--- /dev/null
+--- poldek-0.42.2/pm/rpmorg/signature.c.orig 2020-10-07 23:33:17.051835958 +0200
++++ poldek-0.42.2/pm/rpmorg/signature.c 2020-10-07 23:34:10.408960665 +0200
+@@ -101,18 +101,18 @@
+ case RPMSIGTAG_RSA:
+ case RPMSIGTAG_PGP5: /* XXX legacy */
+ case RPMSIGTAG_PGP:
+- flags |= VRFYSIG_SIGNPGP;
++ flags |= PKGVERIFY_PGP;
+ break;
+
+ case RPMSIGTAG_DSA:
+ case RPMSIGTAG_GPG:
+- flags |= VRFYSIG_SIGNGPG;
++ flags |= PKGVERIFY_GPG;
+ break;
+
+ case RPMSIGTAG_LEMD5_2:
+ case RPMSIGTAG_LEMD5_1:
+ case RPMSIGTAG_MD5:
+- flags |= VRFYSIG_DGST;
++ flags |= PKGVERIFY_MD;
+ break;
+
+ default:
+@@ -137,7 +137,7 @@
+ int rc;
+
+
+- n_assert(flags & (VRFYSIG_DGST | VRFYSIG_SIGN));
++ n_assert(flags & (PKGVERIFY_MD | PKGVERIFY_GPG | PKGVERIFY_PGP));
+
+ if (!rpm_signatures(path, &presented_signs, NULL))
+ return 0;
+@@ -146,13 +146,13 @@
+ char signam[255];
+ int n = 0;
+
+- if (flags & VRFYSIG_DGST)
++ if (flags & PKGVERIFY_MD)
+ n += n_snprintf(&signam[n], sizeof(signam) - n, "digest/");
+
+- if (flags & VRFYSIG_SIGNGPG)
++ if (flags & PKGVERIFY_GPG)
+ n += n_snprintf(&signam[n], sizeof(signam) - n, "gpg/");
+
+- if (flags & VRFYSIG_SIGNPGP)
++ if (flags & PKGVERIFY_PGP)
+ n += n_snprintf(&signam[n], sizeof(signam) - n, "pgp/");
+
+ n_assert(n > 0);
+@@ -163,29 +163,27 @@
+ signam);
+ return 0;
+ }
+- unsigned qva_flags = RPMVSF_DEFAULT;
++ unsigned vfyflags = RPMVSF_DEFAULT;
+
+- if ((flags & (VRFYSIG_SIGNPGP | VRFYSIG_SIGNGPG)) == 0) {
+- qva_flags |= RPMVSF_MASK_NOSIGNATURES;
++ if ((flags & (PKGVERIFY_PGP | PKGVERIFY_GPG)) == 0) {
++ vfyflags |= RPMVSF_MASK_NOSIGNATURES;
+ }
+
+ // always check digests - without them rpmVerifySignature returns error
+- //if ((flags & VRFYSIG_DGST) == 0)
+- // qva_flags |= RPMVSF_MASK_NODIGESTS;
+-
+- memset(&qva, '\0', sizeof(qva));
+- qva.qva_flags = qva_flags;
++ //if ((flags & PKGVERIFY_MD) == 0)
++ // vfyflags |= RPMVSF_MASK_NODIGESTS;
+
+ rc = -1;
+ fdt = Fopen(path, "r.ufdio");
+
+ if (fdt != NULL && Ferror(fdt) == 0) {
+ ts = rpmtsCreate();
++ rpmtsSetVfyFlags(ts, vfyflags);
+ rc = rpmVerifySignatures(&qva, ts, fdt, n_basenam(path));
+ rpmtsFree(ts);
+
+ DBGF("rpmVerifySignatures[md=%d, sign=%d] %s %s\n",
+- flags & VRFYSIG_DGST ? 1:0, flags & VRFYSIG_SIGN ? 1:0,
++ flags & PKGVERIFY_MD ? 1:0, flags & (PKGVERIFY_GPG | PKGVERIFY_PGP) ? 1:0,
+ n_basenam(path), rc == 0 ? "OK" : "BAD");
+ }
+
+@@ -196,24 +196,12 @@
+ static
+ int do_pm_rpm_verify_signature(void *pm_rpm, const char *path, unsigned flags)
+ {
+- unsigned rpmflags = 0;
+-
+- pm_rpm = pm_rpm;
+ if (access(path, R_OK) != 0) {
+ logn(LOGERR, "%s: verify signature failed: %m", path);
+ return 0;
+ }
+
+- if (flags & PKGVERIFY_GPG)
+- rpmflags |= VRFYSIG_SIGNGPG;
+-
+- if (flags & PKGVERIFY_PGP)
+- rpmflags |= VRFYSIG_SIGNPGP;
+-
+- if (flags & PKGVERIFY_MD)
+- rpmflags |= VRFYSIG_DGST;
+-
+- return do_verify_signature(path, rpmflags);
++ return do_verify_signature(path, flags);
+ }
+
+ extern int pm_rpm_verbose;
+--- poldek-0.42.2/pm/rpmorg/pm_rpm.h.orig 2020-10-07 23:34:34.276110954 +0200
++++ poldek-0.42.2/pm/rpmorg/pm_rpm.h 2020-10-07 23:34:40.173648478 +0200
+@@ -69,10 +69,6 @@
+ struct poldek_ts *ts);
+
+ #include <rpm/rpmcli.h>
+-#define VRFYSIG_DGST VERIFY_DIGEST
+-#define VRFYSIG_SIGN VERIFY_SIGNATURE
+-#define VRFYSIG_SIGNGPG VERIFY_SIGNATURE
+-#define VRFYSIG_SIGNPGP VERIFY_SIGNATURE
+
+ int pm_rpm_verify_signature(void *pm_rpm, const char *path, unsigned flags);
+
TLD / packages / poldek.git / blobdiff