summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorjbj <devnull@localhost>2002-07-21 22:06:19 +0000
committerjbj <devnull@localhost>2002-07-21 22:06:19 +0000
commit6af194ed8eae2111a296a7b400a229f0df336a2b (patch)
tree3f231083eb44a8562350aaacd1828b332789079e /lib
parentc2ffec4c6ff43026abea088a36360fbacfc80282 (diff)
downloadlibrpm-tizen-6af194ed8eae2111a296a7b400a229f0df336a2b.tar.gz
librpm-tizen-6af194ed8eae2111a296a7b400a229f0df336a2b.tar.bz2
librpm-tizen-6af194ed8eae2111a296a7b400a229f0df336a2b.zip
- add methods to make signature handling opaque wrto rpmts.
CVS patchset: 5566 CVS date: 2002/07/21 22:06:19
Diffstat (limited to 'lib')
-rw-r--r--lib/Makefile.am2
-rw-r--r--lib/depends.c24
-rw-r--r--lib/package.c144
-rw-r--r--lib/psm.c4
-rw-r--r--lib/query.c16
-rw-r--r--lib/rpmchecksig.c158
-rw-r--r--lib/rpmcli.h12
-rw-r--r--lib/rpmfi.c6
-rw-r--r--lib/rpmlib.h24
-rw-r--r--lib/rpmts.c352
-rw-r--r--lib/rpmts.h186
-rw-r--r--lib/signature.c266
-rw-r--r--lib/transaction.c12
-rw-r--r--lib/verify.c14
14 files changed, 717 insertions, 503 deletions
diff --git a/lib/Makefile.am b/lib/Makefile.am
index 5eae7c2d5..e6f30adf6 100644
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -3,10 +3,10 @@
AUTOMAKE_OPTIONS = 1.4 foreign
INCLUDES = -I. \
+ -I$(top_srcdir) \
-I$(top_srcdir)/build \
-I$(top_srcdir)/rpmdb \
-I$(top_srcdir)/rpmio \
- -I$(top_srcdir)/beecrypt \
-I$(top_srcdir)/popt \
@INCPATH@
diff --git a/lib/depends.c b/lib/depends.c
index 813cf7168..1cbeb224f 100644
--- a/lib/depends.c
+++ b/lib/depends.c
@@ -329,8 +329,10 @@ int rpmtsAddEraseElement(rpmts ts, Header h, int dboffset)
* @return 0 if satisfied, 1 if not satisfied, 2 if error
*/
static int unsatisfiedDepend(rpmts ts, rpmds dep)
- /*@globals _cacheDependsRC, fileSystem, internalState @*/
- /*@modifies ts, _cacheDependsRC, fileSystem, internalState @*/
+ /*@globals _cacheDependsRC, rpmGlobalMacroContext,
+ fileSystem, internalState @*/
+ /*@modifies ts, _cacheDependsRC, rpmGlobalMacroContext,
+ fileSystem, internalState @*/
{
DBT * key = alloca(sizeof(*key));
DBT * data = alloca(sizeof(*data));
@@ -551,8 +553,10 @@ exit:
static int checkPackageDeps(rpmts ts, const char * pkgNEVR,
/*@null@*/ rpmds requires, /*@null@*/ rpmds conflicts,
/*@null@*/ const char * depName, uint_32 multiLib, int adding)
- /*@globals fileSystem, internalState @*/
- /*@modifies ts, requires, conflicts, fileSystem, internalState */
+ /*@globals rpmGlobalMacroContext,
+ fileSystem, internalState @*/
+ /*@modifies ts, requires, conflicts, rpmGlobalMacroContext,
+ fileSystem, internalState */
{
const char * Name;
int_32 Flags;
@@ -652,8 +656,8 @@ static int checkPackageDeps(rpmts ts, const char * pkgNEVR,
*/
static int checkPackageSet(rpmts ts, const char * dep,
/*@only@*/ /*@null@*/ rpmdbMatchIterator mi, int adding)
- /*@globals fileSystem, internalState @*/
- /*@modifies ts, mi, fileSystem, internalState @*/
+ /*@globals rpmGlobalMacroContext, fileSystem, internalState @*/
+ /*@modifies ts, mi, rpmGlobalMacroContext, fileSystem, internalState @*/
{
int scareMem = 1;
Header h;
@@ -691,8 +695,8 @@ static int checkPackageSet(rpmts ts, const char * dep,
* @return 0 no problems found
*/
static int checkDependentPackages(rpmts ts, const char * dep)
- /*@globals fileSystem, internalState @*/
- /*@modifies ts, fileSystem, internalState @*/
+ /*@globals rpmGlobalMacroContext, fileSystem, internalState @*/
+ /*@modifies ts, rpmGlobalMacroContext, fileSystem, internalState @*/
{
rpmdbMatchIterator mi;
mi = rpmtsInitIterator(ts, RPMTAG_REQUIRENAME, dep, 0);
@@ -706,8 +710,8 @@ static int checkDependentPackages(rpmts ts, const char * dep)
* @return 0 no problems found
*/
static int checkDependentConflicts(rpmts ts, const char * dep)
- /*@globals fileSystem, internalState @*/
- /*@modifies ts, fileSystem, internalState @*/
+ /*@globals rpmGlobalMacroContext, fileSystem, internalState @*/
+ /*@modifies ts, rpmGlobalMacroContext, fileSystem, internalState @*/
{
int rc = 0;
diff --git a/lib/package.c b/lib/package.c
index f8116986f..5fe74c0fd 100644
--- a/lib/package.c
+++ b/lib/package.c
@@ -9,7 +9,6 @@
#include <rpmio_internal.h>
#include <rpmlib.h>
-#define _RPMTS_INTERNAL
#include "rpmts.h"
#include "misc.h" /* XXX stripTrailingChar() */
@@ -154,14 +153,15 @@ static int rpmtsStashKeyid(rpmts ts)
/*@globals nkeyids, keyids @*/
/*@modifies nkeyids, keyids @*/
{
- pgpDigParams sigp = NULL;
+ const void * sig = rpmtsSig(ts);
+ pgpDig dig = rpmtsDig(ts);
+ pgpDigParams sigp = rpmtsSignature(ts);
unsigned int keyid;
int i;
- if (ts->sig == NULL || ts->dig == NULL)
+ if (sig == NULL || dig == NULL || sigp == NULL)
return 0;
- sigp = &ts->dig->signature;
keyid = pgpGrab(sigp->signid+4, 4);
if (keyid == 0)
return 0;
@@ -191,12 +191,18 @@ static unsigned char header_magic[8] = {
int rpmReadPackageFile(rpmts ts, FD_t fd,
const char * fn, Header * hdrp)
{
+ pgpDig dig;
byte buf[8*BUFSIZ];
ssize_t count;
struct rpmlead * l = alloca(sizeof(*l));
- Header sig;
+ Header sigh;
+ int_32 sigtag;
+ int_32 sigtype;
+ const void * sig;
+ int_32 siglen;
Header h = NULL;
int hmagic;
+ int vsflags;
rpmRC rc = RPMRC_FAIL; /* assume failure */
int xx;
int i;
@@ -243,51 +249,52 @@ int rpmReadPackageFile(rpmts ts, FD_t fd,
}
/* Read the signature header. */
- rc = rpmReadSignature(fd, &sig, l->signature_type);
+ rc = rpmReadSignature(fd, &sigh, l->signature_type);
if (!(rc == RPMRC_OK || rc == RPMRC_BADSIZE)) {
rpmError(RPMERR_SIGGEN, _("%s: rpmReadSignature failed\n"), fn);
goto exit;
}
- if (sig == NULL) {
+ if (sigh == NULL) {
rpmError(RPMERR_SIGGEN, _("%s: No signature available\n"), fn);
rc = RPMRC_FAIL;
goto exit;
}
/* Figger the most effective available signature. */
- ts->sigtag = 0;
- if (ts->vsflags & _RPMTS_VSF_VERIFY_LEGACY) {
- if (ts->sigtag == 0 && !(ts->vsflags & _RPMTS_VSF_NOSIGNATURES)) {
- if (headerIsEntry(sig, RPMSIGTAG_DSA))
- ts->sigtag = RPMSIGTAG_DSA;
- else if (headerIsEntry(sig, RPMSIGTAG_RSA))
- ts->sigtag = RPMSIGTAG_RSA;
- else if (headerIsEntry(sig, RPMSIGTAG_GPG)) {
- ts->sigtag = RPMSIGTAG_GPG;
+ sigtag = 0;
+ vsflags = rpmtsVerifySigFlags(ts);
+ if (vsflags & _RPMTS_VSF_VERIFY_LEGACY) {
+ if (sigtag == 0 && !(vsflags & _RPMTS_VSF_NOSIGNATURES)) {
+ if (headerIsEntry(sigh, RPMSIGTAG_DSA))
+ sigtag = RPMSIGTAG_DSA;
+ else if (headerIsEntry(sigh, RPMSIGTAG_RSA))
+ sigtag = RPMSIGTAG_RSA;
+ else if (headerIsEntry(sigh, RPMSIGTAG_GPG)) {
+ sigtag = RPMSIGTAG_GPG;
fdInitDigest(fd, PGPHASHALGO_SHA1, 0);
- } else if (headerIsEntry(sig, RPMSIGTAG_PGP)) {
- ts->sigtag = RPMSIGTAG_PGP;
+ } else if (headerIsEntry(sigh, RPMSIGTAG_PGP)) {
+ sigtag = RPMSIGTAG_PGP;
fdInitDigest(fd, PGPHASHALGO_MD5, 0);
}
}
- if (ts->sigtag == 0 && !(ts->vsflags & _RPMTS_VSF_NODIGESTS)) {
- if (headerIsEntry(sig, RPMSIGTAG_SHA1))
- ts->sigtag = RPMSIGTAG_SHA1;
- else if (headerIsEntry(sig, RPMSIGTAG_MD5)) {
- ts->sigtag = RPMSIGTAG_MD5;
+ if (sigtag == 0 && !(vsflags & _RPMTS_VSF_NODIGESTS)) {
+ if (headerIsEntry(sigh, RPMSIGTAG_SHA1))
+ sigtag = RPMSIGTAG_SHA1;
+ else if (headerIsEntry(sigh, RPMSIGTAG_MD5)) {
+ sigtag = RPMSIGTAG_MD5;
fdInitDigest(fd, PGPHASHALGO_MD5, 0);
}
}
} else {
- if (ts->sigtag == 0 && !(ts->vsflags & _RPMTS_VSF_NOSIGNATURES)) {
- if (headerIsEntry(sig, RPMSIGTAG_DSA))
- ts->sigtag = RPMSIGTAG_DSA;
- else if (headerIsEntry(sig, RPMSIGTAG_RSA))
- ts->sigtag = RPMSIGTAG_RSA;
+ if (sigtag == 0 && !(vsflags & _RPMTS_VSF_NOSIGNATURES)) {
+ if (headerIsEntry(sigh, RPMSIGTAG_DSA))
+ sigtag = RPMSIGTAG_DSA;
+ else if (headerIsEntry(sigh, RPMSIGTAG_RSA))
+ sigtag = RPMSIGTAG_RSA;
}
- if (ts->sigtag == 0 && !(ts->vsflags & _RPMTS_VSF_NODIGESTS)) {
- if (headerIsEntry(sig, RPMSIGTAG_SHA1))
- ts->sigtag = RPMSIGTAG_SHA1;
+ if (sigtag == 0 && !(vsflags & _RPMTS_VSF_NODIGESTS)) {
+ if (headerIsEntry(sigh, RPMSIGTAG_SHA1))
+ sigtag = RPMSIGTAG_SHA1;
}
}
@@ -301,37 +308,37 @@ int rpmReadPackageFile(rpmts ts, FD_t fd,
}
/* Any signatures to check? */
- if (ts->sigtag == 0) {
+ if (sigtag == 0) {
rc = RPMRC_OK;
goto exit;
}
- ts->dig = pgpNewDig();
- if (ts->dig == NULL) {
+ dig = rpmtsDig(ts);
+ if (dig == NULL) {
rc = RPMRC_FAIL;
goto exit;
}
- ts->dig->nbytes = 0;
+ dig->nbytes = 0;
/* Retrieve the tag parameters from the signature header. */
- ts->sig = NULL;
- xx = headerGetEntry(sig, ts->sigtag, &ts->sigtype,
- (void **) &ts->sig, &ts->siglen);
- if (ts->sig == NULL) {
+ sig = NULL;
+ xx = headerGetEntry(sigh, sigtag, &sigtype, (void **) &sig, &siglen);
+ if (sig == NULL) {
rc = RPMRC_FAIL;
goto exit;
}
+ (void) rpmtsSetSig(ts, sigtag, sigtype, sig, siglen);
- switch (ts->sigtag) {
+ switch (sigtag) {
case RPMSIGTAG_RSA:
/* Parse the parameters from the OpenPGP packets that will be needed. */
- xx = pgpPrtPkts(ts->sig, ts->siglen, ts->dig,
+ xx = pgpPrtPkts(sig, siglen, dig,
(_print_pkts & rpmIsDebug()));
/* XXX only V3 signatures for now. */
- if (ts->dig->signature.version != 3) {
+ if (dig->signature.version != 3) {
rpmMessage(RPMMESS_WARNING,
_("only V3 signatures can be verified, skipping V%u signature"),
- ts->dig->signature.version);
+ dig->signature.version);
rc = RPMRC_OK;
goto exit;
}
@@ -341,22 +348,22 @@ int rpmReadPackageFile(rpmts ts, FD_t fd,
if (!headerGetEntry(h, RPMTAG_HEADERIMMUTABLE, &uht, &uh, &uhc))
break;
- ts->dig->md5ctx = rpmDigestInit(PGPHASHALGO_MD5, RPMDIGEST_NONE);
- (void) rpmDigestUpdate(ts->dig->md5ctx, header_magic, sizeof(header_magic));
- ts->dig->nbytes += sizeof(header_magic);
- (void) rpmDigestUpdate(ts->dig->md5ctx, uh, uhc);
- ts->dig->nbytes += uhc;
+ dig->md5ctx = rpmDigestInit(PGPHASHALGO_MD5, RPMDIGEST_NONE);
+ (void) rpmDigestUpdate(dig->md5ctx, header_magic, sizeof(header_magic));
+ dig->nbytes += sizeof(header_magic);
+ (void) rpmDigestUpdate(dig->md5ctx, uh, uhc);
+ dig->nbytes += uhc;
uh = headerFreeData(uh, uht);
} break;
case RPMSIGTAG_DSA:
/* Parse the parameters from the OpenPGP packets that will be needed. */
- xx = pgpPrtPkts(ts->sig, ts->siglen, ts->dig,
+ xx = pgpPrtPkts(sig, siglen, dig,
(_print_pkts & rpmIsDebug()));
/* XXX only V3 signatures for now. */
- if (ts->dig->signature.version != 3) {
+ if (dig->signature.version != 3) {
rpmMessage(RPMMESS_WARNING,
_("only V3 signatures can be verified, skipping V%u signature"),
- ts->dig->signature.version);
+ dig->signature.version);
rc = RPMRC_OK;
goto exit;
}
@@ -368,41 +375,41 @@ int rpmReadPackageFile(rpmts ts, FD_t fd,
if (!headerGetEntry(h, RPMTAG_HEADERIMMUTABLE, &uht, &uh, &uhc))
break;
- ts->dig->hdrsha1ctx = rpmDigestInit(PGPHASHALGO_SHA1, RPMDIGEST_NONE);
- (void) rpmDigestUpdate(ts->dig->hdrsha1ctx, header_magic, sizeof(header_magic));
- ts->dig->nbytes += sizeof(header_magic);
- (void) rpmDigestUpdate(ts->dig->hdrsha1ctx, uh, uhc);
- ts->dig->nbytes += uhc;
+ dig->hdrsha1ctx = rpmDigestInit(PGPHASHALGO_SHA1, RPMDIGEST_NONE);
+ (void) rpmDigestUpdate(dig->hdrsha1ctx, header_magic, sizeof(header_magic));
+ dig->nbytes += sizeof(header_magic);
+ (void) rpmDigestUpdate(dig->hdrsha1ctx, uh, uhc);
+ dig->nbytes += uhc;
uh = headerFreeData(uh, uht);
} break;
case RPMSIGTAG_GPG:
case RPMSIGTAG_PGP5: /* XXX legacy */
case RPMSIGTAG_PGP:
/* Parse the parameters from the OpenPGP packets that will be needed. */
- xx = pgpPrtPkts(ts->sig, ts->siglen, ts->dig,
+ xx = pgpPrtPkts(sig, siglen, dig,
(_print_pkts & rpmIsDebug()));
/* XXX only V3 signatures for now. */
- if (ts->dig->signature.version != 3) {
+ if (dig->signature.version != 3) {
rpmMessage(RPMMESS_WARNING,
_("only V3 signatures can be verified, skipping V%u signature"),
- ts->dig->signature.version);
+ dig->signature.version);
rc = RPMRC_OK;
goto exit;
}
/*@fallthrough@*/
case RPMSIGTAG_MD5:
/* Legacy signatures need the compressed payload in the digest too. */
- ts->dig->nbytes += headerSizeof(h, hmagic);
+ dig->nbytes += headerSizeof(h, hmagic);
while ((count = Fread(buf, sizeof(buf[0]), sizeof(buf), fd)) > 0)
- ts->dig->nbytes += count;
+ dig->nbytes += count;
if (count < 0) {
rpmError(RPMERR_FREAD, _("%s: Fread failed: %s\n"),
fn, Fstrerror(fd));
rc = RPMRC_FAIL;
goto exit;
}
- ts->dig->nbytes += count;
+ dig->nbytes += count;
/* XXX Steal the digest-in-progress from the file handle. */
for (i = fd->ndigests - 1; i >= 0; i--) {
@@ -410,12 +417,12 @@ int rpmReadPackageFile(rpmts ts, FD_t fd,
if (fddig->hashctx == NULL)
continue;
if (fddig->hashalgo == PGPHASHALGO_MD5) {
- ts->dig->md5ctx = fddig->hashctx;
+ dig->md5ctx = fddig->hashctx;
fddig->hashctx = NULL;
continue;
}
if (fddig->hashalgo == PGPHASHALGO_SHA1) {
- ts->dig->sha1ctx = fddig->hashctx;
+ dig->sha1ctx = fddig->hashctx;
fddig->hashctx = NULL;
continue;
}
@@ -457,7 +464,7 @@ exit:
legacyRetrofit(h, l);
/* Append (and remap) signature tags to the metadata. */
- headerMergeLegacySigs(h, sig);
+ headerMergeLegacySigs(h, sigh);
/* Bump reference count for return. */
/*@-boundswrite@*/
@@ -465,10 +472,7 @@ exit:
/*@=boundswrite@*/
}
h = headerFree(h);
- if (ts->sig != NULL)
- ts->sig = headerFreeData(ts->sig, ts->sigtype);
- if (ts->dig != NULL)
- ts->dig = pgpFreeDig(ts->dig);
- sig = rpmFreeSignature(sig);
+ rpmtsCleanDig(ts);
+ sigh = rpmFreeSignature(sigh);
return rc;
}
diff --git a/lib/psm.c b/lib/psm.c
index 885d8ab86..669b16e1d 100644
--- a/lib/psm.c
+++ b/lib/psm.c
@@ -338,8 +338,8 @@ static int mergeFiles(rpmfi fi, Header h, Header newH)
*/
/*@-bounds@*/
static int markReplacedFiles(const PSM_t psm)
- /*@globals fileSystem, internalState @*/
- /*@modifies psm, fileSystem, internalState @*/
+ /*@globals rpmGlobalMacroContext, fileSystem, internalState @*/
+ /*@modifies psm, rpmGlobalMacroContext, fileSystem, internalState @*/
{
const rpmts ts = psm->ts;
rpmfi fi = psm->fi;
diff --git a/lib/query.c b/lib/query.c
index d99509ca0..552b3b0c5 100644
--- a/lib/query.c
+++ b/lib/query.c
@@ -709,7 +709,7 @@ restart:
break;
case RPMQV_PKGID:
- { unsigned char md5[16];
+ { unsigned char MD5[16];
unsigned char * t;
for (i = 0, s = arg; *s && isxdigit(*s); s++, i++)
@@ -719,11 +719,11 @@ restart:
return 1;
}
- md5[0] = '\0';
- for (i = 0, t = md5, s = arg; i < 16; i++, t++, s += 2)
+ MD5[0] = '\0';
+ for (i = 0, t = MD5, s = arg; i < 16; i++, t++, s += 2)
*t = (nibble(s[0]) << 4) | nibble(s[1]);
- qva->qva_mi = rpmtsInitIterator(ts, RPMTAG_SIGMD5, md5, sizeof(md5));
+ qva->qva_mi = rpmtsInitIterator(ts, RPMTAG_SIGMD5, MD5, sizeof(MD5));
if (qva->qva_mi == NULL) {
rpmError(RPMERR_QUERYINFO, _("no package matches %s: %s\n"),
"pkgid", arg);
@@ -752,7 +752,7 @@ restart:
break;
case RPMQV_FILEID:
- { unsigned char md5[16];
+ { unsigned char MD5[16];
unsigned char * t;
for (i = 0, s = arg; *s && isxdigit(*s); s++, i++)
@@ -762,11 +762,11 @@ restart:
return 1;
}
- md5[0] = '\0';
- for (i = 0, t = md5, s = arg; i < 16; i++, t++, s += 2)
+ MD5[0] = '\0';
+ for (i = 0, t = MD5, s = arg; i < 16; i++, t++, s += 2)
*t = (nibble(s[0]) << 4) | nibble(s[1]);
- qva->qva_mi = rpmtsInitIterator(ts, RPMTAG_FILEMD5S, md5, sizeof(md5));
+ qva->qva_mi = rpmtsInitIterator(ts, RPMTAG_FILEMD5S, MD5, sizeof(MD5));
if (qva->qva_mi == NULL) {
rpmError(RPMERR_QUERYINFO, _("no package matches %s: %s\n"),
"fileid", arg);
diff --git a/lib/rpmchecksig.c b/lib/rpmchecksig.c
index c405cfc37..c112c83d3 100644
--- a/lib/rpmchecksig.c
+++ b/lib/rpmchecksig.c
@@ -10,7 +10,6 @@
#include "rpmdb.h"
-#define _RPMTS_INTERNAL
#include "rpmts.h"
#include "rpmlead.h"
@@ -18,10 +17,10 @@
#include "misc.h" /* XXX for makeTempFile() */
#include "debug.h"
-/*@access rpmts @*/ /* ts->dig et al */
/*?access Header @*/ /* XXX compared with NULL */
/*@access FD_t @*/ /* XXX stealing digests */
/*@access pgpDig @*/
+/*@access pgpDigParams @*/
/*@unchecked@*/
static int _print_pkts = 0;
@@ -31,8 +30,7 @@ static int _print_pkts = 0;
/*@-boundsread@*/
static int manageFile(FD_t *fdp, const char **fnp, int flags,
/*@unused@*/ int rc)
- /*@globals rpmGlobalMacroContext,
- fileSystem, internalState @*/
+ /*@globals rpmGlobalMacroContext, fileSystem, internalState @*/
/*@modifies *fdp, *fnp, rpmGlobalMacroContext,
fileSystem, internalState @*/
{
@@ -147,7 +145,7 @@ static int getSignid(Header sig, int sigtag, byte * signid)
int rc = 1;
if (headerGetEntry(sig, sigtag, &pkttyp, &pkt, &pktlen) && pkt != NULL) {
- struct pgpDig_s * dig = pgpNewDig();
+ pgpDig dig = pgpNewDig();
if (!pgpPrtPkts(pkt, pktlen, dig, 0)) {
/*@-bounds@*/
@@ -183,7 +181,7 @@ static int rpmReSign(/*@unused@*/ rpmts ts,
const char *rpm, *trpm;
const char *sigtarget = NULL;
char tmprpm[1024+1];
- Header sig = NULL;
+ Header sigh = NULL;
void * uh = NULL;
int_32 uht, uhc;
int res = EXIT_FAILURE;
@@ -223,12 +221,12 @@ static int rpmReSign(/*@unused@*/ rpmts ts,
/*@switchbreak@*/ break;
}
- rc = rpmReadSignature(fd, &sig, l->signature_type);
+ rc = rpmReadSignature(fd, &sigh, l->signature_type);
if (!(rc == RPMRC_OK || rc == RPMRC_BADSIZE)) {
rpmError(RPMERR_SIGGEN, _("%s: rpmReadSignature failed\n"), rpm);
goto exit;
}
- if (sig == NULL) {
+ if (sigh == NULL) {
rpmError(RPMERR_SIGGEN, _("%s: No signature available\n"), rpm);
goto exit;
}
@@ -241,7 +239,7 @@ static int rpmReSign(/*@unused@*/ rpmts ts,
/* ASSERT: fd == NULL && ofd == NULL */
/* Dump the immutable region (if present). */
- if (headerGetEntry(sig, RPMTAG_HEADERSIGNATURES, &uht, &uh, &uhc)) {
+ if (headerGetEntry(sigh, RPMTAG_HEADERSIGNATURES, &uht, &uh, &uhc)) {
HeaderIterator hi;
int_32 tag, type, count;
hPTR_t ptr;
@@ -265,24 +263,24 @@ static int rpmReSign(/*@unused@*/ rpmts ts,
hi = headerFreeIterator(hi);
oh = headerFree(oh);
- sig = headerFree(sig);
- sig = headerLink(nh);
+ sigh = headerFree(sigh);
+ sigh = headerLink(nh);
nh = headerFree(nh);
}
/* Eliminate broken digest values. */
- xx = headerRemoveEntry(sig, RPMSIGTAG_LEMD5_1);
- xx = headerRemoveEntry(sig, RPMSIGTAG_LEMD5_2);
- xx = headerRemoveEntry(sig, RPMSIGTAG_BADSHA1_1);
- xx = headerRemoveEntry(sig, RPMSIGTAG_BADSHA1_2);
+ xx = headerRemoveEntry(sigh, RPMSIGTAG_LEMD5_1);
+ xx = headerRemoveEntry(sigh, RPMSIGTAG_LEMD5_2);
+ xx = headerRemoveEntry(sigh, RPMSIGTAG_BADSHA1_1);
+ xx = headerRemoveEntry(sigh, RPMSIGTAG_BADSHA1_2);
/* Toss and recalculate header+payload size and digests. */
- xx = headerRemoveEntry(sig, RPMSIGTAG_SIZE);
- xx = rpmAddSignature(sig, sigtarget, RPMSIGTAG_SIZE, qva->passPhrase);
- xx = headerRemoveEntry(sig, RPMSIGTAG_MD5);
- xx = rpmAddSignature(sig, sigtarget, RPMSIGTAG_MD5, qva->passPhrase);
- xx = headerRemoveEntry(sig, RPMSIGTAG_SHA1);
- xx = rpmAddSignature(sig, sigtarget, RPMSIGTAG_SHA1, qva->passPhrase);
+ xx = headerRemoveEntry(sigh, RPMSIGTAG_SIZE);
+ xx = rpmAddSignature(sigh, sigtarget, RPMSIGTAG_SIZE, qva->passPhrase);
+ xx = headerRemoveEntry(sigh, RPMSIGTAG_MD5);
+ xx = rpmAddSignature(sigh, sigtarget, RPMSIGTAG_MD5, qva->passPhrase);
+ xx = headerRemoveEntry(sigh, RPMSIGTAG_SHA1);
+ xx = rpmAddSignature(sigh, sigtarget, RPMSIGTAG_SHA1, qva->passPhrase);
/* If gpg/pgp is configured, replace the signature. */
if ((sigtag = rpmLookupSignatureType(RPMLOOKUPSIG_QUERY)) > 0) {
@@ -290,34 +288,34 @@ static int rpmReSign(/*@unused@*/ rpmts ts,
/* Grab the old signature fingerprint (if any) */
memset(oldsignid, 0, sizeof(oldsignid));
- xx = getSignid(sig, sigtag, oldsignid);
+ xx = getSignid(sigh, sigtag, oldsignid);
switch (sigtag) {
case RPMSIGTAG_GPG:
- xx = headerRemoveEntry(sig, RPMSIGTAG_DSA);
+ xx = headerRemoveEntry(sigh, RPMSIGTAG_DSA);
/*@fallthrough@*/
case RPMSIGTAG_PGP5:
case RPMSIGTAG_PGP:
- xx = headerRemoveEntry(sig, RPMSIGTAG_RSA);
+ xx = headerRemoveEntry(sigh, RPMSIGTAG_RSA);
/*@switchbreak@*/ break;
}
- xx = headerRemoveEntry(sig, sigtag);
- xx = rpmAddSignature(sig, sigtarget, sigtag, qva->passPhrase);
+ xx = headerRemoveEntry(sigh, sigtag);
+ xx = rpmAddSignature(sigh, sigtarget, sigtag, qva->passPhrase);
/* If package was previously signed, check for same signer. */
memset(newsignid, 0, sizeof(newsignid));
if (memcmp(oldsignid, newsignid, sizeof(oldsignid))) {
/* Grab the new signature fingerprint */
- xx = getSignid(sig, sigtag, newsignid);
+ xx = getSignid(sigh, sigtag, newsignid);
/* If same signer, skip resigning the package. */
if (!memcmp(oldsignid, newsignid, sizeof(oldsignid))) {
rpmMessage(RPMMESS_WARNING,
_("%s: was already signed by key ID %s, skipping\n"),
- rpm, pgpHexStr(newsignid, sizeof(newsignid)));
+ rpm, pgpHexStr(newsignid+4, sizeof(newsignid)-4));
/* Clean up intermediate target */
xx = unlink(sigtarget);
@@ -329,8 +327,8 @@ static int rpmReSign(/*@unused@*/ rpmts ts,
}
/* Reallocate the signature into one contiguous region. */
- sig = headerReload(sig, RPMTAG_HEADERSIGNATURES);
- if (sig == NULL) /* XXX can't happen */
+ sigh = headerReload(sigh, RPMTAG_HEADERSIGNATURES);
+ if (sigh == NULL) /* XXX can't happen */
goto exit;
/* Write the lead/signature of the output rpm */
@@ -351,7 +349,7 @@ static int rpmReSign(/*@unused@*/ rpmts ts,
goto exit;
}
- if (rpmWriteSignature(ofd, sig)) {
+ if (rpmWriteSignature(ofd, sigh)) {
rpmError(RPMERR_SIGGEN, _("%s: rpmWriteSignature failed: %s\n"), trpm,
Fstrerror(ofd));
goto exit;
@@ -381,7 +379,7 @@ exit:
if (fd) (void) manageFile(&fd, NULL, 0, res);
if (ofd) (void) manageFile(&ofd, NULL, 0, res);
- sig = rpmFreeSignature(sig);
+ sigh = rpmFreeSignature(sigh);
if (sigtarget) {
xx = unlink(sigtarget);
@@ -406,8 +404,10 @@ exit:
static int rpmImportPubkey(const rpmts ts,
/*@unused@*/ QVA_t qva,
/*@null@*/ const char ** argv)
- /*@globals RPMVERSION, fileSystem, internalState @*/
- /*@modifies ts, fileSystem, internalState @*/
+ /*@globals RPMVERSION, rpmGlobalMacroContext,
+ fileSystem, internalState @*/
+ /*@modifies ts, rpmGlobalMacroContext,
+ fileSystem, internalState @*/
{
const char * fn;
int res = 0;
@@ -418,7 +418,7 @@ static int rpmImportPubkey(const rpmts ts,
int_32 pflags = (RPMSENSE_KEYRING|RPMSENSE_EQUAL);
int_32 zero = 0;
pgpDig dig = NULL;
- struct pgpDigParams_s *digp = NULL;
+ pgpDigParams pubp = NULL;
int rc, xx;
if (argv == NULL) return res;
@@ -464,25 +464,25 @@ static int rpmImportPubkey(const rpmts ts,
/* Build header elements. */
(void) pgpPrtPkts(pkt, pktlen, dig, 0);
- digp = &dig->pubkey;
+ pubp = &dig->pubkey;
/*@-boundswrite@*/
v = t = xmalloc(16+1);
- t = stpcpy(t, pgpHexStr(digp->signid, sizeof(digp->signid)));
+ t = stpcpy(t, pgpHexStr(pubp->signid, sizeof(pubp->signid)));
r = t = xmalloc(8+1);
- t = stpcpy(t, pgpHexStr(digp->time, sizeof(digp->time)));
+ t = stpcpy(t, pgpHexStr(pubp->time, sizeof(pubp->time)));
n = t = xmalloc(sizeof("gpg()")+8);
t = stpcpy( stpcpy( stpcpy(t, "gpg("), v+8), ")");
- /*@-nullpass@*/ /* FIX: digp->userid may be NULL */
- u = t = xmalloc(sizeof("gpg()")+strlen(digp->userid));
- t = stpcpy( stpcpy( stpcpy(t, "gpg("), digp->userid), ")");
+ /*@-nullpass@*/ /* FIX: pubp->userid may be NULL */
+ u = t = xmalloc(sizeof("gpg()")+strlen(pubp->userid));
+ t = stpcpy( stpcpy( stpcpy(t, "gpg("), pubp->userid), ")");
/*@=nullpass@*/
evr = t = xmalloc(sizeof("4X:-")+strlen(v)+strlen(r));
- t = stpcpy(t, (digp->version == 4 ? "4:" : "3:"));
+ t = stpcpy(t, (pubp->version == 4 ? "4:" : "3:"));
t = stpcpy( stpcpy( stpcpy(t, v), "-"), r);
/*@=boundswrite@*/
@@ -651,7 +651,12 @@ int rpmVerifySignatures(QVA_t qva, rpmts ts, FD_t fd,
char missingKeys[7164], * m;
char untrustedKeys[7164], * u;
int_32 sigtag;
- Header sig;
+ int_32 sigtype;
+ const void * sig;
+ pgpDig dig;
+ pgpDigParams sigp;
+ int_32 siglen;
+ Header sigh;
HeaderIterator hi;
int res = 0;
int xx;
@@ -666,62 +671,63 @@ int rpmVerifySignatures(QVA_t qva, rpmts ts, FD_t fd,
if (readLead(fd, l)) {
rpmError(RPMERR_READLEAD, _("%s: readLead failed\n"), fn);
res++;
- goto bottom;
+ goto exit;
}
switch (l->major) {
case 1:
rpmError(RPMERR_BADSIGTYPE, _("%s: No signature available (v1.0 RPM)\n"), fn);
res++;
- goto bottom;
+ goto exit;
/*@notreached@*/ /*@switchbreak@*/ break;
default:
/*@switchbreak@*/ break;
}
- rc = rpmReadSignature(fd, &sig, l->signature_type);
+ rc = rpmReadSignature(fd, &sigh, l->signature_type);
if (!(rc == RPMRC_OK || rc == RPMRC_BADSIZE)) {
rpmError(RPMERR_SIGGEN, _("%s: rpmReadSignature failed\n"), fn);
res++;
- goto bottom;
+ goto exit;
}
- if (sig == NULL) {
+ if (sigh == NULL) {
rpmError(RPMERR_SIGGEN, _("%s: No signature available\n"), fn);
res++;
- goto bottom;
+ goto exit;
}
/* Grab a hint of what needs doing to avoid duplication. */
sigtag = 0;
if (sigtag == 0 && !nosignatures) {
- if (headerIsEntry(sig, RPMSIGTAG_DSA))
+ if (headerIsEntry(sigh, RPMSIGTAG_DSA))
sigtag = RPMSIGTAG_DSA;
- else if (headerIsEntry(sig, RPMSIGTAG_RSA))
+ else if (headerIsEntry(sigh, RPMSIGTAG_RSA))
sigtag = RPMSIGTAG_RSA;
- else if (headerIsEntry(sig, RPMSIGTAG_GPG))
+ else if (headerIsEntry(sigh, RPMSIGTAG_GPG))
sigtag = RPMSIGTAG_GPG;
- else if (headerIsEntry(sig, RPMSIGTAG_PGP))
+ else if (headerIsEntry(sigh, RPMSIGTAG_PGP))
sigtag = RPMSIGTAG_PGP;
}
if (sigtag == 0 && !nodigests) {
- if (headerIsEntry(sig, RPMSIGTAG_MD5))
+ if (headerIsEntry(sigh, RPMSIGTAG_MD5))
sigtag = RPMSIGTAG_MD5;
- else if (headerIsEntry(sig, RPMSIGTAG_SHA1))
+ else if (headerIsEntry(sigh, RPMSIGTAG_SHA1))
sigtag = RPMSIGTAG_SHA1; /* XXX never happens */
}
- if (headerIsEntry(sig, RPMSIGTAG_PGP)
- || headerIsEntry(sig, RPMSIGTAG_PGP5)
- || headerIsEntry(sig, RPMSIGTAG_MD5))
+ if (headerIsEntry(sigh, RPMSIGTAG_PGP)
+ || headerIsEntry(sigh, RPMSIGTAG_PGP5)
+ || headerIsEntry(sigh, RPMSIGTAG_MD5))
fdInitDigest(fd, PGPHASHALGO_MD5, 0);
- if (headerIsEntry(sig, RPMSIGTAG_GPG))
+ if (headerIsEntry(sigh, RPMSIGTAG_GPG))
fdInitDigest(fd, PGPHASHALGO_SHA1, 0);
- ts->dig = pgpNewDig();
+ dig = rpmtsDig(ts);
+ sigp = rpmtsSignature(ts);
/* Read the file, generating digest(s) on the fly. */
- if (readFile(fd, fn, ts->dig)) {
+ if (dig == NULL || sigp == NULL || readFile(fd, fn, dig)) {
res++;
- goto bottom;
+ goto exit;
}
res2 = 0;
@@ -731,18 +737,20 @@ int rpmVerifySignatures(QVA_t qva, rpmts ts, FD_t fd,
sprintf(b, "%s:%c", fn, (rpmIsVerbose() ? '\n' : ' ') );
b += strlen(b);
- for (hi = headerInitIterator(sig);
- headerNextIterator(hi, &ts->sigtag, &ts->sigtype, &ts->sig, &ts->siglen);
- ts->sig = headerFreeData(ts->sig, ts->sigtype))
+ for (hi = headerInitIterator(sigh);
+ headerNextIterator(hi, &sigtag, &sigtype, &sig, &siglen) != 0;
+ (void) rpmtsSetSig(ts, sigtag, sigtype, NULL, siglen))
{
- if (ts->sig == NULL) /* XXX can't happen */
+ if (sig == NULL) /* XXX can't happen */
continue;
+ (void) rpmtsSetSig(ts, sigtag, sigtype, sig, siglen);
+
/* Clean up parameters from previous sigtag. */
- pgpCleanDig(ts->dig);
+ pgpCleanDig(dig);
- switch (ts->sigtag) {
+ switch (sigtag) {
case RPMSIGTAG_RSA:
case RPMSIGTAG_DSA:
case RPMSIGTAG_GPG:
@@ -750,14 +758,14 @@ int rpmVerifySignatures(QVA_t qva, rpmts ts, FD_t fd,
case RPMSIGTAG_PGP:
if (nosignatures)
continue;
- xx = pgpPrtPkts(ts->sig, ts->siglen, ts->dig,
+ xx = pgpPrtPkts(sig, siglen, dig,
(_print_pkts & rpmIsDebug()));
/* XXX only V3 signatures for now. */
- if (ts->dig->signature.version != 3) {
+ if (sigp->version != 3) {
rpmError(RPMERR_SIGVFY,
_("only V3 signatures can be verified, skipping V%u signature"),
- ts->dig->signature.version);
+ sigp->version);
continue;
}
/*@switchbreak@*/ break;
@@ -795,7 +803,7 @@ int rpmVerifySignatures(QVA_t qva, rpmts ts, FD_t fd,
res2 = 1;
} else {
char *tempKey;
- switch (ts->sigtag) {
+ switch (sigtag) {
case RPMSIGTAG_SIZE:
b = stpcpy(b, "SIZE ");
res2 = 1;
@@ -876,7 +884,7 @@ int rpmVerifySignatures(QVA_t qva, rpmts ts, FD_t fd,
b = stpcpy(b, " ");
b = stpcpy(b, result);
} else {
- switch (ts->sigtag) {
+ switch (sigtag) {
case RPMSIGTAG_SIZE:
b = stpcpy(b, "size ");
/*@switchbreak@*/ break;
@@ -942,10 +950,10 @@ int rpmVerifySignatures(QVA_t qva, rpmts ts, FD_t fd,
}
}
- bottom:
- ts->dig = pgpFreeDig(ts->dig);
}
+exit:
+ rpmtsCleanDig(ts);
return res;
}
diff --git a/lib/rpmcli.h b/lib/rpmcli.h
index a90508eed..890a8ef40 100644
--- a/lib/rpmcli.h
+++ b/lib/rpmcli.h
@@ -399,8 +399,8 @@ int showVerifyPackage(QVA_t qva, rpmts ts, Header h)
* @return 0 on success, 1 on failure
*/
int rpmVerifySignatures(QVA_t qva, rpmts ts, FD_t fd, const char * fn)
- /*@globals fileSystem, internalState @*/
- /*@modifies qva, ts, fd,
+ /*@globals rpmGlobalMacroContext, fileSystem, internalState @*/
+ /*@modifies qva, ts, fd, rpmGlobalMacroContext,
fileSystem, internalState @*/;
/** \ingroup rpmcli
@@ -577,8 +577,8 @@ typedef /*@abstract@*/ struct IDTindex_s {
* @return id index
*/
/*@only@*/ /*@null@*/ IDTX IDTXload(rpmts ts, rpmTag tag)
- /*@globals fileSystem, internalState @*/
- /*@modifies ts, fileSystem, internalState @*/;
+ /*@globals rpmGlobalMacroContext, fileSystem, internalState @*/
+ /*@modifies ts, rpmGlobalMacroContext, fileSystem, internalState @*/;
/**
* Load tag (instance,value) pairs from packages, and return sorted id index.
@@ -589,8 +589,8 @@ typedef /*@abstract@*/ struct IDTindex_s {
*/
/*@only@*/ /*@null@*/ IDTX IDTXglob(rpmts ts,
const char * globstr, rpmTag tag)
- /*@globals fileSystem, internalState @*/
- /*@modifies ts, fileSystem, internalState @*/;
+ /*@globals rpmGlobalMacroContext, fileSystem, internalState @*/
+ /*@modifies ts, rpmGlobalMacroContext, fileSystem, internalState @*/;
/** \ingroup rpmcli
* Rollback transactions, erasing new, reinstalling old, package(s).
diff --git a/lib/rpmfi.c b/lib/rpmfi.c
index c53b76063..91e638bb2 100644
--- a/lib/rpmfi.c
+++ b/lib/rpmfi.c
@@ -200,15 +200,15 @@ rpmfileState rpmfiFState(rpmfi fi)
const unsigned char * rpmfiMD5(rpmfi fi)
{
- unsigned char * md5 = NULL;
+ unsigned char * MD5 = NULL;
if (fi != NULL && fi->i >= 0 && fi->i < fi->fc) {
/*@-boundsread@*/
if (fi->md5s != NULL)
- md5 = fi->md5s + (16 * fi->i);
+ MD5 = fi->md5s + (16 * fi->i);
/*@=boundsread@*/
}
- return md5;
+ return MD5;
}
const char * rpmfiFLink(rpmfi fi)
diff --git a/lib/rpmlib.h b/lib/rpmlib.h
index 7024ffc58..6d88c5698 100644
--- a/lib/rpmlib.h
+++ b/lib/rpmlib.h
@@ -15,9 +15,9 @@
* Package read return codes.
*/
typedef enum rpmRC_e {
- RPMRC_OK = 0,
- RPMRC_NOTFOUND = 1,
- RPMRC_FAIL = 2,
+ RPMRC_OK = 0, /*!< Generic success code */
+ RPMRC_NOTFOUND = 1, /*!< Generic not found code. */
+ RPMRC_FAIL = 2, /*!< Generic failure code. */
RPMRC_BADSIZE = 3,
RPMRC_SHORTREAD = 4
} rpmRC;
@@ -840,8 +840,9 @@ typedef /*@abstract@*/ struct psm_s * PSM_t;
*/
int rpmReadPackageFile(rpmts ts, FD_t fd,
const char * fn, /*@null@*/ /*@out@*/ Header * hdrp)
- /*@globals fileSystem, internalState @*/
- /*@modifies ts, fd, *hdrp, fileSystem, internalState @*/;
+ /*@globals rpmGlobalMacroContext, fileSystem, internalState @*/
+ /*@modifies ts, fd, *hdrp, rpmGlobalMacroContext,
+ fileSystem, internalState @*/;
/**
* Install source package.
@@ -854,8 +855,7 @@ int rpmReadPackageFile(rpmts ts, FD_t fd,
rpmRC rpmInstallSourcePackage(rpmts ts, FD_t fd,
/*@null@*/ /*@out@*/ const char ** specFilePtr,
/*@null@*/ /*@out@*/ const char ** cookie)
- /*@globals rpmGlobalMacroContext,
- fileSystem, internalState @*/
+ /*@globals rpmGlobalMacroContext, fileSystem, internalState @*/
/*@modifies ts, fd, *specFilePtr, *cookie, rpmGlobalMacroContext,
fileSystem, internalState @*/;
@@ -978,7 +978,7 @@ void rpmShowRpmlibProvides(FILE * fp)
* @param tagstr name of tag
* @return tag value
*/
-int tagValue(const char *tagstr)
+int tagValue(const char * tagstr)
/*@*/;
#define RPMLEAD_BINARY 0
@@ -999,7 +999,8 @@ int tagValue(const char *tagstr)
*/
struct rpmlead {
unsigned char magic[4];
- unsigned char major, minor;
+ unsigned char major;
+ unsigned char minor;
short type;
short archnum;
char name[66];
@@ -1135,8 +1136,9 @@ typedef enum rpmVerifySignatureReturn_e {
*/
rpmVerifySignatureReturn rpmVerifySignature(const rpmts ts,
/*@out@*/ char * result)
- /*@globals fileSystem, internalState @*/
- /*@modifies ts, *result, fileSystem, internalState @*/;
+ /*@globals rpmGlobalMacroContext, fileSystem, internalState @*/
+ /*@modifies ts, *result, rpmGlobalMacroContext,
+ fileSystem, internalState @*/;
/** \ingroup signature
* Destroy signature header from package.
diff --git a/lib/rpmts.c b/lib/rpmts.c
index f51aea28c..c7bc4a78b 100644
--- a/lib/rpmts.c
+++ b/lib/rpmts.c
@@ -4,9 +4,9 @@
*/
#include "system.h"
+#include "rpmio_internal.h" /* XXX for pgp and beecrypt */
#include <rpmlib.h>
#include <rpmmacro.h> /* XXX rpmtsOpenDB() needs rpmGetPath */
-#include <rpmpgp.h> /* XXX rpmtsFree() needs pgpFreeDig */
#include "rpmdb.h" /* XXX stealing db->db_mode. */
@@ -59,6 +59,8 @@ extern int statvfs (const char * file, /*@out@*/ struct statvfs * buf)
/*@access rpmtsi @*/
/*@access rpmts @*/
/*@access fnpyKey @*/
+/*@access pgpDig @*/
+/*@access pgpDigParams @*/
/*@unchecked@*/
int _ts_debug = 0;
@@ -128,9 +130,7 @@ int rpmtsOpenDB(rpmts ts, int dbmode)
rc = rpmdbOpen(ts->rootDir, &ts->rdb, ts->dbmode, 0644);
if (rc) {
const char * dn;
- /*@-globs -mods@*/ /* FIX: rpmGlobalMacroContext for an error? shrug */
dn = rpmGetPath(ts->rootDir, "%{_dbpath}", NULL);
- /*@=globs =mods@*/
rpmMessage(RPMMESS_ERROR,
_("cannot open Packages database in %s\n"), dn);
dn = _free(dn);
@@ -138,7 +138,7 @@ int rpmtsOpenDB(rpmts ts, int dbmode)
return rc;
}
-rpmdbMatchIterator rpmtsInitIterator(const rpmts ts, int rpmtag,
+rpmdbMatchIterator rpmtsInitIterator(const rpmts ts, rpmTag rpmtag,
const void * keyp, size_t keylen)
{
if (ts->rdb == NULL && rpmtsOpenDB(ts, ts->dbmode))
@@ -146,9 +146,124 @@ rpmdbMatchIterator rpmtsInitIterator(const rpmts ts, int rpmtag,
return rpmdbInitIterator(ts->rdb, rpmtag, keyp, keylen);
}
-static int rpmtsCloseSDB(rpmts ts)
- /*@globals fileSystem @*/
- /*@modifies ts, fileSystem @*/
+rpmVerifySignatureReturn rpmtsFindPubkey(rpmts ts)
+{
+ const void * sig = rpmtsSig(ts);
+ pgpDig dig = rpmtsDig(ts);
+ pgpDigParams sigp = rpmtsSignature(ts);
+ pgpDigParams pubp = rpmtsSignature(ts);
+ rpmVerifySignatureReturn res;
+ int xx;
+
+ if (sig == NULL || dig == NULL || sigp == NULL || pubp == NULL) {
+ res = RPMSIG_NOKEY; /* XXX RPMSIG_ARGS */
+ goto exit;
+ }
+
+ if (ts->pkpkt == NULL
+ || memcmp(sigp->signid, ts->pksignid, sizeof(ts->pksignid)))
+ {
+ int ix = -1;
+ rpmdbMatchIterator mi;
+ Header h;
+
+ ts->pkpkt = _free(ts->pkpkt);
+ ts->pkpktlen = 0;
+ memset(ts->pksignid, 0, sizeof(ts->pksignid));
+
+ /* Make sure the database is open. */
+ (void) rpmtsOpenDB(ts, ts->dbmode);
+
+ /* Retrieve the pubkey that matches the signature. */
+ mi = rpmtsInitIterator(ts, RPMTAG_PUBKEYS, sigp->signid, sizeof(sigp->signid));
+ while ((h = rpmdbNextIterator(mi)) != NULL) {
+ const char ** pubkeys;
+ int_32 pt, pc;
+
+ if (!headerGetEntry(h, RPMTAG_PUBKEYS, &pt, (void **)&pubkeys, &pc))
+ continue;
+ ix = rpmdbGetIteratorFileNum(mi);
+/*@-boundsread@*/
+ if (ix >= pc
+ || b64decode(pubkeys[ix], (void **) &ts->pkpkt, &ts->pkpktlen))
+ ix = -1;
+/*@=boundsread@*/
+ pubkeys = headerFreeData(pubkeys, pt);
+ break;
+ }
+ mi = rpmdbFreeIterator(mi);
+
+ /* Was a matching pubkey found? */
+ if (ix < 0 || ts->pkpkt == NULL) {
+ res = RPMSIG_NOKEY;
+ goto exit;
+ }
+
+ /*
+ * Can the pubkey packets be parsed?
+ * Do the parameters match the signature?
+ */
+ if (pgpPrtPkts(ts->pkpkt, ts->pkpktlen, NULL, 0)
+ && sigp->pubkey_algo == pubp->pubkey_algo
+#ifdef NOTYET
+ && sigp->hash_algo == pubp->hash_algo
+#endif
+ && !memcmp(sigp->signid, pubp->signid, sizeof(sigp->signid)))
+ {
+ ts->pkpkt = _free(ts->pkpkt);
+ ts->pkpktlen = 0;
+ res = RPMSIG_NOKEY;
+ goto exit;
+ }
+
+ /* XXX Verify the pubkey signature. */
+
+ /* Packet looks good, save the signer id. */
+/*@-boundsread@*/
+ memcpy(ts->pksignid, sigp->signid, sizeof(ts->pksignid));
+/*@=boundsread@*/
+
+ rpmMessage(RPMMESS_DEBUG, "========== %s pubkey id %s\n",
+ (sigp->pubkey_algo == PGPPUBKEYALGO_DSA ? "DSA" :
+ (sigp->pubkey_algo == PGPPUBKEYALGO_RSA ? "RSA" : "???")),
+ pgpHexStr(sigp->signid, sizeof(sigp->signid)));
+
+ }
+
+#ifdef NOTNOW
+ {
+ if (ts->pkpkt == NULL) {
+ const char * pkfn = rpmExpand("%{_gpg_pubkey}", NULL);
+ if (pgpReadPkts(pkfn, &ts->pkpkt, &ts->pkpktlen) != PGPARMOR_PUBKEY) {
+ pkfn = _free(pkfn);
+ res = RPMSIG_NOKEY;
+ goto exit;
+ }
+ pkfn = _free(pkfn);
+ }
+ }
+#endif
+
+ /* Retrieve parameters from pubkey packet(s). */
+ xx = pgpPrtPkts(ts->pkpkt, ts->pkpktlen, dig, 0);
+
+ /* Do the parameters match the signature? */
+ if (sigp->pubkey_algo == pubp->pubkey_algo
+#ifdef NOTYET
+ && sigp->hash_algo == pubp->hash_algo
+#endif
+ && !memcmp(sigp->signid, pubp->signid, sizeof(sigp->signid)) )
+ res = RPMSIG_OK;
+ else
+ res = RPMSIG_NOKEY;
+
+ /* XXX Verify the signature signature. */
+
+exit:
+ return res;
+}
+
+int rpmtsCloseSDB(rpmts ts)
{
int rc = 0;
@@ -159,19 +274,12 @@ static int rpmtsCloseSDB(rpmts ts)
return rc;
}
-/**
- * Open dependency universe database.
- * @param ts transaction set
- * @return 0 on success
- */
-static int rpmtsOpenSDB(rpmts ts)
- /*@globals rpmGlobalMacroContext, fileSystem, internalState @*/
- /*@modifies ts, rpmGlobalMacroContext, fileSystem, internalState @*/
+int rpmtsOpenSDB(rpmts ts, int dbmode)
{
static int has_sdbpath = -1;
int rc = 0;
- if (ts->sdb != NULL)
+ if (ts->sdb != NULL && ts->sdbmode == dbmode)
return 0;
if (has_sdbpath < 0)
@@ -182,17 +290,16 @@ static int rpmtsOpenSDB(rpmts ts)
return 1;
addMacro(NULL, "_dbpath", NULL, "%{_solve_dbpath}", RMIL_DEFAULT);
- rc = rpmdbOpen(ts->rootDir, &ts->sdb, O_RDONLY, 0644);
+ rc = rpmdbOpen(ts->rootDir, &ts->sdb, ts->sdbmode, 0644);
if (rc) {
const char * dn;
- /*@-globs -mods@*/ /* FIX: rpmGlobalMacroContext for an error? shrug */
dn = rpmGetPath(ts->rootDir, "%{_dbpath}", NULL);
- /*@=globs =mods@*/
rpmMessage(RPMMESS_DEBUG,
- _("cannot open Packages database in %s\n"), dn);
+ _("cannot open Solve database in %s\n"), dn);
dn = _free(dn);
}
delMacro(NULL, "_dbpath");
+
return rc;
}
@@ -222,7 +329,7 @@ int rpmtsSolve(rpmts ts, rpmds ds)
Header bh;
Header h;
time_t bhtime;
- int rpmtag;
+ rpmTag rpmtag;
const char * keyp;
size_t keylen;
int rc = 1; /* assume not found */
@@ -240,7 +347,7 @@ int rpmtsSolve(rpmts ts, rpmds ds)
return rc;
if (ts->sdb == NULL) {
- xx = rpmtsOpenSDB(ts);
+ xx = rpmtsOpenSDB(ts, ts->sdbmode);
if (xx) return rc;
}
@@ -346,89 +453,98 @@ rpmps rpmtsProblems(rpmts ts)
return ps;
}
-void rpmtsClean(rpmts ts)
+void rpmtsCleanDig(rpmts ts)
{
- if (ts) {
- rpmtsi pi; rpmte p;
+ ts->sig = headerFreeData(ts->sig, ts->sigtype);
+ ts->dig = pgpFreeDig(ts->dig);
+}
- /* Clean up after dependency checks. */
- pi = rpmtsiInit(ts);
- while ((p = rpmtsiNext(pi, 0)) != NULL)
- rpmteCleanDS(p);
- pi = rpmtsiFree(pi);
+void rpmtsClean(rpmts ts)
+{
+ rpmtsi pi; rpmte p;
+ if (ts == NULL)
+ return;
- ts->addedPackages = rpmalFree(ts->addedPackages);
- ts->numAddedPackages = 0;
+ /* Clean up after dependency checks. */
+ pi = rpmtsiInit(ts);
+ while ((p = rpmtsiNext(pi, 0)) != NULL)
+ rpmteCleanDS(p);
+ pi = rpmtsiFree(pi);
- ts->suggests = _free(ts->suggests);
- ts->nsuggests = 0;
+ ts->addedPackages = rpmalFree(ts->addedPackages);
+ ts->numAddedPackages = 0;
- ts->probs = rpmpsFree(ts->probs);
+ ts->suggests = _free(ts->suggests);
+ ts->nsuggests = 0;
- if (ts->sig != NULL)
- ts->sig = headerFreeData(ts->sig, ts->sigtype);
+ ts->probs = rpmpsFree(ts->probs);
- if (ts->dig != NULL)
- ts->dig = pgpFreeDig(ts->dig);
- }
+ rpmtsCleanDig(ts);
}
rpmts rpmtsFree(rpmts ts)
{
- if (ts) {
- rpmtsi pi; rpmte p;
- int oc;
+ rpmtsi pi; rpmte p;
+ int oc;
+ if (ts == NULL)
+ return NULL;
- (void) rpmtsUnlink(ts, "tsCreate");
+ (void) rpmtsUnlink(ts, "tsCreate");
- /*@-usereleased@*/
- if (ts->nrefs > 0)
- return NULL;
+/*@-usereleased@*/
+ if (ts->nrefs > 0)
+ return NULL;
- (void) rpmtsCloseDB(ts);
+ (void) rpmtsCloseDB(ts);
- (void) rpmtsCloseSDB(ts);
+ (void) rpmtsCloseSDB(ts);
- ts->availablePackages = rpmalFree(ts->availablePackages);
- ts->numAvailablePackages = 0;
+ ts->availablePackages = rpmalFree(ts->availablePackages);
+ ts->numAvailablePackages = 0;
- ts->dsi = _free(ts->dsi);
- ts->removedPackages = _free(ts->removedPackages);
- if (ts->scriptFd != NULL) {
- ts->scriptFd =
- fdFree(ts->scriptFd, "rpmtsFree");
- ts->scriptFd = NULL;
- }
- ts->rootDir = _free(ts->rootDir);
- ts->currDir = _free(ts->currDir);
+ ts->dsi = _free(ts->dsi);
+ ts->removedPackages = _free(ts->removedPackages);
+ if (ts->scriptFd != NULL) {
+ ts->scriptFd = fdFree(ts->scriptFd, "rpmtsFree");
+ ts->scriptFd = NULL;
+ }
+ ts->rootDir = _free(ts->rootDir);
+ ts->currDir = _free(ts->currDir);
- for (pi = rpmtsiInit(ts), oc = 0; (p = rpmtsiNext(pi, 0)) != NULL; oc++) {
+ for (pi = rpmtsiInit(ts), oc = 0; (p = rpmtsiNext(pi, 0)) != NULL; oc++) {
/*@-type -unqualifiedtrans @*/
- ts->order[oc] = rpmteFree(ts->order[oc]);
+ ts->order[oc] = rpmteFree(ts->order[oc]);
/*@=type =unqualifiedtrans @*/
- }
- pi = rpmtsiFree(pi);
+ }
+ pi = rpmtsiFree(pi);
/*@-type +voidabstract @*/ /* FIX: double indirection */
- ts->order = _free(ts->order);
+ ts->order = _free(ts->order);
/*@=type =voidabstract @*/
- if (ts->pkpkt != NULL)
- ts->pkpkt = _free(ts->pkpkt);
- ts->pkpktlen = 0;
- memset(ts->pksignid, 0, sizeof(ts->pksignid));
+ if (ts->pkpkt != NULL)
+ ts->pkpkt = _free(ts->pkpkt);
+ ts->pkpktlen = 0;
+ memset(ts->pksignid, 0, sizeof(ts->pksignid));
/*@-nullstate@*/ /* FIX: partial annotations */
- rpmtsClean(ts);
+ rpmtsClean(ts);
/*@=nullstate@*/
- /*@-refcounttrans@*/ ts = _free(ts); /*@=refcounttrans@*/
- /*@=usereleased@*/
- }
+ /*@-refcounttrans@*/ ts = _free(ts); /*@=refcounttrans@*/
+/*@=usereleased@*/
+
return NULL;
}
+int rpmtsVerifySigFlags(rpmts ts)
+{
+ int ret = 0;
+ if (ts != NULL)
+ ret = ts->vsflags;
+ return ret;
+}
+
int rpmtsSetVerifySigFlags(rpmts ts, int vsflags)
- /*@modifies ts @*/
{
int ret = 0;
if (ts != NULL) {
@@ -553,6 +669,83 @@ int_32 rpmtsSetTid(rpmts ts, int_32 tid)
return otid;
}
+int_32 rpmtsSigtag(const rpmts ts)
+{
+ int_32 sigtag = 0;
+ if (ts != NULL)
+ sigtag = ts->sigtag;
+ return sigtag;
+}
+
+int_32 rpmtsSigtype(const rpmts ts)
+{
+ int_32 sigtag = 0;
+ if (ts != NULL)
+ sigtag = ts->sigtag;
+ return sigtag;
+}
+
+const void * rpmtsSig(const rpmts ts)
+{
+ const void * sig = NULL;
+ if (ts != NULL)
+ sig = ts->sig;
+ return sig;
+}
+
+int_32 rpmtsSiglen(const rpmts ts)
+{
+ int_32 siglen = 0;
+ if (ts != NULL)
+ siglen = ts->siglen;
+ return siglen;
+}
+
+int rpmtsSetSig(rpmts ts,
+ int_32 sigtag, int_32 sigtype, const void * sig, int_32 siglen)
+{
+ if (ts != NULL) {
+ if (ts->sig)
+ ts->sig = headerFreeData(ts->sig, ts->sigtype);
+ ts->sigtag = sigtag;
+ ts->sigtype = sigtype;
+/*@-assignexpose -kepttrans@*/
+ ts->sig = sig;
+/*@=assignexpose =kepttrans@*/
+ ts->siglen = siglen;
+ }
+ return 0;
+}
+
+pgpDig rpmtsDig(rpmts ts)
+{
+/*@-mods@*/ /* FIX: hide lazy malloc for now */
+ if (ts->dig == NULL)
+ ts->dig = pgpNewDig();
+/*@=mods@*/
+ if (ts->dig == NULL)
+ return NULL;
+ return ts->dig;
+}
+
+pgpDigParams rpmtsSignature(const rpmts ts)
+{
+ pgpDig dig = rpmtsDig(ts);
+ if (dig == NULL) return NULL;
+/*@-immediatetrans@*/
+ return &dig->signature;
+/*@=immediatetrans@*/
+}
+
+pgpDigParams rpmtsPubkey(const rpmts ts)
+{
+ pgpDig dig = rpmtsDig(ts);
+ if (dig == NULL) return NULL;
+/*@-immediatetrans@*/
+ return &dig->pubkey;
+/*@=immediatetrans@*/
+}
+
rpmdb rpmtsGetRdb(rpmts ts)
{
rpmdb rdb = NULL;
@@ -828,6 +1021,12 @@ rpmts rpmtsCreate(void)
ts->filesystems = NULL;
ts->dsi = NULL;
+ ts->solve = rpmtsSolve;
+ ts->nsuggests = 0;
+ ts->suggests = NULL;
+ ts->sdb = NULL;
+ ts->sdbmode = O_RDONLY;
+
ts->rdb = NULL;
ts->dbmode = O_RDONLY;
@@ -847,11 +1046,6 @@ rpmts rpmtsCreate(void)
ts->numAddedPackages = 0;
ts->addedPackages = NULL;
- ts->solve = rpmtsSolve;
- ts->nsuggests = 0;
- ts->suggests = NULL;
- ts->sdb = NULL;
-
ts->numAvailablePackages = 0;
ts->availablePackages = NULL;
diff --git a/lib/rpmts.h b/lib/rpmts.h
index 9ec4e92f5..9c8ba720d 100644
--- a/lib/rpmts.h
+++ b/lib/rpmts.h
@@ -66,14 +66,15 @@ struct rpmts_s {
rpmtransFlags transFlags; /*!< Bit(s) to control operation. */
tsmStage goal; /*!< Transaction goal (i.e. mode) */
+/*@refcounted@*/ /*@null@*/
+ rpmdb sdb; /*!< Solve database handle. */
+ int sdbmode; /*!< Solve database open mode. */
/*@null@*/
int (*solve) (rpmts ts, const rpmds key)
/*@modifies ts @*/; /*!< Search for NEVRA key. */
int nsuggests; /*!< No. of depCheck suggestions. */
/*@only@*/ /*@null@*/
const void ** suggests; /*!< Possible depCheck suggestions. */
-/*@refcounted@*/ /*@null@*/
- rpmdb sdb; /*!< Solve database handle. */
/*@observer@*/ /*@null@*/
rpmCallbackFunction notify; /*!< Callback function. */
@@ -91,9 +92,9 @@ struct rpmts_s {
/*@only@*/ /*@null@*/
rpmDiskSpaceInfo dsi; /*!< Per filesystem disk/inode usage. */
- int dbmode; /*!< Database open mode. */
/*@refcounted@*/ /*@null@*/
rpmdb rdb; /*!< Install database handle. */
+ int dbmode; /*!< Install database open mode. */
/*@only@*/
hashTable ht; /*!< Fingerprint hash table. */
@@ -161,14 +162,14 @@ extern "C" {
* @return 0 on success
*/
int rpmtsCheck(rpmts ts)
- /*@globals fileSystem, internalState @*/
- /*@modifies ts, fileSystem, internalState @*/;
+ /*@globals rpmGlobalMacroContext, fileSystem, internalState @*/
+ /*@modifies ts, rpmGlobalMacroContext, fileSystem, internalState @*/;
/** \ingroup rpmts
* Determine package order in a transaction set according to dependencies.
*
* Order packages, returning error if circular dependencies cannot be
- * eliminated by removing PreReq's from the loop(s). Only dependencies from
+ * eliminated by removing Requires's from the loop(s). Only dependencies from
* added or removed packages are used to determine ordering using a
* topological sort (Knuth vol. 1, p. 262). Use rpmtsCheck() to verify
* that all dependencies can be resolved.
@@ -177,9 +178,6 @@ int rpmtsCheck(rpmts ts)
* with packages removed for upgrades immediately following the new package
* to be installed.
*
- * The operation would be easier if we could sort the addedPackages array in the
- * transaction set, but we store indexes into the array in various places.
- *
* @param ts transaction set
* @return no. of (added) packages that could not be ordered
*/
@@ -188,7 +186,7 @@ int rpmtsOrder(rpmts ts)
/*@modifies ts, fileSystem, internalState @*/;
/** \ingroup rpmts
- * Process all packages in a transaction set.
+ * Process all package elements in a transaction set.
*
* @param ts transaction set
* @param okProbs previously known problems (or NULL)
@@ -251,8 +249,8 @@ int rpmtsCloseDB(rpmts ts)
* @return 0 on success
*/
int rpmtsOpenDB(rpmts ts, int dbmode)
- /*@globals fileSystem, internalState @*/
- /*@modifies ts, fileSystem, internalState @*/;
+ /*@globals rpmGlobalMacroContext, fileSystem, internalState @*/
+ /*@modifies ts, rpmGlobalMacroContext, fileSystem, internalState @*/;
/** \ingroup rpmts
* Return transaction database iterator.
@@ -263,13 +261,45 @@ int rpmtsOpenDB(rpmts ts, int dbmode)
* @return NULL on failure
*/
/*@only@*/ /*@null@*/
-rpmdbMatchIterator rpmtsInitIterator(const rpmts ts, int rpmtag,
+rpmdbMatchIterator rpmtsInitIterator(const rpmts ts, rpmTag rpmtag,
/*@null@*/ const void * keyp, size_t keylen)
- /*@globals fileSystem, internalState @*/
- /*@modifies ts, fileSystem, internalState @*/;
+ /*@globals rpmGlobalMacroContext, fileSystem, internalState @*/
+ /*@modifies ts, rpmGlobalMacroContext, fileSystem, internalState @*/;
/**
- * Attempt to solve a needed dependency.
+ * Retrieve pubkey from rpm database.
+ * @param ts rpm transaction
+ * @return RPMSIG_OK on success, RPMSIG_NOKEY if not found
+ */
+rpmVerifySignatureReturn rpmtsFindPubkey(rpmts ts)
+ /*@globals rpmGlobalMacroContext, fileSystem, internalState @*/
+ /*@modifies ts, rpmGlobalMacroContext, fileSystem, internalState */;
+
+/** \ingroup rpmts
+ * Close the database used by the transaction to solve dependencies.
+ * @param ts transaction set
+ * @return 0 on success
+ */
+/*@-exportlocal@*/
+int rpmtsCloseSDB(rpmts ts)
+ /*@globals fileSystem @*/
+ /*@modifies ts, fileSystem @*/;
+/*@=exportlocal@*/
+
+/** \ingroup rpmts
+ * Open the database used by the transaction to solve dependencies.
+ * @param ts transaction set
+ * @param dbmode O_RDONLY or O_RDWR
+ * @return 0 on success
+ */
+/*@-exportlocal@*/
+int rpmtsOpenSDB(rpmts ts, int dbmode)
+ /*@globals rpmGlobalMacroContext, fileSystem, internalState @*/
+ /*@modifies ts, rpmGlobalMacroContext, fileSystem, internalState @*/;
+/*@=exportlocal@*/
+
+/**
+ * Attempt to solve a needed dependency using the solve database..
* @param ts transaction set
* @param ds dependency set
* @return 0 if resolved (and added to ts), 1 not found
@@ -281,7 +311,8 @@ int rpmtsSolve(rpmts ts, rpmds ds)
/*@=exportlocal@*/
/**
- * Attempt to solve a needed dependency.
+ * Attempt to solve a needed dependency using memory resident tables.
+ * @deprecated This function will move from rpmlib to the python bindings.
* @param ts transaction set
* @param ds dependency set
* @return 0 if resolved (and added to ts), 1 not found
@@ -301,6 +332,13 @@ rpmps rpmtsProblems(rpmts ts)
/*@modifies ts @*/;
/** \ingroup rpmts
+ * Free signature verification data.
+ * @param ts transaction set
+ */
+void rpmtsCleanDig(rpmts ts)
+ /*@modifies ts @*/;
+
+/** \ingroup rpmts
* Re-create an empty transaction set.
* @param ts transaction set
*/
@@ -318,10 +356,18 @@ rpmts rpmtsFree(/*@killref@*/ /*@only@*//*@null@*/ rpmts ts)
/*@modifies ts, fileSystem @*/;
/** \ingroup rpmts
+ * Get verify signatures flag(s).
+ * @param ts transaction set
+ * @return verify signatures flags
+ */
+int rpmtsVerifySigFlags(rpmts ts)
+ /*@*/;
+
+/** \ingroup rpmts
* Set verify signatures flag(s).
* @param ts transaction set
* @param vsflags new verify signatures flags
- * @retrun previous value
+ * @return previous value
*/
int rpmtsSetVerifySigFlags(rpmts ts, int vsflags)
/*@modifies ts @*/;
@@ -412,7 +458,81 @@ int_32 rpmtsSetTid(rpmts ts, int_32 tid)
/*@modifies ts @*/;
/** \ingroup rpmts
- * Get transaction database handle.
+ * Get signature tag.
+ * @param ts transaction set
+ * @return signature tag
+ */
+int_32 rpmtsSigtag(const rpmts ts)
+ /*@*/;
+
+/** \ingroup rpmts
+ * Get signature tag type.
+ * @param ts transaction set
+ * @return signature tag type
+ */
+int_32 rpmtsSigtype(const rpmts ts)
+ /*@*/;
+
+/** \ingroup rpmts
+ * Get signature tag data, i.e. from header.
+ * @param ts transaction set
+ * @return signature tag data
+ */
+/*@observer@*/ /*@null@*/
+extern const void * rpmtsSig(const rpmts ts)
+ /*@*/;
+
+/** \ingroup rpmts
+ * Get signature tag data length, i.e. no. of bytes of data.
+ * @param ts transaction set
+ * @return signature tag data length
+ */
+int_32 rpmtsSiglen(const rpmts ts)
+ /*@*/;
+
+/** \ingroup rpmts
+ * Set signature tag info, i.e. from header.
+ * @param ts transaction set
+ * @param sigtag signature tag
+ * @param sigtype signature tag type
+ * @param sig signature tag data
+ * @param siglen signature tag data length
+ * @return 0 always
+ */
+int rpmtsSetSig(rpmts ts,
+ int_32 sigtag, int_32 sigtype,
+ /*@kept@*/ /*@null@*/ const void * sig, int_32 siglen)
+ /*@modifies ts @*/;
+
+/** \ingroup rpmts
+ * Get OpenPGP packet parameters, i.e. signature/pubkey constants.
+ * @param ts transaction set
+ * @return signature/pubkey constants.
+ */
+/*@exposed@*/ /*@null@*/
+pgpDig rpmtsDig(rpmts ts)
+ /*@*/;
+
+/** \ingroup rpmts
+ * Get OpenPGP signature constants.
+ * @param ts transaction set
+ * @return signature constants.
+ */
+/*@exposed@*/ /*@null@*/
+pgpDigParams rpmtsSignature(const rpmts ts)
+ /*@*/;
+
+/** \ingroup rpmts
+ * Get OpenPGP pubkey constants.
+ * @param ts transaction set
+ * @return pubkey constants.
+ */
+/*@exposed@*/ /*@null@*/
+pgpDigParams rpmtsPubkey(const rpmts ts)
+ /*@*/;
+
+/** \ingroup rpmts
+ * Get transaction set database handle.
* @param ts transaction set
* @return transaction database handle
*/
@@ -511,7 +631,7 @@ rpmtransFlags rpmtsSetFlags(rpmts ts, rpmtransFlags transFlags)
* Set transaction notify callback function and argument.
*
* @warning This call must be made before rpmtsRun() for
- * install/upgrade/freshen to "work".
+ * install/upgrade/freshen to function correctly.
*
* @param ts transaction set
* @param notify progress callback
@@ -534,12 +654,8 @@ rpmts rpmtsCreate(void)
/** \ingroup rpmts
* Add package to be installed to transaction set.
*
- * If fd is NULL, the callback set by rpmtsSetNotifyCallback() is used to
- * open and close the file descriptor. If Header is NULL, the fd is always
- * used, otherwise fd is only needed (and only opened) for actual package
- * installation.
- *
- * @warning The fd argument has been eliminated, and is assumed always NULL.
+ * The transaction set is checked for duplicate package names.
+ * If found, the package with the "newest" EVR will be replaced.
*
* @param ts transaction set
* @param h header
@@ -551,22 +667,8 @@ rpmts rpmtsCreate(void)
int rpmtsAddInstallElement(rpmts ts, Header h,
/*@exposed@*/ /*@null@*/ const fnpyKey key, int upgrade,
/*@null@*/ rpmRelocation * relocs)
- /*@globals fileSystem, internalState @*/
- /*@modifies ts, h, fileSystem, internalState @*/;
-
-#ifdef DYING
-/** \ingroup rpmts
- * Add package to universe of possible packages to install in transaction set.
- * @warning The key parameter is non-functional.
- * @param ts transaction set
- * @param h header
- * @param key package private data
- */
-/*@unused@*/
-void rpmtsAvailablePackage(rpmts ts, Header h,
- /*@exposed@*/ /*@null@*/ fnpyKey key)
- /*@modifies h, ts @*/;
-#endif
+ /*@globals rpmGlobalMacroContext, fileSystem, internalState @*/
+ /*@modifies ts, h, rpmGlobalMacroContext, fileSystem, internalState @*/;
/** \ingroup rpmts
* Add package to be erased to transaction set.
diff --git a/lib/signature.c b/lib/signature.c
index 443824731..732be4f7f 100644
--- a/lib/signature.c
+++ b/lib/signature.c
@@ -9,7 +9,6 @@
#include <rpmmacro.h> /* XXX for rpmGetPath() */
#include "rpmdb.h"
-#define _RPMTS_INTERNAL
#include "rpmts.h"
#include "misc.h" /* XXX for dosetenv() and makeTempFile() */
@@ -18,11 +17,11 @@
#include "signature.h"
#include "debug.h"
-/*@access rpmts @*/
/*@access Header@*/ /* XXX compared with NULL */
/*@access FD_t@*/ /* XXX compared with NULL */
/*@access DIGEST_CTX@*/ /* XXX compared with NULL */
/*@access pgpDig@*/
+/*@access pgpDigParams@*/
#if !defined(__GLIBC__)
char ** environ = NULL;
@@ -532,7 +531,7 @@ static int makeHDRSignature(Header sig, const char * file, int_32 sigTag,
byte * pkt;
int_32 pktlen;
const char * fn = NULL;
- const char * sha1 = NULL;
+ const char * SHA1 = NULL;
int ret = -1; /* assume failure. */
switch (sigTag) {
@@ -566,14 +565,14 @@ static int makeHDRSignature(Header sig, const char * file, int_32 sigTag,
ctx = rpmDigestInit(PGPHASHALGO_SHA1, RPMDIGEST_NONE);
(void) rpmDigestUpdate(ctx, header_magic, sizeof(header_magic));
(void) rpmDigestUpdate(ctx, uh, uhc);
- (void) rpmDigestFinal(ctx, (void **)&sha1, NULL, 1);
+ (void) rpmDigestFinal(ctx, (void **)&SHA1, NULL, 1);
uh = headerFreeData(uh, uht);
}
h = headerFree(h);
- if (sha1 == NULL)
+ if (SHA1 == NULL)
goto exit;
- if (!headerAddEntry(sig, RPMSIGTAG_SHA1, RPM_STRING_TYPE, sha1, 1))
+ if (!headerAddEntry(sig, RPMSIGTAG_SHA1, RPM_STRING_TYPE, SHA1, 1))
goto exit;
ret = 0;
break;
@@ -620,7 +619,7 @@ exit:
(void) unlink(fn);
fn = _free(fn);
}
- sha1 = _free(sha1);
+ SHA1 = _free(SHA1);
h = headerFree(h);
if (fd) (void) Fclose(fd);
return ret;
@@ -863,29 +862,31 @@ static rpmVerifySignatureReturn
verifySizeSignature(const rpmts ts, /*@out@*/ char * t)
/*@modifies *t @*/
{
+ const void * sig = rpmtsSig(ts);
+ pgpDig dig = rpmtsDig(ts);
rpmVerifySignatureReturn res;
int_32 size = 0x7fffffff;
*t = '\0';
t = stpcpy(t, _("Header+Payload size: "));
- if (ts->sig == NULL || ts->dig == NULL || ts->dig->nbytes == 0) {
+ if (sig == NULL || dig == NULL || dig->nbytes == 0) {
res = RPMSIG_NOKEY; /* XXX RPMSIG_ARGS */
res = RPMSIG_NOKEY;
t = stpcpy(t, rpmSigString(res));
goto exit;
}
- memcpy(&size, ts->sig, sizeof(size));
+ memcpy(&size, sig, sizeof(size));
- if (size != ts->dig->nbytes) {
+ if (size != dig->nbytes) {
res = RPMSIG_BAD;
t = stpcpy(t, rpmSigString(res));
- sprintf(t, " Expected(%d) != (%d)\n", size, ts->dig->nbytes);
+ sprintf(t, " Expected(%d) != (%d)\n", size, dig->nbytes);
} else {
res = RPMSIG_OK;
t = stpcpy(t, rpmSigString(res));
- sprintf(t, " (%d)", ts->dig->nbytes);
+ sprintf(t, " (%d)", dig->nbytes);
}
exit:
@@ -900,6 +901,9 @@ verifyMD5Signature(const rpmts ts, /*@out@*/ char * t,
/*@null@*/ DIGEST_CTX md5ctx)
/*@modifies *t @*/
{
+ const void * sig = rpmtsSig(ts);
+ int_32 siglen = rpmtsSiglen(ts);
+ pgpDig dig = rpmtsDig(ts);
rpmVerifySignatureReturn res;
byte * md5sum = NULL;
size_t md5len = 0;
@@ -907,7 +911,7 @@ verifyMD5Signature(const rpmts ts, /*@out@*/ char * t,
*t = '\0';
t = stpcpy(t, _("MD5 digest: "));
- if (md5ctx == NULL || ts->sig == NULL || ts->dig == NULL) {
+ if (md5ctx == NULL || sig == NULL || dig == NULL) {
res = RPMSIG_NOKEY; /* XXX RPMSIG_ARGS */
t = stpcpy(t, rpmSigString(res));
goto exit;
@@ -916,11 +920,11 @@ verifyMD5Signature(const rpmts ts, /*@out@*/ char * t,
(void) rpmDigestFinal(rpmDigestDup(md5ctx),
(void **)&md5sum, &md5len, 0);
- if (md5len != ts->siglen || memcmp(md5sum, ts->sig, md5len)) {
+ if (md5len != siglen || memcmp(md5sum, sig, md5len)) {
res = RPMSIG_BAD;
t = stpcpy(t, rpmSigString(res));
t = stpcpy(t, " Expected(");
- (void) pgpHexCvt(t, ts->sig, ts->siglen);
+ (void) pgpHexCvt(t, sig, siglen);
t += strlen(t);
t = stpcpy(t, ") != (");
} else {
@@ -952,167 +956,49 @@ verifySHA1Signature(const rpmts ts, /*@out@*/ char * t,
/*@null@*/ DIGEST_CTX sha1ctx)
/*@modifies *t @*/
{
+ const void * sig = rpmtsSig(ts);
+#ifdef NOTYET
+ int_32 siglen = rpmtsSiglen(ts);
+#endif
+ pgpDig dig = rpmtsDig(ts);
rpmVerifySignatureReturn res;
- const char * sha1 = NULL;
+ const char * SHA1 = NULL;
*t = '\0';
t = stpcpy(t, _("Header SHA1 digest: "));
- if (sha1ctx == NULL || ts->sig == NULL || ts->dig == NULL) {
+ if (sha1ctx == NULL || sig == NULL || dig == NULL) {
res = RPMSIG_NOKEY; /* XXX RPMSIG_ARGS */
t = stpcpy(t, rpmSigString(res));
goto exit;
}
(void) rpmDigestFinal(rpmDigestDup(sha1ctx),
- (void **)&sha1, NULL, 1);
+ (void **)&SHA1, NULL, 1);
- if (sha1 == NULL || strlen(sha1) != strlen(ts->sig)) {
+ if (SHA1 == NULL || strlen(SHA1) != strlen(sig)) {
res = RPMSIG_BAD;
t = stpcpy(t, rpmSigString(res));
t = stpcpy(t, " Expected(");
- t = stpcpy(t, ts->sig);
+ t = stpcpy(t, sig);
t = stpcpy(t, ") != (");
} else {
res = RPMSIG_OK;
t = stpcpy(t, rpmSigString(res));
t = stpcpy(t, " (");
}
- if (sha1)
- t = stpcpy(t, sha1);
+ if (SHA1)
+ t = stpcpy(t, SHA1);
t = stpcpy(t, ")");
exit:
- sha1 = _free(sha1);
+ SHA1 = _free(SHA1);
t = stpcpy(t, "\n");
return res;
}
/*@=boundswrite@*/
/**
- * Retrieve pubkey from rpm database.
- * @param ts rpm transaction
- * @return RPMSIG_OK on success, RPMSIG_NOKEY if not found
- */
-static rpmVerifySignatureReturn
-rpmtsFindPubkey(rpmts ts)
- /*@globals fileSystem, internalState @*/
- /*@modifies ts, fileSystem, internalState */
-{
- struct pgpDigParams_s * sigp = NULL;
- rpmVerifySignatureReturn res;
- int xx;
-
- if (ts->sig == NULL || ts->dig == NULL) {
- res = RPMSIG_NOKEY;
- goto exit;
- }
- sigp = &ts->dig->signature;
-
- if (ts->pkpkt == NULL
- || memcmp(sigp->signid, ts->pksignid, sizeof(ts->pksignid)))
- {
- int ix = -1;
- rpmdbMatchIterator mi;
- Header h;
-
- ts->pkpkt = _free(ts->pkpkt);
- ts->pkpktlen = 0;
- memset(ts->pksignid, 0, sizeof(ts->pksignid));
-
- /* Make sure the database is open. */
- (void) rpmtsOpenDB(ts, ts->dbmode);
-
- /* Retrieve the pubkey that matches the signature. */
- mi = rpmtsInitIterator(ts, RPMTAG_PUBKEYS, sigp->signid, sizeof(sigp->signid));
- while ((h = rpmdbNextIterator(mi)) != NULL) {
- const char ** pubkeys;
- int_32 pt, pc;
-
- if (!headerGetEntry(h, RPMTAG_PUBKEYS, &pt, (void **)&pubkeys, &pc))
- continue;
- ix = rpmdbGetIteratorFileNum(mi);
-/*@-boundsread@*/
- if (ix >= pc
- || b64decode(pubkeys[ix], (void **) &ts->pkpkt, &ts->pkpktlen))
- ix = -1;
-/*@=boundsread@*/
- pubkeys = headerFreeData(pubkeys, pt);
- break;
- }
- mi = rpmdbFreeIterator(mi);
-
- /* Was a matching pubkey found? */
- if (ix < 0 || ts->pkpkt == NULL) {
- res = RPMSIG_NOKEY;
- goto exit;
- }
-
- /*
- * Can the pubkey packets be parsed?
- * Do the parameters match the signature?
- */
- if (pgpPrtPkts(ts->pkpkt, ts->pkpktlen, NULL, 0)
- && ts->dig->signature.pubkey_algo == ts->dig->pubkey.pubkey_algo
-#ifdef NOTYET
- && ts->dig->signature.hash_algo == ts->dig->pubkey.hash_algo
-#endif
- && !memcmp(ts->dig->signature.signid, ts->dig->pubkey.signid, 8))
- {
- ts->pkpkt = _free(ts->pkpkt);
- ts->pkpktlen = 0;
- res = RPMSIG_NOKEY;
- goto exit;
- }
-
- /* XXX Verify the pubkey signature. */
-
- /* Packet looks good, save the signer id. */
-/*@-boundsread@*/
- memcpy(ts->pksignid, sigp->signid, sizeof(ts->pksignid));
-/*@=boundsread@*/
-
- rpmMessage(RPMMESS_DEBUG, "========== %s pubkey id %s\n",
- (sigp->pubkey_algo == PGPPUBKEYALGO_DSA ? "DSA" :
- (sigp->pubkey_algo == PGPPUBKEYALGO_RSA ? "RSA" : "???")),
- pgpHexStr(sigp->signid, sizeof(sigp->signid)));
-
- }
-
-#ifdef NOTNOW
- {
- if (ts->pkpkt == NULL) {
- const char * pkfn = rpmExpand("%{_gpg_pubkey}", NULL);
- if (pgpReadPkts(pkfn, &ts->pkpkt, &ts->pkpktlen) != PGPARMOR_PUBKEY) {
- pkfn = _free(pkfn);
- res = RPMSIG_NOKEY;
- goto exit;
- }
- pkfn = _free(pkfn);
- }
- }
-#endif
-
- /* Retrieve parameters from pubkey packet(s). */
- xx = pgpPrtPkts(ts->pkpkt, ts->pkpktlen, ts->dig, 0);
-
- /* Do the parameters match the signature? */
- if (ts->dig->signature.pubkey_algo == ts->dig->pubkey.pubkey_algo
-#ifdef NOTYET
- && ts->dig->signature.hash_algo == ts->dig->pubkey.hash_algo
-#endif
- && !memcmp(ts->dig->signature.signid, ts->dig->pubkey.signid, 8))
- res = RPMSIG_OK;
- else
- res = RPMSIG_NOKEY;
-
- /* XXX Verify the signature signature. */
-
-exit:
- return res;
-}
-
-/**
* Convert hex to binary nibble.
* @param c hex character
* @return binary nibble
@@ -1140,24 +1026,29 @@ static inline unsigned char nibble(char c)
static rpmVerifySignatureReturn
verifyPGPSignature(rpmts ts, /*@out@*/ char * t,
/*@null@*/ DIGEST_CTX md5ctx)
- /*@globals fileSystem, internalState @*/
- /*@modifies ts, *t, fileSystem, internalState */
+ /*@globals rpmGlobalMacroContext, fileSystem, internalState @*/
+ /*@modifies ts, *t, rpmGlobalMacroContext, fileSystem, internalState */
{
- struct pgpDigParams_s * sigp = NULL;
+ const void * sig = rpmtsSig(ts);
+#ifdef NOTYET
+ int_32 siglen = rpmtsSiglen(ts);
+#endif
+ int_32 sigtag = rpmtsSigtag(ts);
+ pgpDig dig = rpmtsDig(ts);
+ pgpDigParams sigp = rpmtsSignature(ts);
rpmVerifySignatureReturn res;
int xx;
*t = '\0';
t = stpcpy(t, _("V3 RSA/MD5 signature: "));
- if (md5ctx == NULL || ts->sig == NULL || ts->dig == NULL) {
+ if (md5ctx == NULL || sig == NULL || dig == NULL || sigp == NULL) {
res = RPMSIG_NOKEY; /* XXX RPMSIG_ARGS */
goto exit;
}
- sigp = &ts->dig->signature;
- /* XXX sanity check on ts->sigtag and signature agreement. */
- if (!(ts->sigtag == RPMSIGTAG_PGP
+ /* XXX sanity check on sigtag and signature agreement. */
+ if (!(sigtag == RPMSIGTAG_PGP
&& sigp->pubkey_algo == PGPPUBKEYALGO_RSA
&& sigp->hash_algo == PGPHASHALGO_MD5))
{
@@ -1174,7 +1065,7 @@ verifyPGPSignature(rpmts ts, /*@out@*/ char * t,
#ifdef NOTYET /* XXX not for binary/text document signatures. */
if (sigp->sigtype == 4) {
- int nb = ts->dig->nbytes + sigp->hashlen;
+ int nb = dig->nbytes + sigp->hashlen;
byte trailer[6];
nb = htonl(nb);
trailer[0] = 0x4;
@@ -1184,10 +1075,10 @@ verifyPGPSignature(rpmts ts, /*@out@*/ char * t,
}
#endif
- xx = rpmDigestFinal(ctx, (void **)&ts->dig->md5, &ts->dig->md5len, 1);
+ xx = rpmDigestFinal(ctx, (void **)&dig->md5, &dig->md5len, 1);
/* Compare leading 16 bits of digest for quick check. */
- s = ts->dig->md5;
+ s = dig->md5;
signhash16[0] = (nibble(s[0]) << 4) | nibble(s[1]);
signhash16[1] = (nibble(s[2]) << 4) | nibble(s[3]);
if (memcmp(signhash16, sigp->signhash16, sizeof(signhash16))) {
@@ -1207,12 +1098,12 @@ verifyPGPSignature(rpmts ts, /*@out@*/ char * t,
memset(tt, 'f', (2 * nb));
tt[0] = '0'; tt[1] = '0';
tt[2] = '0'; tt[3] = '1';
- tt += (2 * nb) - strlen(prefix) - strlen(ts->dig->md5) - 2;
+ tt += (2 * nb) - strlen(prefix) - strlen(dig->md5) - 2;
*tt++ = '0'; *tt++ = '0';
tt = stpcpy(tt, prefix);
- tt = stpcpy(tt, ts->dig->md5);
+ tt = stpcpy(tt, dig->md5);
- mp32nzero(&ts->dig->rsahm); mp32nsethex(&ts->dig->rsahm, hexstr);
+ mp32nzero(&dig->rsahm); mp32nsethex(&dig->rsahm, hexstr);
hexstr = _free(hexstr);
@@ -1223,7 +1114,7 @@ verifyPGPSignature(rpmts ts, /*@out@*/ char * t,
if (res != RPMSIG_OK)
goto exit;
- if (rsavrfy(&ts->dig->rsa_pk, &ts->dig->rsahm, &ts->dig->c))
+ if (rsavrfy(&dig->rsa_pk, &dig->rsahm, &dig->c))
res = RPMSIG_OK;
else
res = RPMSIG_BAD;
@@ -1251,26 +1142,31 @@ exit:
static rpmVerifySignatureReturn
verifyGPGSignature(rpmts ts, /*@out@*/ char * t,
/*@null@*/ DIGEST_CTX sha1ctx)
- /*@globals fileSystem, internalState @*/
- /*@modifies ts, *t, fileSystem, internalState */
+ /*@globals rpmGlobalMacroContext, fileSystem, internalState @*/
+ /*@modifies ts, *t, rpmGlobalMacroContext, fileSystem, internalState */
{
- struct pgpDigParams_s * sigp = NULL;
+ const void * sig = rpmtsSig(ts);
+#ifdef NOTYET
+ int_32 siglen = rpmtsSiglen(ts);
+#endif
+ int_32 sigtag = rpmtsSigtag(ts);
+ pgpDig dig = rpmtsDig(ts);
+ pgpDigParams sigp = rpmtsSignature(ts);
rpmVerifySignatureReturn res;
int xx;
*t = '\0';
- if (ts->dig != NULL && ts->dig->hdrsha1ctx == sha1ctx)
+ if (dig != NULL && dig->hdrsha1ctx == sha1ctx)
t = stpcpy(t, _("Header "));
t = stpcpy(t, _("V3 DSA signature: "));
- if (sha1ctx == NULL || ts->sig == NULL || ts->dig == NULL) {
+ if (sha1ctx == NULL || sig == NULL || dig == NULL || sigp == NULL) {
res = RPMSIG_NOKEY; /* XXX RPMSIG_ARGS */
goto exit;
}
- sigp = &ts->dig->signature;
- /* XXX sanity check on ts->sigtag and signature agreement. */
- if (!((ts->sigtag == RPMSIGTAG_GPG || ts->sigtag == RPMSIGTAG_DSA)
+ /* XXX sanity check on sigtag and signature agreement. */
+ if (!((sigtag == RPMSIGTAG_GPG || sigtag == RPMSIGTAG_DSA)
&& sigp->pubkey_algo == PGPPUBKEYALGO_DSA
&& sigp->hash_algo == PGPHASHALGO_SHA1))
{
@@ -1286,7 +1182,7 @@ verifyGPGSignature(rpmts ts, /*@out@*/ char * t,
#ifdef NOTYET /* XXX not for binary/text document signatures. */
if (sigp->sigtype == 4) {
- int nb = ts->dig->nbytes + sigp->hashlen;
+ int nb = dig->nbytes + sigp->hashlen;
byte trailer[6];
nb = htonl(nb);
trailer[0] = 0x4;
@@ -1295,13 +1191,13 @@ verifyGPGSignature(rpmts ts, /*@out@*/ char * t,
xx = rpmDigestUpdate(ctx, trailer, sizeof(trailer));
}
#endif
- xx = rpmDigestFinal(ctx, (void **)&ts->dig->sha1, &ts->dig->sha1len, 1);
+ xx = rpmDigestFinal(ctx, (void **)&dig->sha1, &dig->sha1len, 1);
- mp32nzero(&ts->dig->hm); mp32nsethex(&ts->dig->hm, ts->dig->sha1);
+ mp32nzero(&dig->hm); mp32nsethex(&dig->hm, dig->sha1);
/* Compare leading 16 bits of digest for quick check. */
- signhash16[0] = (*ts->dig->hm.data >> 24) & 0xff;
- signhash16[1] = (*ts->dig->hm.data >> 16) & 0xff;
+ signhash16[0] = (*dig->hm.data >> 24) & 0xff;
+ signhash16[1] = (*dig->hm.data >> 16) & 0xff;
if (memcmp(signhash16, sigp->signhash16, sizeof(signhash16))) {
res = RPMSIG_BAD;
goto exit;
@@ -1313,8 +1209,8 @@ verifyGPGSignature(rpmts ts, /*@out@*/ char * t,
if (res != RPMSIG_OK)
goto exit;
- if (dsavrfy(&ts->dig->p, &ts->dig->q, &ts->dig->g,
- &ts->dig->hm, &ts->dig->y, &ts->dig->r, &ts->dig->s))
+ if (dsavrfy(&dig->p, &dig->q, &dig->g,
+ &dig->hm, &dig->y, &dig->r, &dig->s))
res = RPMSIG_OK;
else
res = RPMSIG_BAD;
@@ -1334,33 +1230,37 @@ exit:
rpmVerifySignatureReturn
rpmVerifySignature(const rpmts ts, char * result)
{
+ const void * sig = rpmtsSig(ts);
+ int_32 siglen = rpmtsSiglen(ts);
+ int_32 sigtag = rpmtsSigtag(ts);
+ pgpDig dig = rpmtsDig(ts);
rpmVerifySignatureReturn res;
- if (ts->sig == NULL || ts->siglen <= 0 || ts->dig == NULL) {
+ if (sig == NULL || siglen <= 0 || dig == NULL) {
sprintf(result, _("Verify signature: BAD PARAMETERS\n"));
return RPMSIG_UNKNOWN;
}
- switch (ts->sigtag) {
+ switch (sigtag) {
case RPMSIGTAG_SIZE:
res = verifySizeSignature(ts, result);
break;
case RPMSIGTAG_MD5:
- res = verifyMD5Signature(ts, result, ts->dig->md5ctx);
+ res = verifyMD5Signature(ts, result, dig->md5ctx);
break;
case RPMSIGTAG_SHA1:
- res = verifySHA1Signature(ts, result, ts->dig->hdrsha1ctx);
+ res = verifySHA1Signature(ts, result, dig->hdrsha1ctx);
break;
case RPMSIGTAG_RSA:
case RPMSIGTAG_PGP5: /* XXX legacy */
case RPMSIGTAG_PGP:
- res = verifyPGPSignature(ts, result, ts->dig->md5ctx);
+ res = verifyPGPSignature(ts, result, dig->md5ctx);
break;
case RPMSIGTAG_DSA:
- res = verifyGPGSignature(ts, result, ts->dig->hdrsha1ctx);
+ res = verifyGPGSignature(ts, result, dig->hdrsha1ctx);
break;
case RPMSIGTAG_GPG:
- res = verifyGPGSignature(ts, result, ts->dig->sha1ctx);
+ res = verifyGPGSignature(ts, result, dig->sha1ctx);
break;
case RPMSIGTAG_LEMD5_1:
case RPMSIGTAG_LEMD5_2:
@@ -1368,7 +1268,7 @@ rpmVerifySignature(const rpmts ts, char * result)
res = RPMSIG_UNKNOWN;
break;
default:
- sprintf(result, _("Signature: UNKNOWN (%d)\n"), ts->sigtag);
+ sprintf(result, _("Signature: UNKNOWN (%d)\n"), sigtag);
res = RPMSIG_UNKNOWN;
break;
}
diff --git a/lib/transaction.c b/lib/transaction.c
index 520228863..16c3c8180 100644
--- a/lib/transaction.c
+++ b/lib/transaction.c
@@ -221,8 +221,8 @@ static int handleInstInstalledFiles(const rpmts ts,
rpmte p, rpmfi fi,
sharedFileInfo shared,
int sharedCount, int reportConflicts)
- /*@globals fileSystem, internalState @*/
- /*@modifies ts, fi, fileSystem, internalState @*/
+ /*@globals rpmGlobalMacroContext, fileSystem, internalState @*/
+ /*@modifies ts, fi, rpmGlobalMacroContext, fileSystem, internalState @*/
{
const char * altNEVR = NULL;
rpmfi otherFi = NULL;
@@ -310,8 +310,8 @@ static int handleInstInstalledFiles(const rpmts ts,
/* XXX only ts->rpmdb modified */
static int handleRmvdInstalledFiles(const rpmts ts, rpmfi fi,
sharedFileInfo shared, int sharedCount)
- /*@globals fileSystem, internalState @*/
- /*@modifies ts, fi, fileSystem, internalState @*/
+ /*@globals rpmGlobalMacroContext, fileSystem, internalState @*/
+ /*@modifies ts, fi, rpmGlobalMacroContext, fileSystem, internalState @*/
{
HGE_t hge = fi->hge;
Header h;
@@ -651,8 +651,8 @@ assert(otherFi != NULL);
/* Here is a pre-existing modified config file that needs saving. */
{ char md5sum[50];
- const unsigned char * md5 = fi->md5s + (16 * i);
- if (!domd5(fn, md5sum, 0, NULL) && memcmp(md5, md5sum, 16)) {
+ const unsigned char * MD5 = fi->md5s + (16 * i);
+ if (!domd5(fn, md5sum, 0, NULL) && memcmp(MD5, md5sum, 16)) {
fi->actions[i] = FA_BACKUP;
/*@switchbreak@*/ break;
}
diff --git a/lib/verify.c b/lib/verify.c
index ea2721af2..2d58117d8 100644
--- a/lib/verify.c
+++ b/lib/verify.c
@@ -122,8 +122,8 @@ int rpmVerifyFile(const rpmts ts, const rpmfi fi,
if (rc)
*res |= (RPMVERIFY_READFAIL|RPMVERIFY_MD5);
else {
- const unsigned char * md5 = rpmfiMD5(fi);
- if (md5 == NULL || memcmp(md5sum, md5, sizeof(md5sum)))
+ const unsigned char * MD5 = rpmfiMD5(fi);
+ if (MD5 == NULL || memcmp(md5sum, MD5, sizeof(md5sum)))
*res |= RPMVERIFY_MD5;
}
}
@@ -290,7 +290,7 @@ static int verifyHeader(QVA_t qva, const rpmts ts, rpmfi fi)
ec = rc;
}
} else if (verifyResult) {
- const char * size, * md5, * link, * mtime, * mode;
+ const char * size, * MD5, * link, * mtime, * mode;
const char * group, * user, * rdev;
/*@observer@*/ static const char *const aok = ".";
/*@observer@*/ static const char *const unknown = "?";
@@ -306,7 +306,7 @@ static int verifyHeader(QVA_t qva, const rpmts ts, rpmfi fi)
((verifyResult & RPMVERIFY_READFAIL) ? unknown : \
(verifyResult & _RPMVERIFY_F) ? _C : aok)
- md5 = _verifyfile(RPMVERIFY_MD5, "5");
+ MD5 = _verifyfile(RPMVERIFY_MD5, "5");
size = _verify(RPMVERIFY_FILESIZE, "S");
link = _verifylink(RPMVERIFY_LINKTO, "L");
mtime = _verify(RPMVERIFY_MTIME, "T");
@@ -320,7 +320,7 @@ static int verifyHeader(QVA_t qva, const rpmts ts, rpmfi fi)
#undef _verifyfile
sprintf(te, "%s%s%s%s%s%s%s%s %c %s",
- size, mode, md5, rdev, link, user, group, mtime,
+ size, mode, MD5, rdev, link, user, group, mtime,
((fileAttrs & RPMFILE_CONFIG) ? 'c' :
(fileAttrs & RPMFILE_DOC) ? 'd' :
(fileAttrs & RPMFILE_GHOST) ? 'g' :
@@ -354,8 +354,8 @@ static int verifyHeader(QVA_t qva, const rpmts ts, rpmfi fi)
*/
static int verifyDependencies(/*@unused@*/ QVA_t qva, rpmts ts,
Header h)
- /*@globals fileSystem, internalState @*/
- /*@modifies ts, h, fileSystem, internalState @*/
+ /*@globals rpmGlobalMacroContext, fileSystem, internalState @*/
+ /*@modifies ts, h, rpmGlobalMacroContext, fileSystem, internalState @*/
{
rpmps ps;
int numProblems;