diff --git a/lib/rpmvs.c b/lib/rpmvs.c index 783dbba874..3b07da3805 100644 --- a/lib/rpmvs.c +++ b/lib/rpmvs.c @@ -440,9 +440,9 @@ static int sinfoCmp(const void *a, const void *b) rc = sb->type - sa->type; /* strongest (in the "newer is better" sense) algos first */ if (rc == 0) - rc = sb->sigalgo - sb->sigalgo; + rc = sb->sigalgo - sa->sigalgo; if (rc == 0) - rc = sb->hashalgo - sb->hashalgo; + rc = sb->hashalgo - sa->hashalgo; /* last resort, these only makes sense from consistency POV */ if (rc == 0) rc = sb->id - sa->id; diff --git a/lib/transaction.c b/lib/transaction.c index 1453bc782e..8f3dc9612f 100644 --- a/lib/transaction.c +++ b/lib/transaction.c @@ -1177,38 +1177,75 @@ struct vfydata_s { int vfylevel; }; +/* order rpmRC codes by severity */ +static int rpmRCseverity(rpmRC rc) +{ + switch (rc) { + case RPMRC_OK: + return 0; + case RPMRC_NOTFOUND: + return 1; + case RPMRC_NOKEY: + return 2; + case RPMRC_NOTTRUSTED: + return 3; + case RPMRC_FAIL: + return 4; + } + return rc; +} + static int vfyCb(struct rpmsinfo_s *sinfo, void *cbdata) { struct vfydata_s *vd = (struct vfydata_s *)cbdata; + int newerror = 0; + + + int severity = rpmRCseverity(sinfo->rc); if (sinfo->type & RPMSIG_VERIFIABLE_TYPE && sinfo->rc != RPMRC_NOTFOUND) { - int res = (sinfo->rc != RPMRC_OK); /* Take care not to override a previous failure with success */ - if (res > vd->type[sinfo->type]) - vd->type[sinfo->type] = res; + if (severity > vd->type[sinfo->type]) { + vd->type[sinfo->type] = severity; + newerror = 1; + } + } + + /* + * Legacy compat: if signatures are not required, install must + * succeed despite missing key. + */ + if (sinfo->rc == RPMRC_NOKEY && !(vd->vfylevel & RPMSIG_SIGNATURE_TYPE)) { + sinfo->rc = RPMRC_OK; + severity = rpmRCseverity(sinfo->rc); + newerror = 0; + } + + /* Nothing new */ + if (!newerror && !(sinfo->rc == RPMRC_NOTFOUND)) + return 1; + + /* Don't overwrite more important errors */ + for (int type=0; type < (sizeof(vd->type)/sizeof(vd->type[0])); type++) { + if ((type != sinfo->type || sinfo->rc == RPMRC_NOTFOUND) && vd->type[type] >= severity) { + return 1; + } } switch (sinfo->rc) { case RPMRC_OK: break; case RPMRC_NOTFOUND: + vd->msg = _free(vd->msg); vd->msg = xstrdup((sinfo->type == RPMSIG_SIGNATURE_TYPE) ? _("no signature") : _("no digest")); break; - case RPMRC_NOKEY: - /* - * Legacy compat: if signatures are not required, install must - * succeed despite missing key. - */ - if (!(vd->vfylevel & RPMSIG_SIGNATURE_TYPE)) - sinfo->rc = RPMRC_OK; - /* fallthrough */ default: - if (sinfo->rc) - vd->msg = rpmsinfoMsg(sinfo); + vd->msg = _free(vd->msg); + vd->msg = rpmsinfoMsg(sinfo); break; } - return (sinfo->rc == 0); + return 1; } static int verifyPackageFiles(rpmts ts, rpm_loff_t total) diff --git a/tests/rpmi.at b/tests/rpmi.at index 7d1a0a8714..ea25f1a629 100644 --- a/tests/rpmi.at +++ b/tests/rpmi.at @@ -442,9 +442,9 @@ error: unpacking of archive failed: cpio: Bad magic error: hello-2.0-1.x86_64: install failed INSTALL 3 warning: /tmp/hello-2.0-1.x86_64-signed.rpm: Header V4 RSA/SHA256 Signature, key ID 1964c5fc: NOKEY - package hello-2.0-1.x86_64 does not verify: Header V4 RSA/SHA256 Signature, key ID 1964c5fc: NOKEY + package hello-2.0-1.x86_64 does not verify: Payload SHA256 digest: BAD (Expected 84a7338287bf19715c4eed0243f5cdb447eeb0ade37b2af718d4060aefca2f7c != 3129d507d00b1dc60745d9637010b5d82059ebeff2318b2db75b26272b823586) INSTALL 4 - package hello-2.0-1.x86_64 does not verify: no signature + package hello-2.0-1.x86_64 does not verify: Payload SHA256 digest: BAD (Expected 84a7338287bf19715c4eed0243f5cdb447eeb0ade37b2af718d4060aefca2f7c != 3129d507d00b1dc60745d9637010b5d82059ebeff2318b2db75b26272b823586) INSTALL 5 warning: /tmp/hello-2.0-1.x86_64-signed.rpm: Header V4 RSA/SHA256 Signature, key ID 1964c5fc: NOKEY error: unpacking of archive failed: cpio: Bad magic diff --git a/tests/rpmsigdig.at b/tests/rpmsigdig.at index e62c634154..3ee6409da2 100644 --- a/tests/rpmsigdig.at +++ b/tests/rpmsigdig.at @@ -308,13 +308,13 @@ runroot rpmkeys --define '_pkgverify_level all' -Kv --nosignature /data/RPMS/hel [0], [[Checking package before importing key: /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm: - Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOKEY Header DSA signature: NOTFOUND + Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOKEY Header SHA256 digest: OK Header SHA1 digest: OK Payload SHA256 digest: OK - RSA signature: NOTFOUND DSA signature: NOTFOUND + RSA signature: NOTFOUND MD5 digest: OK 1 Importing key: @@ -334,8 +334,8 @@ Checking package after importing key, no digest: Header V4 RSA/SHA512 Signature, key ID 15217ee0: OK Payload SHA256 digest: NOTFOUND Payload SHA256 ALT digest: NOTFOUND - RSA signature: NOTFOUND DSA signature: NOTFOUND + RSA signature: NOTFOUND 1 Checking package after importing key, no signature: /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm: @@ -372,13 +372,13 @@ runroot rpmkeys --define '_pkgverify_level all' -Kv --nosignature /data/RPMS/hel [0], [Checking package before importing key: /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm: - Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOKEY Header DSA signature: NOTFOUND + Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOKEY Header SHA256 digest: OK Header SHA1 digest: OK Payload SHA256 digest: OK - RSA signature: NOTFOUND DSA signature: NOTFOUND + RSA signature: NOTFOUND MD5 digest: OK 1 Importing key: @@ -392,13 +392,13 @@ RPMOUTPUT_SEQUOIA([error: Verifying a signature using certificate B6542F92F30650 RPMOUTPUT_SEQUOIA([ Key 1F71177215217EE0 invalid: key is not alive])dnl RPMOUTPUT_SEQUOIA([ because: The subkey is not live])dnl RPMOUTPUT_SEQUOIA([ because: Expired on 2022-04-12T00:00:15Z])dnl - Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOTTRUSTED Header DSA signature: NOTFOUND + Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOTTRUSTED Header SHA256 digest: OK Header SHA1 digest: OK Payload SHA256 digest: OK - RSA signature: NOTFOUND DSA signature: NOTFOUND + RSA signature: NOTFOUND MD5 digest: OK 1 Checking package after importing key, no digest: @@ -408,10 +408,10 @@ RPMOUTPUT_SEQUOIA([error: Verifying a signature using certificate B6542F92F30650 RPMOUTPUT_SEQUOIA([ Key 1F71177215217EE0 invalid: key is not alive])dnl RPMOUTPUT_SEQUOIA([ because: The subkey is not live])dnl RPMOUTPUT_SEQUOIA([ because: Expired on 2022-04-12T00:00:15Z])dnl - Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOTTRUSTED Header DSA signature: NOTFOUND - RSA signature: NOTFOUND + Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOTTRUSTED DSA signature: NOTFOUND + RSA signature: NOTFOUND 1 Checking package after importing key, no signature: /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm: @@ -448,13 +448,13 @@ runroot rpmkeys --define '_pkgverify_level all' -Kv --nosignature /data/RPMS/hel [0], [Checking package before importing key: /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm: - Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOKEY Header DSA signature: NOTFOUND + Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOKEY Header SHA256 digest: OK Header SHA1 digest: OK Payload SHA256 digest: OK - RSA signature: NOTFOUND DSA signature: NOTFOUND + RSA signature: NOTFOUND MD5 digest: OK 1 Importing key: @@ -466,13 +466,13 @@ Checking package after importing key: RPMOUTPUT_LEGACY([error: Subkey 1f71177215217ee0 of key b3a771bfeb04e625 (Alice ) has been revoked])dnl RPMOUTPUT_SEQUOIA([error: Verifying a signature using certificate B6542F92F30650C36B6F41BCB3A771BFEB04E625 (Alice ):])dnl RPMOUTPUT_SEQUOIA([ Key 1F71177215217EE0 is invalid: key is revoked])dnl - Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOTTRUSTED Header DSA signature: NOTFOUND + Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOTTRUSTED Header SHA256 digest: OK Header SHA1 digest: OK Payload SHA256 digest: OK - RSA signature: NOTFOUND DSA signature: NOTFOUND + RSA signature: NOTFOUND MD5 digest: OK 1 Checking package after importing key, no digest: @@ -480,10 +480,10 @@ Checking package after importing key, no digest: RPMOUTPUT_LEGACY([error: Subkey 1f71177215217ee0 of key b3a771bfeb04e625 (Alice ) has been revoked])dnl RPMOUTPUT_SEQUOIA([error: Verifying a signature using certificate B6542F92F30650C36B6F41BCB3A771BFEB04E625 (Alice ):])dnl RPMOUTPUT_SEQUOIA([ Key 1F71177215217EE0 is invalid: key is revoked])dnl - Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOTTRUSTED Header DSA signature: NOTFOUND - RSA signature: NOTFOUND + Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOTTRUSTED DSA signature: NOTFOUND + RSA signature: NOTFOUND 1 Checking package after importing key, no signature: /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm: @@ -864,8 +864,8 @@ runroot rpmkeys -Kv /tmp/${pkg} Header SHA1 digest: OK Payload SHA256 digest: BAD (Expected 84a7338287bf19715c4eed0243f5cdb447eeb0ade37b2af718d4060aefca2f7c != bea903609dceac36e1f26a983c493c98064d320fdfeb423034ed63d649b2c8dc) Payload SHA256 ALT digest: NOTFOUND - V4 RSA/SHA256 Signature, key ID 1964c5fc: BAD DSA signature: NOTFOUND + V4 RSA/SHA256 Signature, key ID 1964c5fc: BAD MD5 digest: BAD (Expected 137ca1d8b35cca02a1854ba301c5432e != d662cd0d81601a7107312684ad1ddf38) ], []) @@ -904,8 +904,8 @@ dorpm -Kv Header SHA256 digest: OK Payload SHA256 digest: NOTFOUND Payload SHA256 ALT digest: NOTFOUND - RSA signature: NOTFOUND DSA signature: NOTFOUND + RSA signature: NOTFOUND MD5 digest: OK ]], []) diff --git a/tests/rpmvfylevel.at b/tests/rpmvfylevel.at index e188d025e5..2dca64d93e 100644 --- a/tests/rpmvfylevel.at +++ b/tests/rpmvfylevel.at @@ -332,8 +332,8 @@ noplds Header SHA1 digest: OK Payload SHA256 digest: NOTFOUND Payload SHA256 ALT digest: NOTFOUND - RSA signature: NOTFOUND DSA signature: NOTFOUND + RSA signature: NOTFOUND MD5 digest: OK 1 nohdrs @@ -346,13 +346,13 @@ nohdrs 0 nosig /data/RPMS/hello-2.0-1.x86_64-signed.rpm: - Header RSA signature: NOTFOUND Header DSA signature: NOTFOUND + Header RSA signature: NOTFOUND Header SHA256 digest: OK Header SHA1 digest: OK Payload SHA256 digest: OK - RSA signature: NOTFOUND DSA signature: NOTFOUND + RSA signature: NOTFOUND MD5 digest: OK 1 ],