-
Notifications
You must be signed in to change notification settings - Fork 359
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix sinfoCmp to order signatures correctly #3194
Closed
Closed
Changes from all commits
Commits
Show all changes
2 commits
Select commit
Hold shift + click to select a range
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -308,13 +308,13 @@ runroot rpmkeys --define '_pkgverify_level all' -Kv --nosignature /data/RPMS/hel | |
[0], | ||
[[Checking package before importing key: | ||
/data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm: | ||
Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOKEY | ||
Header DSA signature: NOTFOUND | ||
Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOKEY | ||
Header SHA256 digest: OK | ||
Header SHA1 digest: OK | ||
Payload SHA256 digest: OK | ||
RSA signature: NOTFOUND | ||
DSA signature: NOTFOUND | ||
RSA signature: NOTFOUND | ||
MD5 digest: OK | ||
1 | ||
Importing key: | ||
|
@@ -334,8 +334,8 @@ Checking package after importing key, no digest: | |
Header V4 RSA/SHA512 Signature, key ID 15217ee0: OK | ||
Payload SHA256 digest: NOTFOUND | ||
Payload SHA256 ALT digest: NOTFOUND | ||
RSA signature: NOTFOUND | ||
DSA signature: NOTFOUND | ||
RSA signature: NOTFOUND | ||
1 | ||
Checking package after importing key, no signature: | ||
/data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm: | ||
|
@@ -372,13 +372,13 @@ runroot rpmkeys --define '_pkgverify_level all' -Kv --nosignature /data/RPMS/hel | |
[0], | ||
[Checking package before importing key: | ||
/data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm: | ||
Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOKEY | ||
Header DSA signature: NOTFOUND | ||
Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOKEY | ||
Header SHA256 digest: OK | ||
Header SHA1 digest: OK | ||
Payload SHA256 digest: OK | ||
RSA signature: NOTFOUND | ||
DSA signature: NOTFOUND | ||
RSA signature: NOTFOUND | ||
MD5 digest: OK | ||
1 | ||
Importing key: | ||
|
@@ -392,13 +392,13 @@ RPMOUTPUT_SEQUOIA([error: Verifying a signature using certificate B6542F92F30650 | |
RPMOUTPUT_SEQUOIA([ Key 1F71177215217EE0 invalid: key is not alive])dnl | ||
RPMOUTPUT_SEQUOIA([ because: The subkey is not live])dnl | ||
RPMOUTPUT_SEQUOIA([ because: Expired on 2022-04-12T00:00:15Z])dnl | ||
Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOTTRUSTED | ||
Header DSA signature: NOTFOUND | ||
Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOTTRUSTED | ||
Header SHA256 digest: OK | ||
Header SHA1 digest: OK | ||
Payload SHA256 digest: OK | ||
RSA signature: NOTFOUND | ||
DSA signature: NOTFOUND | ||
RSA signature: NOTFOUND | ||
MD5 digest: OK | ||
1 | ||
Checking package after importing key, no digest: | ||
|
@@ -408,10 +408,10 @@ RPMOUTPUT_SEQUOIA([error: Verifying a signature using certificate B6542F92F30650 | |
RPMOUTPUT_SEQUOIA([ Key 1F71177215217EE0 invalid: key is not alive])dnl | ||
RPMOUTPUT_SEQUOIA([ because: The subkey is not live])dnl | ||
RPMOUTPUT_SEQUOIA([ because: Expired on 2022-04-12T00:00:15Z])dnl | ||
Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOTTRUSTED | ||
Header DSA signature: NOTFOUND | ||
RSA signature: NOTFOUND | ||
Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOTTRUSTED | ||
DSA signature: NOTFOUND | ||
RSA signature: NOTFOUND | ||
1 | ||
Checking package after importing key, no signature: | ||
/data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm: | ||
|
@@ -448,13 +448,13 @@ runroot rpmkeys --define '_pkgverify_level all' -Kv --nosignature /data/RPMS/hel | |
[0], | ||
[Checking package before importing key: | ||
/data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm: | ||
Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOKEY | ||
Header DSA signature: NOTFOUND | ||
Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOKEY | ||
Header SHA256 digest: OK | ||
Header SHA1 digest: OK | ||
Payload SHA256 digest: OK | ||
RSA signature: NOTFOUND | ||
DSA signature: NOTFOUND | ||
RSA signature: NOTFOUND | ||
MD5 digest: OK | ||
1 | ||
Importing key: | ||
|
@@ -466,24 +466,24 @@ Checking package after importing key: | |
RPMOUTPUT_LEGACY([error: Subkey 1f71177215217ee0 of key b3a771bfeb04e625 (Alice <[email protected]>) has been revoked])dnl | ||
RPMOUTPUT_SEQUOIA([error: Verifying a signature using certificate B6542F92F30650C36B6F41BCB3A771BFEB04E625 (Alice <[email protected]>):])dnl | ||
RPMOUTPUT_SEQUOIA([ Key 1F71177215217EE0 is invalid: key is revoked])dnl | ||
Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOTTRUSTED | ||
Header DSA signature: NOTFOUND | ||
Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOTTRUSTED | ||
Header SHA256 digest: OK | ||
Header SHA1 digest: OK | ||
Payload SHA256 digest: OK | ||
RSA signature: NOTFOUND | ||
DSA signature: NOTFOUND | ||
RSA signature: NOTFOUND | ||
MD5 digest: OK | ||
1 | ||
Checking package after importing key, no digest: | ||
/data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm: | ||
RPMOUTPUT_LEGACY([error: Subkey 1f71177215217ee0 of key b3a771bfeb04e625 (Alice <[email protected]>) has been revoked])dnl | ||
RPMOUTPUT_SEQUOIA([error: Verifying a signature using certificate B6542F92F30650C36B6F41BCB3A771BFEB04E625 (Alice <[email protected]>):])dnl | ||
RPMOUTPUT_SEQUOIA([ Key 1F71177215217EE0 is invalid: key is revoked])dnl | ||
Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOTTRUSTED | ||
Header DSA signature: NOTFOUND | ||
RSA signature: NOTFOUND | ||
Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOTTRUSTED | ||
DSA signature: NOTFOUND | ||
RSA signature: NOTFOUND | ||
1 | ||
Checking package after importing key, no signature: | ||
/data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm: | ||
|
@@ -864,8 +864,8 @@ runroot rpmkeys -Kv /tmp/${pkg} | |
Header SHA1 digest: OK | ||
Payload SHA256 digest: BAD (Expected 84a7338287bf19715c4eed0243f5cdb447eeb0ade37b2af718d4060aefca2f7c != bea903609dceac36e1f26a983c493c98064d320fdfeb423034ed63d649b2c8dc) | ||
Payload SHA256 ALT digest: NOTFOUND | ||
V4 RSA/SHA256 Signature, key ID 1964c5fc: BAD | ||
DSA signature: NOTFOUND | ||
V4 RSA/SHA256 Signature, key ID 1964c5fc: BAD | ||
MD5 digest: BAD (Expected 137ca1d8b35cca02a1854ba301c5432e != d662cd0d81601a7107312684ad1ddf38) | ||
], | ||
[]) | ||
|
@@ -904,8 +904,8 @@ dorpm -Kv | |
Header SHA256 digest: OK | ||
Payload SHA256 digest: NOTFOUND | ||
Payload SHA256 ALT digest: NOTFOUND | ||
RSA signature: NOTFOUND | ||
DSA signature: NOTFOUND | ||
RSA signature: NOTFOUND | ||
MD5 digest: OK | ||
]], | ||
[]) | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Don't. Don't abuse a completely unrelated field when there's no reason to do so, just because you think you might get away with it. It only achieves making fairly complicated logic even more confusing and that's not what you want in security sensitive code. This is an internal struct, if you need a severity field then add it. And since it can then be used to aid sorting these items, maybe it'll all fall into place more naturally that way. For one, using a nicer data structure (now that we have plenty available) might make it all much saner.
This verification callback fubar was written under RHEL deadline pressure six years ago and isn't exactly one of my pridest moments...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ehm, okay so vd->type is something entirely different (a field badly named by me), I first thought this was abusing the data contained in sinfo->type. This is more harmless but also there's nothing saved by avoiding an extra field for the purpose, this code is bad enough as it is 😆