Skip to content

Commit

Permalink
Fix sinfoCmp to order signatures correctly
Browse files Browse the repository at this point in the history
This requires adjusting a number of test that reflect the ordering. The
changes in tests/rpmsigdig.at look straight forward and correct - just
changing the order in which the signatures and checksums are presented.

The changes in tests/rpmi.at seem to drop the relevant information. This
might be accidental as the code just returns the first issue found. But
"no signature" seems kinda weird result when before it complaint about a
specific signature. The next patch tries to fix that.

Resolves: #3185
  • Loading branch information
ffesti committed Jul 18, 2024
1 parent 184475d commit 23a0bea
Show file tree
Hide file tree
Showing 4 changed files with 24 additions and 24 deletions.
4 changes: 2 additions & 2 deletions lib/rpmvs.c
Original file line number Diff line number Diff line change
Expand Up @@ -440,9 +440,9 @@ static int sinfoCmp(const void *a, const void *b)
rc = sb->type - sa->type;
/* strongest (in the "newer is better" sense) algos first */
if (rc == 0)
rc = sb->sigalgo - sb->sigalgo;
rc = sb->sigalgo - sa->sigalgo;
if (rc == 0)
rc = sb->hashalgo - sb->hashalgo;
rc = sb->hashalgo - sa->hashalgo;
/* last resort, these only makes sense from consistency POV */
if (rc == 0)
rc = sb->id - sa->id;
Expand Down
4 changes: 2 additions & 2 deletions tests/rpmi.at
Original file line number Diff line number Diff line change
Expand Up @@ -309,7 +309,7 @@ runroot rpm -U --ignorearch --ignoreos --nodeps \
[1],
[],
[warning: /data/RPMS/hello-2.0-1.x86_64-signed.rpm: Header V4 RSA/SHA256 Signature, key ID 1964c5fc: NOKEY
package hello-2.0-1.x86_64 does not verify: Header V4 RSA/SHA256 Signature, key ID 1964c5fc: NOKEY
package hello-2.0-1.x86_64 does not verify: no signature
])
RPMTEST_CLEANUP

Expand Down Expand Up @@ -442,7 +442,7 @@ error: unpacking of archive failed: cpio: Bad magic
error: hello-2.0-1.x86_64: install failed
INSTALL 3
warning: /tmp/hello-2.0-1.x86_64-signed.rpm: Header V4 RSA/SHA256 Signature, key ID 1964c5fc: NOKEY
package hello-2.0-1.x86_64 does not verify: Header V4 RSA/SHA256 Signature, key ID 1964c5fc: NOKEY
package hello-2.0-1.x86_64 does not verify: no signature
INSTALL 4
package hello-2.0-1.x86_64 does not verify: no signature
INSTALL 5
Expand Down
34 changes: 17 additions & 17 deletions tests/rpmsigdig.at
Original file line number Diff line number Diff line change
Expand Up @@ -308,13 +308,13 @@ runroot rpmkeys --define '_pkgverify_level all' -Kv --nosignature /data/RPMS/hel
[0],
[[Checking package before importing key:
/data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm:
Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOKEY
Header DSA signature: NOTFOUND
Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOKEY
Header SHA256 digest: OK
Header SHA1 digest: OK
Payload SHA256 digest: OK
RSA signature: NOTFOUND
DSA signature: NOTFOUND
RSA signature: NOTFOUND
MD5 digest: OK
1
Importing key:
Expand All @@ -334,8 +334,8 @@ Checking package after importing key, no digest:
Header V4 RSA/SHA512 Signature, key ID 15217ee0: OK
Payload SHA256 digest: NOTFOUND
Payload SHA256 ALT digest: NOTFOUND
RSA signature: NOTFOUND
DSA signature: NOTFOUND
RSA signature: NOTFOUND
1
Checking package after importing key, no signature:
/data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm:
Expand Down Expand Up @@ -372,13 +372,13 @@ runroot rpmkeys --define '_pkgverify_level all' -Kv --nosignature /data/RPMS/hel
[0],
[Checking package before importing key:
/data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm:
Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOKEY
Header DSA signature: NOTFOUND
Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOKEY
Header SHA256 digest: OK
Header SHA1 digest: OK
Payload SHA256 digest: OK
RSA signature: NOTFOUND
DSA signature: NOTFOUND
RSA signature: NOTFOUND
MD5 digest: OK
1
Importing key:
Expand All @@ -392,13 +392,13 @@ RPMOUTPUT_SEQUOIA([error: Verifying a signature using certificate B6542F92F30650
RPMOUTPUT_SEQUOIA([ Key 1F71177215217EE0 invalid: key is not alive])dnl
RPMOUTPUT_SEQUOIA([ because: The subkey is not live])dnl
RPMOUTPUT_SEQUOIA([ because: Expired on 2022-04-12T00:00:15Z])dnl
Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOTTRUSTED
Header DSA signature: NOTFOUND
Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOTTRUSTED
Header SHA256 digest: OK
Header SHA1 digest: OK
Payload SHA256 digest: OK
RSA signature: NOTFOUND
DSA signature: NOTFOUND
RSA signature: NOTFOUND
MD5 digest: OK
1
Checking package after importing key, no digest:
Expand All @@ -408,10 +408,10 @@ RPMOUTPUT_SEQUOIA([error: Verifying a signature using certificate B6542F92F30650
RPMOUTPUT_SEQUOIA([ Key 1F71177215217EE0 invalid: key is not alive])dnl
RPMOUTPUT_SEQUOIA([ because: The subkey is not live])dnl
RPMOUTPUT_SEQUOIA([ because: Expired on 2022-04-12T00:00:15Z])dnl
Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOTTRUSTED
Header DSA signature: NOTFOUND
RSA signature: NOTFOUND
Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOTTRUSTED
DSA signature: NOTFOUND
RSA signature: NOTFOUND
1
Checking package after importing key, no signature:
/data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm:
Expand Down Expand Up @@ -448,13 +448,13 @@ runroot rpmkeys --define '_pkgverify_level all' -Kv --nosignature /data/RPMS/hel
[0],
[Checking package before importing key:
/data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm:
Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOKEY
Header DSA signature: NOTFOUND
Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOKEY
Header SHA256 digest: OK
Header SHA1 digest: OK
Payload SHA256 digest: OK
RSA signature: NOTFOUND
DSA signature: NOTFOUND
RSA signature: NOTFOUND
MD5 digest: OK
1
Importing key:
Expand All @@ -466,24 +466,24 @@ Checking package after importing key:
RPMOUTPUT_LEGACY([error: Subkey 1f71177215217ee0 of key b3a771bfeb04e625 (Alice <[email protected]>) has been revoked])dnl
RPMOUTPUT_SEQUOIA([error: Verifying a signature using certificate B6542F92F30650C36B6F41BCB3A771BFEB04E625 (Alice <[email protected]>):])dnl
RPMOUTPUT_SEQUOIA([ Key 1F71177215217EE0 is invalid: key is revoked])dnl
Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOTTRUSTED
Header DSA signature: NOTFOUND
Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOTTRUSTED
Header SHA256 digest: OK
Header SHA1 digest: OK
Payload SHA256 digest: OK
RSA signature: NOTFOUND
DSA signature: NOTFOUND
RSA signature: NOTFOUND
MD5 digest: OK
1
Checking package after importing key, no digest:
/data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm:
RPMOUTPUT_LEGACY([error: Subkey 1f71177215217ee0 of key b3a771bfeb04e625 (Alice <[email protected]>) has been revoked])dnl
RPMOUTPUT_SEQUOIA([error: Verifying a signature using certificate B6542F92F30650C36B6F41BCB3A771BFEB04E625 (Alice <[email protected]>):])dnl
RPMOUTPUT_SEQUOIA([ Key 1F71177215217EE0 is invalid: key is revoked])dnl
Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOTTRUSTED
Header DSA signature: NOTFOUND
RSA signature: NOTFOUND
Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOTTRUSTED
DSA signature: NOTFOUND
RSA signature: NOTFOUND
1
Checking package after importing key, no signature:
/data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm:
Expand Down Expand Up @@ -864,8 +864,8 @@ runroot rpmkeys -Kv /tmp/${pkg}
Header SHA1 digest: OK
Payload SHA256 digest: BAD (Expected 84a7338287bf19715c4eed0243f5cdb447eeb0ade37b2af718d4060aefca2f7c != bea903609dceac36e1f26a983c493c98064d320fdfeb423034ed63d649b2c8dc)
Payload SHA256 ALT digest: NOTFOUND
V4 RSA/SHA256 Signature, key ID 1964c5fc: BAD
DSA signature: NOTFOUND
V4 RSA/SHA256 Signature, key ID 1964c5fc: BAD
MD5 digest: BAD (Expected 137ca1d8b35cca02a1854ba301c5432e != d662cd0d81601a7107312684ad1ddf38)
],
[])
Expand Down Expand Up @@ -904,8 +904,8 @@ dorpm -Kv
Header SHA256 digest: OK
Payload SHA256 digest: NOTFOUND
Payload SHA256 ALT digest: NOTFOUND
RSA signature: NOTFOUND
DSA signature: NOTFOUND
RSA signature: NOTFOUND
MD5 digest: OK
]],
[])
Expand Down
6 changes: 3 additions & 3 deletions tests/rpmvfylevel.at
Original file line number Diff line number Diff line change
Expand Up @@ -332,8 +332,8 @@ noplds
Header SHA1 digest: OK
Payload SHA256 digest: NOTFOUND
Payload SHA256 ALT digest: NOTFOUND
RSA signature: NOTFOUND
DSA signature: NOTFOUND
RSA signature: NOTFOUND
MD5 digest: OK
1
nohdrs
Expand All @@ -346,13 +346,13 @@ nohdrs
0
nosig
/data/RPMS/hello-2.0-1.x86_64-signed.rpm:
Header RSA signature: NOTFOUND
Header DSA signature: NOTFOUND
Header RSA signature: NOTFOUND
Header SHA256 digest: OK
Header SHA1 digest: OK
Payload SHA256 digest: OK
RSA signature: NOTFOUND
DSA signature: NOTFOUND
RSA signature: NOTFOUND
MD5 digest: OK
1
],
Expand Down

0 comments on commit 23a0bea

Please sign in to comment.