Skip to content

Commit

Permalink
Report most severe signature issue
Browse files Browse the repository at this point in the history
Don't rely on the fist issue found being the most meaningful. Always
return 1 to loop through all signatures / hashes. Use the first error of
the highest severity.

Using the severity in vd->type[] is a bit of a hack but OK as it is only
checked for == RPMRC_OK (aka 0) in verifyPackageFiles.

Related: #3185
  • Loading branch information
ffesti committed Jul 26, 2024
1 parent 23a0bea commit a242ec7
Show file tree
Hide file tree
Showing 2 changed files with 54 additions and 17 deletions.
65 changes: 51 additions & 14 deletions lib/transaction.c
Original file line number Diff line number Diff line change
Expand Up @@ -1177,38 +1177,75 @@ struct vfydata_s {
int vfylevel;
};

/* order rpmRC codes by severity */
static int rpmRCseverity(rpmRC rc)
{
switch (rc) {
case RPMRC_OK:
return 0;
case RPMRC_NOTFOUND:
return 1;
case RPMRC_NOKEY:
return 2;
case RPMRC_NOTTRUSTED:
return 3;
case RPMRC_FAIL:
return 4;
}
return rc;
}

static int vfyCb(struct rpmsinfo_s *sinfo, void *cbdata)
{
struct vfydata_s *vd = (struct vfydata_s *)cbdata;
int newerror = 0;


int severity = rpmRCseverity(sinfo->rc);

if (sinfo->type & RPMSIG_VERIFIABLE_TYPE && sinfo->rc != RPMRC_NOTFOUND) {
int res = (sinfo->rc != RPMRC_OK);
/* Take care not to override a previous failure with success */
if (res > vd->type[sinfo->type])
vd->type[sinfo->type] = res;
if (severity > vd->type[sinfo->type]) {
vd->type[sinfo->type] = severity;
newerror = 1;
}
}

/*
* Legacy compat: if signatures are not required, install must
* succeed despite missing key.
*/
if (sinfo->rc == RPMRC_NOKEY && !(vd->vfylevel & RPMSIG_SIGNATURE_TYPE)) {
sinfo->rc = RPMRC_OK;
severity = rpmRCseverity(sinfo->rc);
newerror = 0;
}

/* Nothing new */
if (!newerror && !(sinfo->rc == RPMRC_NOTFOUND))
return 1;

/* Don't overwrite more important errors */
for (int type=0; type < (sizeof(vd->type)/sizeof(vd->type[0])); type++) {
if ((type != sinfo->type || sinfo->rc == RPMRC_NOTFOUND) && vd->type[type] >= severity) {
return 1;
}
}

switch (sinfo->rc) {
case RPMRC_OK:
break;
case RPMRC_NOTFOUND:
vd->msg = _free(vd->msg);
vd->msg = xstrdup((sinfo->type == RPMSIG_SIGNATURE_TYPE) ?
_("no signature") : _("no digest"));
break;
case RPMRC_NOKEY:
/*
* Legacy compat: if signatures are not required, install must
* succeed despite missing key.
*/
if (!(vd->vfylevel & RPMSIG_SIGNATURE_TYPE))
sinfo->rc = RPMRC_OK;
/* fallthrough */
default:
if (sinfo->rc)
vd->msg = rpmsinfoMsg(sinfo);
vd->msg = _free(vd->msg);
vd->msg = rpmsinfoMsg(sinfo);
break;
}
return (sinfo->rc == 0);
return 1;
}

static int verifyPackageFiles(rpmts ts, rpm_loff_t total)
Expand Down
6 changes: 3 additions & 3 deletions tests/rpmi.at
Original file line number Diff line number Diff line change
Expand Up @@ -309,7 +309,7 @@ runroot rpm -U --ignorearch --ignoreos --nodeps \
[1],
[],
[warning: /data/RPMS/hello-2.0-1.x86_64-signed.rpm: Header V4 RSA/SHA256 Signature, key ID 1964c5fc: NOKEY
package hello-2.0-1.x86_64 does not verify: no signature
package hello-2.0-1.x86_64 does not verify: Header V4 RSA/SHA256 Signature, key ID 1964c5fc: NOKEY
])
RPMTEST_CLEANUP

Expand Down Expand Up @@ -442,9 +442,9 @@ error: unpacking of archive failed: cpio: Bad magic
error: hello-2.0-1.x86_64: install failed
INSTALL 3
warning: /tmp/hello-2.0-1.x86_64-signed.rpm: Header V4 RSA/SHA256 Signature, key ID 1964c5fc: NOKEY
package hello-2.0-1.x86_64 does not verify: no signature
package hello-2.0-1.x86_64 does not verify: Payload SHA256 digest: BAD (Expected 84a7338287bf19715c4eed0243f5cdb447eeb0ade37b2af718d4060aefca2f7c != 3129d507d00b1dc60745d9637010b5d82059ebeff2318b2db75b26272b823586)
INSTALL 4
package hello-2.0-1.x86_64 does not verify: no signature
package hello-2.0-1.x86_64 does not verify: Payload SHA256 digest: BAD (Expected 84a7338287bf19715c4eed0243f5cdb447eeb0ade37b2af718d4060aefca2f7c != 3129d507d00b1dc60745d9637010b5d82059ebeff2318b2db75b26272b823586)
INSTALL 5
warning: /tmp/hello-2.0-1.x86_64-signed.rpm: Header V4 RSA/SHA256 Signature, key ID 1964c5fc: NOKEY
error: unpacking of archive failed: cpio: Bad magic
Expand Down

0 comments on commit a242ec7

Please sign in to comment.