
sigtd.tag = sigtag;
/* Argh, reversed return codes */
rc = (headerPut(sigh, &sigtd, HEADERPUT_DEFAULT) == 0);
exit:
pgpDigParamsFree(sigp);
return rc;
}
const unsigned char * rpmfiFDigestIndex(rpmfi fi, int ix, pgpHashAlgo *algo, size_t *len)
{
const unsigned char *digest = NULL;
if (fi != NULL && ix >= 0 && ix < fi->fc) {
size_t diglen = rpmDigestLength(fi->digestalgo);
if (fi->digests != NULL)
digest = fi->digests + (diglen * ix);
if (len)
*len = diglen;
if (algo)
*algo = fi->digestalgo;
}
return digest;
}
/*
* Validate generated signature and insert to header if it looks sane.
* NSS doesn't support everything GPG does. Basic tests to see if the
* generated signature is something we can use.
* Return generated signature tag data on success, NULL on failure.
*/
static rpmtd makeSigTag(Header sigh, int ishdr, uint8_t *pkt, size_t pktlen)
{
pgpDigParams sigp = NULL;
rpmTagVal sigtag;
rpmtd sigtd = NULL;
unsigned int hash_algo;
unsigned int pubkey_algo;
if (pgpPrtParams(pkt, pktlen, PGPTAG_SIGNATURE, &sigp)) {
rpmlog(RPMLOG_ERR, _("Unsupported PGP signature\n"));
goto exit;
}
hash_algo = pgpDigParamsAlgo(sigp, PGPVAL_HASHALGO);
if (rpmDigestLength(hash_algo) == 0) {
rpmlog(RPMLOG_ERR, _("Unsupported PGP hash algorithm %u\n"), hash_algo);
goto exit;
}
pubkey_algo = pgpDigParamsAlgo(sigp, PGPVAL_PUBKEYALGO);
switch (pubkey_algo) {
case PGPPUBKEYALGO_DSA:
sigtag = ishdr ? RPMSIGTAG_DSA : RPMSIGTAG_GPG;
break;
case PGPPUBKEYALGO_RSA:
sigtag = ishdr ? RPMSIGTAG_RSA : RPMSIGTAG_PGP;
break;
default:
rpmlog(RPMLOG_ERR, _("Unsupported PGP pubkey algorithm %u\n"),
pubkey_algo);
goto exit;
break;
}
/* Looks sane, create the tag data */
sigtd = rpmtdNew();
sigtd->count = pktlen;
sigtd->data = memcpy(xmalloc(pktlen), pkt, pktlen);;
sigtd->type = RPM_BIN_TYPE;
sigtd->tag = sigtag;
sigtd->flags |= RPMTD_ALLOCED;
exit:
pgpDigParamsFree(sigp);
return sigtd;
}
rpmfi rpmfiNew(const rpmts ts, Header h, rpmTag tagN, rpmfiFlags flags)
{
rpmfi fi = NULL;
rpm_loff_t *asize = NULL;
unsigned char * t;
int isBuild, isSource;
struct rpmtd_s fdigests, digalgo;
struct rpmtd_s td;
headerGetFlags scareFlags = (flags & RPMFI_KEEPHEADER) ?
HEADERGET_MINMEM : HEADERGET_ALLOC;
headerGetFlags defFlags = HEADERGET_ALLOC;
fi = xcalloc(1, sizeof(*fi));
if (fi == NULL) /* XXX can't happen */
goto exit;
fi->magic = RPMFIMAGIC;
fi->i = -1;
fi->fiflags = flags;
fi->scareFlags = scareFlags;
if (headerGet(h, RPMTAG_LONGARCHIVESIZE, &td, HEADERGET_EXT)) {
asize = rpmtdGetUint64(&td);
}
/* 0 means unknown */
fi->archiveSize = asize ? *asize : 0;
rpmtdFreeData(&td);
/* Archive size is not set when this gets called from build */
isBuild = (asize == NULL);
isSource = headerIsSource(h);
if (isBuild) fi->fiflags |= RPMFI_ISBUILD;
if (isSource) fi->fiflags |= RPMFI_ISSOURCE;
_hgfi(h, RPMTAG_BASENAMES, &td, defFlags, fi->bnl);
fi->fc = rpmtdCount(&td);
if (fi->fc == 0) {
goto exit;
}
_hgfi(h, RPMTAG_DIRNAMES, &td, defFlags, fi->dnl);
fi->dc = rpmtdCount(&td);
_hgfi(h, RPMTAG_DIRINDEXES, &td, scareFlags, fi->dil);
if (!(flags & RPMFI_NOFILEMODES))
_hgfi(h, RPMTAG_FILEMODES, &td, scareFlags, fi->fmodes);
if (!(flags & RPMFI_NOFILEFLAGS))
_hgfi(h, RPMTAG_FILEFLAGS, &td, scareFlags, fi->fflags);
if (!(flags & RPMFI_NOFILEVERIFYFLAGS))
_hgfi(h, RPMTAG_FILEVERIFYFLAGS, &td, scareFlags, fi->vflags);
if (!(flags & RPMFI_NOFILESIZES))
_hgfi(h, RPMTAG_FILESIZES, &td, scareFlags, fi->fsizes);
if (!(flags & RPMFI_NOFILECOLORS))
_hgfi(h, RPMTAG_FILECOLORS, &td, scareFlags, fi->fcolors);
if (!(flags & RPMFI_NOFILECLASS)) {
_hgfi(h, RPMTAG_CLASSDICT, &td, scareFlags, fi->cdict);
fi->ncdict = rpmtdCount(&td);
_hgfi(h, RPMTAG_FILECLASS, &td, scareFlags, fi->fcdictx);
}
if (!(flags & RPMFI_NOFILEDEPS)) {
_hgfi(h, RPMTAG_DEPENDSDICT, &td, scareFlags, fi->ddict);
fi->nddict = rpmtdCount(&td);
_hgfi(h, RPMTAG_FILEDEPENDSX, &td, scareFlags, fi->fddictx);
_hgfi(h, RPMTAG_FILEDEPENDSN, &td, scareFlags, fi->fddictn);
}
if (!(flags & RPMFI_NOFILESTATES))
_hgfi(h, RPMTAG_FILESTATES, &td, defFlags, fi->fstates);
if (!(flags & RPMFI_NOFILECAPS) && headerIsEntry(h, RPMTAG_FILECAPS)) {
fi->fcapcache = strcacheNew();
fi->fcaps = cacheTag(fi->fcapcache, h, RPMTAG_FILECAPS);
}
if (!(flags & RPMFI_NOFILELINKTOS)) {
fi->flinkcache = strcacheNew();
fi->flinks = cacheTag(fi->flinkcache, h, RPMTAG_FILELINKTOS);
}
/* FILELANGS are only interesting when installing */
if ((headerGetInstance(h) == 0) && !(flags & RPMFI_NOFILELANGS))
fi->flangs = cacheTag(langcache, h, RPMTAG_FILELANGS);
/* See if the package has non-md5 file digests */
fi->digestalgo = PGPHASHALGO_MD5;
if (headerGet(h, RPMTAG_FILEDIGESTALGO, &digalgo, HEADERGET_MINMEM)) {
pgpHashAlgo *algo = rpmtdGetUint32(&digalgo);
/* Hmm, what to do with unknown digest algorithms? */
if (algo && rpmDigestLength(*algo) != 0) {
fi->digestalgo = *algo;
}
}
fi->digests = NULL;
/* grab hex digests from header and store in binary format */
if (!(flags & RPMFI_NOFILEDIGESTS) &&
headerGet(h, RPMTAG_FILEDIGESTS, &fdigests, HEADERGET_MINMEM)) {
const char *fdigest;
size_t diglen = rpmDigestLength(fi->digestalgo);
fi->digests = t = xmalloc(rpmtdCount(&fdigests) * diglen);
while ((fdigest = rpmtdNextString(&fdigests))) {
if (!(fdigest && *fdigest != '\0')) {
memset(t, 0, diglen);
t += diglen;
continue;
}
for (int j = 0; j < diglen; j++, t++, fdigest += 2)
*t = (rnibble(fdigest[0]) << 4) | rnibble(fdigest[1]);
}
rpmtdFreeData(&fdigests);
}
/* XXX TR_REMOVED doesn;t need fmtimes, frdevs, finodes */
if (!(flags & RPMFI_NOFILEMTIMES))
_hgfi(h, RPMTAG_FILEMTIMES, &td, scareFlags, fi->fmtimes);
if (!(flags & RPMFI_NOFILERDEVS))
_hgfi(h, RPMTAG_FILERDEVS, &td, scareFlags, fi->frdevs);
if (!(flags & RPMFI_NOFILEINODES))
_hgfi(h, RPMTAG_FILEINODES, &td, scareFlags, fi->finodes);
if (!(flags & RPMFI_NOFILEUSER))
fi->fuser = cacheTag(ugcache, h, RPMTAG_FILEUSERNAME);
if (!(flags & RPMFI_NOFILEGROUP))
fi->fgroup = cacheTag(ugcache, h, RPMTAG_FILEGROUPNAME);
/* lazily alloced from rpmfiFN() */
fi->fn = NULL;
exit:
if (_rpmfi_debug < 0)
fprintf(stderr, "*** fi %p\t[%d]\n", fi, (fi ? fi->fc : 0));
if (fi != NULL) {
fi->h = (fi->fiflags & RPMFI_KEEPHEADER) ? headerLink(h) : NULL;
}
/* FIX: rpmfi null annotations */
return rpmfiLink(fi, __FUNCTION__);
}
rpmfi rpmfiNew(const rpmts ts, Header h, rpmTagVal tagN, rpmfiFlags flags)
{
rpmfi fi = xcalloc(1, sizeof(*fi));
unsigned char * t;
struct rpmtd_s fdigests, digalgo;
struct rpmtd_s td;
headerGetFlags scareFlags = (flags & RPMFI_KEEPHEADER) ?
HEADERGET_MINMEM : HEADERGET_ALLOC;
headerGetFlags defFlags = HEADERGET_ALLOC;
fi->magic = RPMFIMAGIC;
fi->i = -1;
fi->fiflags = flags;
_hgfi(h, RPMTAG_BASENAMES, &td, defFlags, fi->bnl);
fi->fc = rpmtdCount(&td);
if (fi->fc == 0) {
goto exit;
}
_hgfi(h, RPMTAG_DIRNAMES, &td, defFlags, fi->dnl);
fi->dc = rpmtdCount(&td);
_hgfi(h, RPMTAG_DIRINDEXES, &td, scareFlags, fi->dil);
/* Is our filename triplet sane? */
if (fi->dc == 0 || fi->dc > fi->fc || rpmtdCount(&td) != fi->fc)
goto errxit;
for (rpm_count_t i = 0; i < fi->fc; i++) {
if (fi->dil[i] >= fi->fc)
goto errxit;
}
/* XXX TODO: all these should be sanity checked, ugh... */
if (!(flags & RPMFI_NOFILEMODES))
_hgfi(h, RPMTAG_FILEMODES, &td, scareFlags, fi->fmodes);
if (!(flags & RPMFI_NOFILEFLAGS))
_hgfi(h, RPMTAG_FILEFLAGS, &td, scareFlags, fi->fflags);
if (!(flags & RPMFI_NOFILEVERIFYFLAGS))
_hgfi(h, RPMTAG_FILEVERIFYFLAGS, &td, scareFlags, fi->vflags);
if (!(flags & RPMFI_NOFILESIZES))
_hgfi(h, RPMTAG_FILESIZES, &td, scareFlags, fi->fsizes);
if (!(flags & RPMFI_NOFILECOLORS))
_hgfi(h, RPMTAG_FILECOLORS, &td, scareFlags, fi->fcolors);
if (!(flags & RPMFI_NOFILECLASS)) {
_hgfi(h, RPMTAG_CLASSDICT, &td, scareFlags, fi->cdict);
fi->ncdict = rpmtdCount(&td);
_hgfi(h, RPMTAG_FILECLASS, &td, scareFlags, fi->fcdictx);
}
if (!(flags & RPMFI_NOFILEDEPS)) {
_hgfi(h, RPMTAG_DEPENDSDICT, &td, scareFlags, fi->ddict);
fi->nddict = rpmtdCount(&td);
_hgfi(h, RPMTAG_FILEDEPENDSX, &td, scareFlags, fi->fddictx);
_hgfi(h, RPMTAG_FILEDEPENDSN, &td, scareFlags, fi->fddictn);
}
if (!(flags & RPMFI_NOFILESTATES))
_hgfi(h, RPMTAG_FILESTATES, &td, defFlags, fi->fstates);
if (!(flags & RPMFI_NOFILECAPS) && headerIsEntry(h, RPMTAG_FILECAPS)) {
fi->fcapcache = strcacheNew();
fi->fcaps = cacheTag(fi->fcapcache, h, RPMTAG_FILECAPS);
}
if (!(flags & RPMFI_NOFILELINKTOS)) {
fi->flinkcache = strcacheNew();
fi->flinks = cacheTag(fi->flinkcache, h, RPMTAG_FILELINKTOS);
}
/* FILELANGS are only interesting when installing */
if ((headerGetInstance(h) == 0) && !(flags & RPMFI_NOFILELANGS))
fi->flangs = cacheTag(langcache, h, RPMTAG_FILELANGS);
/* See if the package has non-md5 file digests */
fi->digestalgo = PGPHASHALGO_MD5;
if (headerGet(h, RPMTAG_FILEDIGESTALGO, &digalgo, HEADERGET_MINMEM)) {
uint32_t *algo = rpmtdGetUint32(&digalgo);
/* Hmm, what to do with unknown digest algorithms? */
if (algo && rpmDigestLength(*algo) != 0) {
fi->digestalgo = *algo;
}
}
fi->digests = NULL;
/* grab hex digests from header and store in binary format */
if (!(flags & RPMFI_NOFILEDIGESTS) &&
headerGet(h, RPMTAG_FILEDIGESTS, &fdigests, HEADERGET_MINMEM)) {
const char *fdigest;
size_t diglen = rpmDigestLength(fi->digestalgo);
fi->digests = t = xmalloc(rpmtdCount(&fdigests) * diglen);
while ((fdigest = rpmtdNextString(&fdigests))) {
if (!(fdigest && *fdigest != '\0')) {
memset(t, 0, diglen);
t += diglen;
continue;
}
for (int j = 0; j < diglen; j++, t++, fdigest += 2)
*t = (rnibble(fdigest[0]) << 4) | rnibble(fdigest[1]);
}
rpmtdFreeData(&fdigests);
}
/* XXX TR_REMOVED doesn;t need fmtimes, frdevs, finodes */
if (!(flags & RPMFI_NOFILEMTIMES))
_hgfi(h, RPMTAG_FILEMTIMES, &td, scareFlags, fi->fmtimes);
if (!(flags & RPMFI_NOFILERDEVS))
_hgfi(h, RPMTAG_FILERDEVS, &td, scareFlags, fi->frdevs);
if (!(flags & RPMFI_NOFILEINODES))
_hgfi(h, RPMTAG_FILEINODES, &td, scareFlags, fi->finodes);
if (!(flags & RPMFI_NOFILEUSER))
fi->fuser = cacheTag(ugcache, h, RPMTAG_FILEUSERNAME);
if (!(flags & RPMFI_NOFILEGROUP))
fi->fgroup = cacheTag(ugcache, h, RPMTAG_FILEGROUPNAME);
/* lazily alloced from rpmfiFN() */
fi->fn = NULL;
exit:
if (fi != NULL) {
fi->h = (fi->fiflags & RPMFI_KEEPHEADER) ? headerLink(h) : NULL;
}
/* FIX: rpmfi null annotations */
return rpmfiLink(fi);
errxit:
rpmfiFree(fi);
return NULL;
}
static int rpmfiPopulate(rpmfi fi, Header h, rpmfiFlags flags)
{
headerGetFlags scareFlags = (flags & RPMFI_KEEPHEADER) ?
HEADERGET_MINMEM : HEADERGET_ALLOC;
headerGetFlags defFlags = HEADERGET_ALLOC;
struct rpmtd_s fdigests, digalgo, td;
unsigned char * t;
/* XXX TODO: all these should be sanity checked, ugh... */
if (!(flags & RPMFI_NOFILEMODES))
_hgfi(h, RPMTAG_FILEMODES, &td, scareFlags, fi->fmodes);
if (!(flags & RPMFI_NOFILEFLAGS))
_hgfi(h, RPMTAG_FILEFLAGS, &td, scareFlags, fi->fflags);
if (!(flags & RPMFI_NOFILEVERIFYFLAGS))
_hgfi(h, RPMTAG_FILEVERIFYFLAGS, &td, scareFlags, fi->vflags);
if (!(flags & RPMFI_NOFILESIZES)) {
_hgfi(h, RPMTAG_FILESIZES, &td, scareFlags, fi->fsizes);
_hgfi(h, RPMTAG_LONGFILESIZES, &td, scareFlags, fi->lfsizes);
}
if (!(flags & RPMFI_NOFILECOLORS))
_hgfi(h, RPMTAG_FILECOLORS, &td, scareFlags, fi->fcolors);
if (!(flags & RPMFI_NOFILECLASS)) {
_hgfi(h, RPMTAG_CLASSDICT, &td, scareFlags, fi->cdict);
fi->ncdict = rpmtdCount(&td);
_hgfi(h, RPMTAG_FILECLASS, &td, scareFlags, fi->fcdictx);
}
if (!(flags & RPMFI_NOFILEDEPS)) {
_hgfi(h, RPMTAG_DEPENDSDICT, &td, scareFlags, fi->ddict);
fi->nddict = rpmtdCount(&td);
_hgfi(h, RPMTAG_FILEDEPENDSX, &td, scareFlags, fi->fddictx);
_hgfi(h, RPMTAG_FILEDEPENDSN, &td, scareFlags, fi->fddictn);
}
if (!(flags & RPMFI_NOFILESTATES))
_hgfi(h, RPMTAG_FILESTATES, &td, defFlags, fi->fstates);
if (!(flags & RPMFI_NOFILECAPS))
_hgfi(h, RPMTAG_FILECAPS, &td, defFlags, fi->fcaps);
if (!(flags & RPMFI_NOFILELINKTOS))
fi->flinks = tag2pool(fi->pool, h, RPMTAG_FILELINKTOS);
/* FILELANGS are only interesting when installing */
if ((headerGetInstance(h) == 0) && !(flags & RPMFI_NOFILELANGS))
fi->flangs = tag2pool(fi->pool, h, RPMTAG_FILELANGS);
/* See if the package has non-md5 file digests */
fi->digestalgo = PGPHASHALGO_MD5;
if (headerGet(h, RPMTAG_FILEDIGESTALGO, &digalgo, HEADERGET_MINMEM)) {
uint32_t *algo = rpmtdGetUint32(&digalgo);
/* Hmm, what to do with unknown digest algorithms? */
if (algo && rpmDigestLength(*algo) != 0) {
fi->digestalgo = *algo;
}
}
fi->digests = NULL;
/* grab hex digests from header and store in binary format */
if (!(flags & RPMFI_NOFILEDIGESTS) &&
headerGet(h, RPMTAG_FILEDIGESTS, &fdigests, HEADERGET_MINMEM)) {
const char *fdigest;
size_t diglen = rpmDigestLength(fi->digestalgo);
fi->digests = t = xmalloc(rpmtdCount(&fdigests) * diglen);
while ((fdigest = rpmtdNextString(&fdigests))) {
if (!(fdigest && *fdigest != '\0')) {
memset(t, 0, diglen);
t += diglen;
continue;
}
for (int j = 0; j < diglen; j++, t++, fdigest += 2)
*t = (rnibble(fdigest[0]) << 4) | rnibble(fdigest[1]);
}
rpmtdFreeData(&fdigests);
}
/* XXX TR_REMOVED doesn;t need fmtimes, frdevs, finodes */
if (!(flags & RPMFI_NOFILEMTIMES))
_hgfi(h, RPMTAG_FILEMTIMES, &td, scareFlags, fi->fmtimes);
if (!(flags & RPMFI_NOFILERDEVS))
_hgfi(h, RPMTAG_FILERDEVS, &td, scareFlags, fi->frdevs);
if (!(flags & RPMFI_NOFILEINODES))
_hgfi(h, RPMTAG_FILEINODES, &td, scareFlags, fi->finodes);
if (!(flags & RPMFI_NOFILEUSER))
fi->fuser = tag2pool(fi->pool, h, RPMTAG_FILEUSERNAME);
if (!(flags & RPMFI_NOFILEGROUP))
fi->fgroup = tag2pool(fi->pool, h, RPMTAG_FILEGROUPNAME);
/* TODO: validate and return a real error */
return 0;
}
