[OE-core] [PATCH 1/1] rpm: make install with --nosignature and --nodigest work
Hongxu Jia
hongxu.jia at windriver.com
Tue Sep 20 08:15:23 UTC 2016
It fixed the following issue:
1). With option '--nodigest --nosignature', installing package
with bad signature failed
======
root at localhost:~# rpm -ivh --nodigest --nosignature hello-bogus.rpm
error: hello-bogus.rpm: Header V4 DSA signature: BAD, key ID 09753bc
======
2). Without option '--nodigest --nosignature', installing package
with bad signature is successful
======
root at localhost:~# rpm -ivh hello-bogus.rpm
Preparing... ########################################### [100%]
1:hello ########################################### [100%]
root at localhost:~# rpm -q hello
hello-1.0-r1.1.x86_64
======
[YOCTO #10308]
Signed-off-by: Hongxu Jia <hongxu.jia at windriver.com>
---
...0001-system.h-query.c-support-nosignature.patch | 75 ++++++++++++++++++++--
1 file changed, 71 insertions(+), 4 deletions(-)
diff --git a/meta/recipes-devtools/rpm/rpm/0001-system.h-query.c-support-nosignature.patch b/meta/recipes-devtools/rpm/rpm/0001-system.h-query.c-support-nosignature.patch
index 77dc5b6..d8636c4 100644
--- a/meta/recipes-devtools/rpm/rpm/0001-system.h-query.c-support-nosignature.patch
+++ b/meta/recipes-devtools/rpm/rpm/0001-system.h-query.c-support-nosignature.patch
@@ -8,13 +8,29 @@ Subject: [PATCH] system.h/query.c: support nosignature
otherwise, when use --nosignature would read database and verify
signature, this is not expected.
-Upstream-Status: Submitted [Sent email to rpm-devel at rpm5.org]
+Upstream-Status: Rejected [Sent email to rpm-devel at rpm5.org]
+http://rpm5.org/community/rpm-devel/5655.html
Signed-off-by: Robert Yang <liezhi.yang at windriver.com>
+
+lib/rpminstall.c: support nosignature
+* !QVA_ISSET -> QVA_ISSET
+Reversing QVA_ISSET:
+- The macro QVA_ISSET(qva->qva_flags, SIGNATURE) invoking in
+ lib/rpminstall.c means qva->qva_flags has bitmap VERIFY_SIGNATURE.
+ And the bitmap assigning in lib/poptQV.c means rpm cli have option
+ --nosignature. (It is weird that SIGNATURE in QVA_ISSET means
+ --nosignature)
+
+ The upstream said he will remove all the SUPPORT_NOSIGNATURES code.
+ See upstream reply http://rpm5.org/community/rpm-devel/5655.html
+
+Signed-off-by: Hongxu Jia <hongxu.jia at windriver.com>
---
- lib/query.c | 6 +++---
- system.h | 4 ++--
- 2 files changed, 5 insertions(+), 5 deletions(-)
+ lib/query.c | 6 +++---
+ lib/rpminstall.c | 12 ++++++------
+ system.h | 4 ++--
+ 3 files changed, 11 insertions(+), 11 deletions(-)
diff --git a/lib/query.c b/lib/query.c
index 50a7453..b761d76 100644
@@ -43,6 +59,56 @@ index 50a7453..b761d76 100644
VSF_SET(vsflags, NOHDRCHK);
}
VSF_CLR(vsflags, NEEDPAYLOAD); /* XXX needed? */
+diff --git a/lib/rpminstall.c b/lib/rpminstall.c
+index af6a51b..2a23343 100644
+--- a/lib/rpminstall.c
++++ b/lib/rpminstall.c
+@@ -566,19 +566,19 @@ int rpmcliInstall(rpmts ts, QVA_t ia, const char ** argv)
+ vsflags = (rpmVSFlags) rpmExpandNumeric("%{?_vsflags_install}");
+ vsflags = (rpmVSFlags) 0; /* XXX FIXME: ignore default disablers. */
+ #if defined(SUPPORT_NOSIGNATURES)
+- if (!QVA_ISSET(ia->qva_flags, DIGEST)) {
++ if (QVA_ISSET(ia->qva_flags, DIGEST)) {
+ VSF_SET(vsflags, NOSHA1HEADER);
+ VSF_SET(vsflags, NOMD5HEADER);
+ VSF_SET(vsflags, NOSHA1);
+ VSF_SET(vsflags, NOMD5);
+ }
+- if (!QVA_ISSET(ia->qva_flags, SIGNATURE)) {
++ if (QVA_ISSET(ia->qva_flags, SIGNATURE)) {
+ VSF_SET(vsflags, NODSAHEADER);
+ VSF_SET(vsflags, NORSAHEADER);
+ VSF_SET(vsflags, NODSA);
+ VSF_SET(vsflags, NORSA);
+ }
+- if (!QVA_ISSET(ia->qva_flags, HDRCHK)) {
++ if (QVA_ISSET(ia->qva_flags, HDRCHK)) {
+ VSF_SET(vsflags, NOHDRCHK);
+ }
+ VSF_SET(vsflags, NEEDPAYLOAD);
+@@ -784,19 +784,19 @@ int rpmErase(rpmts ts, QVA_t ia, const char ** argv)
+ vsflags = (rpmVSFlags) rpmExpandNumeric("%{?_vsflags_erase}");
+ vsflags = (rpmVSFlags) 0; /* XXX FIXME: ignore default disablers. */
+ #if defined(SUPPORT_NOSIGNATURES)
+- if (!QVA_ISSET(ia->qva_flags, DIGEST)) {
++ if (QVA_ISSET(ia->qva_flags, DIGEST)) {
+ VSF_SET(vsflags, NOSHA1HEADER);
+ VSF_SET(vsflags, NOMD5HEADER);
+ VSF_SET(vsflags, NOSHA1);
+ VSF_SET(vsflags, NOMD5);
+ }
+- if (!QVA_ISSET(ia->qva_flags, SIGNATURE)) {
++ if (QVA_ISSET(ia->qva_flags, SIGNATURE)) {
+ VSF_SET(vsflags, NODSAHEADER);
+ VSF_SET(vsflags, NORSAHEADER);
+ VSF_SET(vsflags, NODSA);
+ VSF_SET(vsflags, NORSA);
+ }
+- if (!QVA_ISSET(ia->qva_flags, HDRCHK)) {
++ if (QVA_ISSET(ia->qva_flags, HDRCHK)) {
+ VSF_SET(vsflags, NOHDRCHK);
+ }
+ VSF_CLR(vsflags, NEEDPAYLOAD); /* XXX needed? */
diff --git a/system.h b/system.h
index 2ff8906..ad4619a 100644
--- a/system.h
@@ -61,3 +127,4 @@ index 2ff8906..ad4619a 100644
* Permit ar(1) payloads. Disabled while rpmio/iosm.c is under development.
--
2.9.0
+
--
2.8.1
More information about the Openembedded-core
mailing list