From ea2ae90be4dbeaedc435c002bd1929692599ada9 Mon Sep 17 00:00:00 2001 From: Lans Zhang Date: Tue, 18 Jul 2017 13:51:07 +0800 Subject: rpm: allow to enable IMA signing Signed-off-by: Lans Zhang --- ...-sign-arguments-to-signature-deletion-too.patch | 162 +++++++++++++++++++++ ...-Beat-some-sense-into-rpmsign-cli-parsing.patch | 43 ++++++ ...thinko-typo-in-file-signing-error-message.patch | 25 ++++ ...4-Bury-get_fskpass-inside-rpmsign-utility.patch | 145 ++++++++++++++++++ ...ise-file-signing-features-if-support-not-.patch | 87 +++++++++++ ...e-bunch-of-redundant-environ-declarations.patch | 85 +++++++++++ ...ULL-bodied-macros-in-case-of-get_fskpass-.patch | 43 ++++++ ...-password-helper-variables-to-local-scope.patch | 58 ++++++++ ...ory-allocator-so-we-dont-need-to-check-fo.patch | 33 +++++ ...0-Fix-a-number-of-problems-in-get_fskpass.patch | 54 +++++++ ...file-digests-to-SHA256-by-default-finally.patch | 47 ++++++ meta-integrity/recipes-devtools/rpm/rpm_%.bbappend | 23 +++ 12 files changed, 805 insertions(+) create mode 100644 meta-integrity/recipes-devtools/rpm/rpm/0001-Pass-sign-arguments-to-signature-deletion-too.patch create mode 100644 meta-integrity/recipes-devtools/rpm/rpm/0002-Beat-some-sense-into-rpmsign-cli-parsing.patch create mode 100644 meta-integrity/recipes-devtools/rpm/rpm/0003-Fix-thinko-typo-in-file-signing-error-message.patch create mode 100644 meta-integrity/recipes-devtools/rpm/rpm/0004-Bury-get_fskpass-inside-rpmsign-utility.patch create mode 100644 meta-integrity/recipes-devtools/rpm/rpm/0005-Dont-advertise-file-signing-features-if-support-not-.patch create mode 100644 meta-integrity/recipes-devtools/rpm/rpm/0006-Remove-bunch-of-redundant-environ-declarations.patch create mode 100644 meta-integrity/recipes-devtools/rpm/rpm/0007-Dont-push-NULL-bodied-macros-in-case-of-get_fskpass-.patch create mode 100644 meta-integrity/recipes-devtools/rpm/rpm/0008-Move-key-password-helper-variables-to-local-scope.patch create mode 100644 meta-integrity/recipes-devtools/rpm/rpm/0009-Use-rpm-memory-allocator-so-we-dont-need-to-check-fo.patch create mode 100644 meta-integrity/recipes-devtools/rpm/rpm/0010-Fix-a-number-of-problems-in-get_fskpass.patch create mode 100644 meta-integrity/recipes-devtools/rpm/rpm/0011-Bump-file-digests-to-SHA256-by-default-finally.patch create mode 100644 meta-integrity/recipes-devtools/rpm/rpm_%.bbappend diff --git a/meta-integrity/recipes-devtools/rpm/rpm/0001-Pass-sign-arguments-to-signature-deletion-too.patch b/meta-integrity/recipes-devtools/rpm/rpm/0001-Pass-sign-arguments-to-signature-deletion-too.patch new file mode 100644 index 0000000..a2c453f --- /dev/null +++ b/meta-integrity/recipes-devtools/rpm/rpm/0001-Pass-sign-arguments-to-signature-deletion-too.patch @@ -0,0 +1,162 @@ +From 23dc36f0d587495f2d29ebefd9e46437069b5a2d Mon Sep 17 00:00:00 2001 +From: Panu Matilainen +Date: Mon, 29 May 2017 16:11:55 +0300 +Subject: [PATCH] Pass sign arguments to signature deletion too + +Refactor rpmsign and python bindings to be more similar on both +addsign/delsign operations, and always pass the signing arguments +along. Deletion doesn't actually (yet) use the arguments for anything +but makes things more symmetric (I remember having doubts about +this when adding - reminder to self: if in doubt, add more arguments ;) + +Yet another API break, but what the hey... Other than that, behavior is +not supposed to change here. +--- + python/rpmsmodule.c | 28 ++++++++++++++++------------ + rpmsign.c | 13 +++++++------ + sign/rpmgensig.c | 2 +- + sign/rpmsign.h | 3 ++- + 4 files changed, 26 insertions(+), 20 deletions(-) + +diff --git a/python/rpmsmodule.c b/python/rpmsmodule.c +index 0601353b9..72465221d 100644 +--- a/python/rpmsmodule.c ++++ b/python/rpmsmodule.c +@@ -5,32 +5,36 @@ + static char rpms__doc__[] = + ""; + ++static int parseSignArgs(PyObject * args, PyObject *kwds, ++ const char **path, struct rpmSignArgs *sargs) ++{ ++ char * kwlist[] = { "path", "keyid", "hashalgo", NULL }; ++ ++ memset(sargs, 0, sizeof(*sargs)); ++ return PyArg_ParseTupleAndKeywords(args, kwds, "s|si", kwlist, ++ path, &sargs->keyid, &sargs->hashalgo); ++} ++ + static PyObject * addSign(PyObject * self, PyObject * args, PyObject *kwds) + { + const char *path = NULL; +- char * kwlist[] = { "path", "keyid", "hashalgo", NULL }; +- struct rpmSignArgs sig, *sigp = NULL; ++ struct rpmSignArgs sargs; + +- memset(&sig, 0, sizeof(sig)); +- if (!PyArg_ParseTupleAndKeywords(args, kwds, "s|si", kwlist, +- &path, &sig.keyid, &sig.hashalgo)) ++ if (parseSignArgs(args, kwds, &path, &sargs)) + return NULL; + +- if (sig.keyid || sig.hashalgo) +- sigp = &sig; +- +- return PyBool_FromLong(rpmPkgSign(path, sigp) == 0); ++ return PyBool_FromLong(rpmPkgSign(path, &sargs) == 0); + } + + static PyObject * delSign(PyObject * self, PyObject * args, PyObject *kwds) + { + const char *path = NULL; +- char * kwlist[] = { "path", NULL }; ++ struct rpmSignArgs sargs; + +- if (!PyArg_ParseTupleAndKeywords(args, kwds, "s", kwlist, &path)) ++ if (parseSignArgs(args, kwds, &path, &sargs)) + return NULL; + +- return PyBool_FromLong(rpmPkgDelSign(path) == 0); ++ return PyBool_FromLong(rpmPkgDelSign(path, &sargs) == 0); + } + + /* +diff --git a/rpmsign.c b/rpmsign.c +index 3834b505e..0402af556 100644 +--- a/rpmsign.c ++++ b/rpmsign.c +@@ -25,6 +25,8 @@ static int signfiles = 0, fskpass = 0; + static char * fileSigningKey = NULL; + static char * fileSigningKeyPassword = NULL; + ++static struct rpmSignArgs sargs = {NULL, 0, 0}; ++ + static struct poptOption signOptsTable[] = { + { "addsign", '\0', (POPT_ARG_VAL|POPT_ARGFLAG_OR), &mode, MODE_ADDSIGN, + N_("sign package(s)"), NULL }, +@@ -54,11 +56,10 @@ static struct poptOption optionsTable[] = { + }; + + /* TODO: permit overriding macro setup on the command line */ +-static int doSign(poptContext optCon) ++static int doSign(poptContext optCon, struct rpmSignArgs *sargs) + { + int rc = EXIT_FAILURE; + char * name = rpmExpand("%{?_gpg_name}", NULL); +- struct rpmSignArgs sig = {NULL, 0, 0}; + char *key = NULL; + + if (rstreq(name, "")) { +@@ -92,13 +93,13 @@ static int doSign(poptContext optCon) + free(fileSigningKeyPassword); + } + +- sig.signfiles = 1; ++ sargs->signfiles = 1; + } + + const char *arg; + rc = 0; + while ((arg = poptGetArg(optCon)) != NULL) { +- rc += rpmPkgSign(arg, &sig); ++ rc += rpmPkgSign(arg, sargs); + } + + exit: +@@ -133,12 +134,12 @@ int main(int argc, char *argv[]) + switch (mode) { + case MODE_ADDSIGN: + case MODE_RESIGN: +- ec = doSign(optCon); ++ ec = doSign(optCon, &sargs); + break; + case MODE_DELSIGN: + ec = 0; + while ((arg = poptGetArg(optCon)) != NULL) { +- ec += rpmPkgDelSign(arg); ++ ec += rpmPkgDelSign(arg, &sargs); + } + break; + default: +diff --git a/sign/rpmgensig.c b/sign/rpmgensig.c +index 4f5ff7b59..32bcfb3fb 100644 +--- a/sign/rpmgensig.c ++++ b/sign/rpmgensig.c +@@ -863,7 +863,7 @@ int rpmPkgSign(const char *path, const struct rpmSignArgs * args) + return rc; + } + +-int rpmPkgDelSign(const char *path) ++int rpmPkgDelSign(const char *path, const struct rpmSignArgs * args) + { + return rpmSign(path, 1, 0); + } +diff --git a/sign/rpmsign.h b/sign/rpmsign.h +index b41e3caab..bed8d6245 100644 +--- a/sign/rpmsign.h ++++ b/sign/rpmsign.h +@@ -31,9 +31,10 @@ int rpmPkgSign(const char *path, const struct rpmSignArgs * args); + /** \ingroup rpmsign + * Delete signature(s) from a package + * @param path path to package ++ * @param args signing parameters (or NULL for defaults) + * @return 0 on success + */ +-int rpmPkgDelSign(const char *path); ++int rpmPkgDelSign(const char *path, const struct rpmSignArgs * args); + + #ifdef __cplusplus + } +-- +2.11.0 + diff --git a/meta-integrity/recipes-devtools/rpm/rpm/0002-Beat-some-sense-into-rpmsign-cli-parsing.patch b/meta-integrity/recipes-devtools/rpm/rpm/0002-Beat-some-sense-into-rpmsign-cli-parsing.patch new file mode 100644 index 0000000..34f35bc --- /dev/null +++ b/meta-integrity/recipes-devtools/rpm/rpm/0002-Beat-some-sense-into-rpmsign-cli-parsing.patch @@ -0,0 +1,43 @@ +From 8bcfd98c0545eaf98bbc99e56cc2118c995a8fad Mon Sep 17 00:00:00 2001 +From: Panu Matilainen +Date: Thu, 8 Jun 2017 12:39:53 +0300 +Subject: [PATCH] Beat some sense into rpmsign cli parsing + +Separate missing mode and several modes, print usage in the former +and mumble about modes only if more than one actually specified. +--- + rpmsign.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/rpmsign.c b/rpmsign.c +index 0402af556..de6f79384 100644 +--- a/rpmsign.c ++++ b/rpmsign.c +@@ -14,12 +14,13 @@ char ** environ = NULL; + #endif + + enum modes { ++ MODE_NONE = 0, + MODE_ADDSIGN = (1 << 0), + MODE_RESIGN = (1 << 1), + MODE_DELSIGN = (1 << 2), + }; + +-static int mode = 0; ++static int mode = MODE_NONE; + + static int signfiles = 0, fskpass = 0; + static char * fileSigningKey = NULL; +@@ -142,6 +143,9 @@ int main(int argc, char *argv[]) + ec += rpmPkgDelSign(arg, &sargs); + } + break; ++ case MODE_NONE: ++ printUsage(optCon, stderr, 0); ++ break; + default: + argerror(_("only one major mode may be specified")); + break; +-- +2.11.0 + diff --git a/meta-integrity/recipes-devtools/rpm/rpm/0003-Fix-thinko-typo-in-file-signing-error-message.patch b/meta-integrity/recipes-devtools/rpm/rpm/0003-Fix-thinko-typo-in-file-signing-error-message.patch new file mode 100644 index 0000000..5452778 --- /dev/null +++ b/meta-integrity/recipes-devtools/rpm/rpm/0003-Fix-thinko-typo-in-file-signing-error-message.patch @@ -0,0 +1,25 @@ +From 26cae3941f68c96e44d8126fea330ef7f0327913 Mon Sep 17 00:00:00 2001 +From: Panu Matilainen +Date: Thu, 8 Jun 2017 12:42:00 +0300 +Subject: [PATCH] Fix %% -> $$ thinko/typo in file signing error message + +--- + rpmsign.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/rpmsign.c b/rpmsign.c +index de6f79384..66ab8e5eb 100644 +--- a/rpmsign.c ++++ b/rpmsign.c +@@ -75,7 +75,7 @@ static int doSign(poptContext optCon, struct rpmSignArgs *sargs) + if (signfiles) { + key = rpmExpand("%{?_file_signing_key}", NULL); + if (rstreq(key, "")) { +- fprintf(stderr, _("You must set \"$$_file_signing_key\" in your macro file or on the command line with --fskpath\n")); ++ fprintf(stderr, _("You must set \"%%_file_signing_key\" in your macro file or on the command line with --fskpath\n")); + goto exit; + } + +-- +2.11.0 + diff --git a/meta-integrity/recipes-devtools/rpm/rpm/0004-Bury-get_fskpass-inside-rpmsign-utility.patch b/meta-integrity/recipes-devtools/rpm/rpm/0004-Bury-get_fskpass-inside-rpmsign-utility.patch new file mode 100644 index 0000000..6906a39 --- /dev/null +++ b/meta-integrity/recipes-devtools/rpm/rpm/0004-Bury-get_fskpass-inside-rpmsign-utility.patch @@ -0,0 +1,145 @@ +From 5a76125050c2f389cdc1c3017dff5fec4aef7e57 Mon Sep 17 00:00:00 2001 +From: Panu Matilainen +Date: Thu, 8 Jun 2017 16:55:16 +0300 +Subject: [PATCH] Bury get_fskpass() inside rpmsign utility + +librpm is not in the business of providing terminal utility functions, +file signing might well need to ask for passwords but it doesn't +have to be a non-prefixed function in a shared library. The library +provides means to *pass* the password and its up to calling applications +to ask for it if needed. +--- + lib/rpmsignfiles.c | 35 ----------------------------------- + lib/rpmsignfiles.h | 2 -- + rpmsign.c | 37 ++++++++++++++++++++++++++++++++++++- + 3 files changed, 36 insertions(+), 38 deletions(-) + +diff --git a/lib/rpmsignfiles.c b/lib/rpmsignfiles.c +index 87e4e4265..aacb34647 100644 +--- a/lib/rpmsignfiles.c ++++ b/lib/rpmsignfiles.c +@@ -7,8 +7,6 @@ + #include "system.h" + #include "imaevm.h" + +-#include +- + #include /* rpmlog */ + #include /* rnibble */ + #include /* rpmDigestLength */ +@@ -34,39 +32,6 @@ static const char *hash_algo_name[] = { + + #define ARRAY_SIZE(a) (sizeof(a) / sizeof(a[0])) + +-char *get_fskpass(void) +-{ +- struct termios flags, tmp_flags; +- char *password, *pwd; +- int passlen = 64; +- +- password = malloc(passlen); +- if (!password) { +- perror("malloc"); +- return NULL; +- } +- +- tcgetattr(fileno(stdin), &flags); +- tmp_flags = flags; +- tmp_flags.c_lflag &= ~ECHO; +- tmp_flags.c_lflag |= ECHONL; +- +- if (tcsetattr(fileno(stdin), TCSANOW, &tmp_flags) != 0) { +- perror("tcsetattr"); +- return NULL; +- } +- +- printf("PEM password: "); +- pwd = fgets(password, passlen, stdin); +- pwd[strlen(pwd) - 1] = '\0'; /* remove newline */ +- +- if (tcsetattr(fileno(stdin), TCSANOW, &flags) != 0) { +- perror("tcsetattr"); +- return NULL; +- } +- return pwd; +-} +- + static char *signFile(const char *algo, const char *fdigest, int diglen, + const char *key, char *keypass) + { +diff --git a/lib/rpmsignfiles.h b/lib/rpmsignfiles.h +index 52e2482a9..70ed69412 100644 +--- a/lib/rpmsignfiles.h ++++ b/lib/rpmsignfiles.h +@@ -14,8 +14,6 @@ extern "C" { + */ + rpmRC rpmSignFiles(Header h, const char *key, char *keypass); + +-char *get_fskpass(void); /* get file signing key password */ +- + #ifdef _cplusplus + } + #endif +diff --git a/rpmsign.c b/rpmsign.c +index 66ab8e5eb..6cd63d872 100644 +--- a/rpmsign.c ++++ b/rpmsign.c +@@ -1,12 +1,12 @@ + #include "system.h" + #include + #include ++#include + + #include + #include + #include + #include "cliutils.h" +-#include "lib/rpmsignfiles.h" + #include "debug.h" + + #if !defined(__GLIBC__) && !defined(__APPLE__) +@@ -56,6 +56,41 @@ static struct poptOption optionsTable[] = { + POPT_TABLEEND + }; + ++#ifdef WITH_IMAEVM ++static char *get_fskpass(void) ++{ ++ struct termios flags, tmp_flags; ++ char *password, *pwd; ++ int passlen = 64; ++ ++ password = malloc(passlen); ++ if (!password) { ++ perror("malloc"); ++ return NULL; ++ } ++ ++ tcgetattr(fileno(stdin), &flags); ++ tmp_flags = flags; ++ tmp_flags.c_lflag &= ~ECHO; ++ tmp_flags.c_lflag |= ECHONL; ++ ++ if (tcsetattr(fileno(stdin), TCSANOW, &tmp_flags) != 0) { ++ perror("tcsetattr"); ++ return NULL; ++ } ++ ++ printf("PEM password: "); ++ pwd = fgets(password, passlen, stdin); ++ pwd[strlen(pwd) - 1] = '\0'; /* remove newline */ ++ ++ if (tcsetattr(fileno(stdin), TCSANOW, &flags) != 0) { ++ perror("tcsetattr"); ++ return NULL; ++ } ++ return pwd; ++} ++#endif ++ + /* TODO: permit overriding macro setup on the command line */ + static int doSign(poptContext optCon, struct rpmSignArgs *sargs) + { +-- +2.11.0 + diff --git a/meta-integrity/recipes-devtools/rpm/rpm/0005-Dont-advertise-file-signing-features-if-support-not-.patch b/meta-integrity/recipes-devtools/rpm/rpm/0005-Dont-advertise-file-signing-features-if-support-not-.patch new file mode 100644 index 0000000..a3d0e24 --- /dev/null +++ b/meta-integrity/recipes-devtools/rpm/rpm/0005-Dont-advertise-file-signing-features-if-support-not-.patch @@ -0,0 +1,87 @@ +From a77d2d3476919fdbcba9baf0dd44c98db1620360 Mon Sep 17 00:00:00 2001 +From: Panu Matilainen +Date: Thu, 8 Jun 2017 17:36:28 +0300 +Subject: [PATCH] Dont advertise file signing features if support not built in + +ifdef the whole thing out when not enabled, instead of blurting out +obscure error messages. A few to many ifdefs for my taste but +that's a topic for another day... +--- + rpmsign.c | 12 ++++++++---- + 1 file changed, 8 insertions(+), 4 deletions(-) + +diff --git a/rpmsign.c b/rpmsign.c +index 6cd63d872..dce342af0 100644 +--- a/rpmsign.c ++++ b/rpmsign.c +@@ -22,9 +22,11 @@ enum modes { + + static int mode = MODE_NONE; + ++#ifdef WITH_IMAEVM + static int signfiles = 0, fskpass = 0; + static char * fileSigningKey = NULL; + static char * fileSigningKeyPassword = NULL; ++#endif + + static struct rpmSignArgs sargs = {NULL, 0, 0}; + +@@ -35,6 +37,7 @@ static struct poptOption signOptsTable[] = { + N_("sign package(s) (identical to --addsign)"), NULL }, + { "delsign", '\0', (POPT_ARG_VAL|POPT_ARGFLAG_OR), &mode, MODE_DELSIGN, + N_("delete package signatures"), NULL }, ++#ifdef WITH_IMAEVM + { "signfiles", '\0', POPT_ARG_NONE, &signfiles, 0, + N_("sign package(s) files"), NULL}, + { "fskpath", '\0', POPT_ARG_STRING, &fileSigningKey, 0, +@@ -42,6 +45,7 @@ static struct poptOption signOptsTable[] = { + N_("") }, + { "fskpass", '\0', POPT_ARG_NONE, &fskpass, 0, + N_("prompt for file signing key password"), NULL}, ++#endif + POPT_TABLEEND + }; + +@@ -103,6 +107,7 @@ static int doSign(poptContext optCon, struct rpmSignArgs *sargs) + goto exit; + } + ++#ifdef WITH_IMAEVM + if (fileSigningKey) { + rpmPushMacro(NULL, "_file_signing_key", NULL, fileSigningKey, RMIL_GLOBAL); + } +@@ -115,11 +120,7 @@ static int doSign(poptContext optCon, struct rpmSignArgs *sargs) + } + + if (fskpass) { +-#ifndef WITH_IMAEVM +- argerror(_("--fskpass may only be specified when signing files")); +-#else + fileSigningKeyPassword = get_fskpass(); +-#endif + } + + rpmPushMacro(NULL, "_file_signing_key_password", NULL, +@@ -131,6 +132,7 @@ static int doSign(poptContext optCon, struct rpmSignArgs *sargs) + + sargs->signfiles = 1; + } ++#endif + + const char *arg; + rc = 0; +@@ -163,9 +165,11 @@ int main(int argc, char *argv[]) + argerror(_("no arguments given")); + } + ++#ifdef WITH_IMAEVM + if (fileSigningKey && !signfiles) { + argerror(_("--fskpath may only be specified when signing files")); + } ++#endif + + switch (mode) { + case MODE_ADDSIGN: +-- +2.11.0 + diff --git a/meta-integrity/recipes-devtools/rpm/rpm/0006-Remove-bunch-of-redundant-environ-declarations.patch b/meta-integrity/recipes-devtools/rpm/rpm/0006-Remove-bunch-of-redundant-environ-declarations.patch new file mode 100644 index 0000000..8260865 --- /dev/null +++ b/meta-integrity/recipes-devtools/rpm/rpm/0006-Remove-bunch-of-redundant-environ-declarations.patch @@ -0,0 +1,85 @@ +From 8fae14f4dfc655dabd3de11be4d7e9b7c1cb6898 Mon Sep 17 00:00:00 2001 +From: Panu Matilainen +Date: Fri, 9 Jun 2017 11:37:03 +0300 +Subject: [PATCH] Remove bunch of redundant environ declarations + +rpmsign.c used to actually use "environ" to pass to execve(), but +that call moved to librpmsign a long, long time ago. rpmdb.c and +rpmkeys.c never used it at all but guess it was copy-paste inherited +from rpmsign.c back in the day (dfbaa77152ccf98524c4f27afe85d32e6f690522) + +rpmgensig.c actually refers to environ, but this is a POSIX required +variable and while Apple has managed to screw it up, it's handled +in system.h and that must be sufficient for all relevant systems +as we also refer to environ in rpmfileutil.c open_dso() and there's +no fake environ definition there. So drop the one in rpmgensig.c too. +--- + rpmdb.c | 4 ---- + rpmkeys.c | 4 ---- + rpmsign.c | 4 ---- + sign/rpmgensig.c | 4 ---- + 4 files changed, 16 deletions(-) + +diff --git a/rpmdb.c b/rpmdb.c +index 67630d00c..25c088da9 100644 +--- a/rpmdb.c ++++ b/rpmdb.c +@@ -6,10 +6,6 @@ + #include "cliutils.h" + #include "debug.h" + +-#if !defined(__GLIBC__) && !defined(__APPLE__) +-char ** environ = NULL; +-#endif +- + enum modes { + MODE_INITDB = (1 << 0), + MODE_REBUILDDB = (1 << 1), +diff --git a/rpmkeys.c b/rpmkeys.c +index 0ecc65ed1..2b60a729e 100644 +--- a/rpmkeys.c ++++ b/rpmkeys.c +@@ -5,10 +5,6 @@ + #include "cliutils.h" + #include "debug.h" + +-#if !defined(__GLIBC__) && !defined(__APPLE__) +-char ** environ = NULL; +-#endif +- + enum modes { + MODE_CHECKSIG = (1 << 0), + MODE_IMPORTKEY = (1 << 1), +diff --git a/rpmsign.c b/rpmsign.c +index dce342af0..04738c052 100644 +--- a/rpmsign.c ++++ b/rpmsign.c +@@ -9,10 +9,6 @@ + #include "cliutils.h" + #include "debug.h" + +-#if !defined(__GLIBC__) && !defined(__APPLE__) +-char ** environ = NULL; +-#endif +- + enum modes { + MODE_NONE = 0, + MODE_ADDSIGN = (1 << 0), +diff --git a/sign/rpmgensig.c b/sign/rpmgensig.c +index 141ad1530..5c04e9218 100644 +--- a/sign/rpmgensig.c ++++ b/sign/rpmgensig.c +@@ -25,10 +25,6 @@ + + #include "debug.h" + +-#if !defined(__GLIBC__) && !defined(__APPLE__) +-char ** environ = NULL; +-#endif +- + typedef struct sigTarget_s { + FD_t fd; + const char *fileName; +-- +2.11.0 + diff --git a/meta-integrity/recipes-devtools/rpm/rpm/0007-Dont-push-NULL-bodied-macros-in-case-of-get_fskpass-.patch b/meta-integrity/recipes-devtools/rpm/rpm/0007-Dont-push-NULL-bodied-macros-in-case-of-get_fskpass-.patch new file mode 100644 index 0000000..cdfc2a0 --- /dev/null +++ b/meta-integrity/recipes-devtools/rpm/rpm/0007-Dont-push-NULL-bodied-macros-in-case-of-get_fskpass-.patch @@ -0,0 +1,43 @@ +From 5a6acd24a55d31a7c7e68dc4e46149598f1699a4 Mon Sep 17 00:00:00 2001 +From: Panu Matilainen +Date: Fri, 9 Jun 2017 12:33:23 +0300 +Subject: [PATCH] Dont push NULL-bodied macros (in case of get_fskpass() + failure) + +--- + rpmsign.c | 4 ++-- + sign/rpmgensig.c | 2 +- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/rpmsign.c b/rpmsign.c +index 04738c052..578079a4d 100644 +--- a/rpmsign.c ++++ b/rpmsign.c +@@ -119,9 +119,9 @@ static int doSign(poptContext optCon, struct rpmSignArgs *sargs) + fileSigningKeyPassword = get_fskpass(); + } + +- rpmPushMacro(NULL, "_file_signing_key_password", NULL, +- fileSigningKeyPassword, RMIL_CMDLINE); + if (fileSigningKeyPassword) { ++ rpmPushMacro(NULL, "_file_signing_key_password", NULL, ++ fileSigningKeyPassword, RMIL_CMDLINE); + memset(fileSigningKeyPassword, 0, strlen(fileSigningKeyPassword)); + free(fileSigningKeyPassword); + } +diff --git a/sign/rpmgensig.c b/sign/rpmgensig.c +index 5c04e9218..073136364 100644 +--- a/sign/rpmgensig.c ++++ b/sign/rpmgensig.c +@@ -538,7 +538,7 @@ static rpmRC includeFileSignatures(FD_t fd, const char *rpm, + + key = rpmExpand("%{?_file_signing_key}", NULL); + +- keypass = rpmExpand("%{_file_signing_key_password}", NULL); ++ keypass = rpmExpand("%{?_file_signing_key_password}", NULL); + if (rstreq(keypass, "")) { + free(keypass); + keypass = NULL; +-- +2.11.0 + diff --git a/meta-integrity/recipes-devtools/rpm/rpm/0008-Move-key-password-helper-variables-to-local-scope.patch b/meta-integrity/recipes-devtools/rpm/rpm/0008-Move-key-password-helper-variables-to-local-scope.patch new file mode 100644 index 0000000..362e0c1 --- /dev/null +++ b/meta-integrity/recipes-devtools/rpm/rpm/0008-Move-key-password-helper-variables-to-local-scope.patch @@ -0,0 +1,58 @@ +From 46eadbf33d06a0a97be0845afe09873acb44af3c Mon Sep 17 00:00:00 2001 +From: Panu Matilainen +Date: Fri, 9 Jun 2017 12:35:43 +0300 +Subject: [PATCH] Move key/password helper variables to local scope + +--- + rpmsign.c | 7 +++---- + 1 file changed, 3 insertions(+), 4 deletions(-) + +diff --git a/rpmsign.c b/rpmsign.c +index 578079a4d..35c5ee966 100644 +--- a/rpmsign.c ++++ b/rpmsign.c +@@ -21,7 +21,6 @@ static int mode = MODE_NONE; + #ifdef WITH_IMAEVM + static int signfiles = 0, fskpass = 0; + static char * fileSigningKey = NULL; +-static char * fileSigningKeyPassword = NULL; + #endif + + static struct rpmSignArgs sargs = {NULL, 0, 0}; +@@ -96,7 +95,6 @@ static int doSign(poptContext optCon, struct rpmSignArgs *sargs) + { + int rc = EXIT_FAILURE; + char * name = rpmExpand("%{?_gpg_name}", NULL); +- char *key = NULL; + + if (rstreq(name, "")) { + fprintf(stderr, _("You must set \"%%_gpg_name\" in your macro file\n")); +@@ -109,7 +107,8 @@ static int doSign(poptContext optCon, struct rpmSignArgs *sargs) + } + + if (signfiles) { +- key = rpmExpand("%{?_file_signing_key}", NULL); ++ char *fileSigningKeyPassword = NULL; ++ char *key = rpmExpand("%{?_file_signing_key}", NULL); + if (rstreq(key, "")) { + fprintf(stderr, _("You must set \"%%_file_signing_key\" in your macro file or on the command line with --fskpath\n")); + goto exit; +@@ -127,6 +126,7 @@ static int doSign(poptContext optCon, struct rpmSignArgs *sargs) + } + + sargs->signfiles = 1; ++ free(key); + } + #endif + +@@ -137,7 +137,6 @@ static int doSign(poptContext optCon, struct rpmSignArgs *sargs) + } + + exit: +- free(key); + free(name); + return rc; + } +-- +2.11.0 + diff --git a/meta-integrity/recipes-devtools/rpm/rpm/0009-Use-rpm-memory-allocator-so-we-dont-need-to-check-fo.patch b/meta-integrity/recipes-devtools/rpm/rpm/0009-Use-rpm-memory-allocator-so-we-dont-need-to-check-fo.patch new file mode 100644 index 0000000..4937c46 --- /dev/null +++ b/meta-integrity/recipes-devtools/rpm/rpm/0009-Use-rpm-memory-allocator-so-we-dont-need-to-check-fo.patch @@ -0,0 +1,33 @@ +From 542f41a8bdc385ed849170565ac353956a47683a Mon Sep 17 00:00:00 2001 +From: Panu Matilainen +Date: Fri, 9 Jun 2017 12:45:21 +0300 +Subject: [PATCH] Use rpm memory allocator so we dont need to check for return + +--- + rpmsign.c | 9 ++------- + 1 file changed, 2 insertions(+), 7 deletions(-) + +diff --git a/rpmsign.c b/rpmsign.c +index 35c5ee966..a59f2dc1c 100644 +--- a/rpmsign.c ++++ b/rpmsign.c +@@ -59,14 +59,9 @@ static struct poptOption optionsTable[] = { + static char *get_fskpass(void) + { + struct termios flags, tmp_flags; +- char *password, *pwd; + int passlen = 64; +- +- password = malloc(passlen); +- if (!password) { +- perror("malloc"); +- return NULL; +- } ++ char *password = xmalloc(passlen); ++ char *pwd; + + tcgetattr(fileno(stdin), &flags); + tmp_flags = flags; +-- +2.11.0 + diff --git a/meta-integrity/recipes-devtools/rpm/rpm/0010-Fix-a-number-of-problems-in-get_fskpass.patch b/meta-integrity/recipes-devtools/rpm/rpm/0010-Fix-a-number-of-problems-in-get_fskpass.patch new file mode 100644 index 0000000..923de03 --- /dev/null +++ b/meta-integrity/recipes-devtools/rpm/rpm/0010-Fix-a-number-of-problems-in-get_fskpass.patch @@ -0,0 +1,54 @@ +From 46c7bf438e5349676139dba0655faed3b2230827 Mon Sep 17 00:00:00 2001 +From: Panu Matilainen +Date: Fri, 9 Jun 2017 12:52:08 +0300 +Subject: [PATCH] Fix a number of problems in get_fskpass() + +Fix segfault in case of fgets() failure, fix memleak on password +buffer on failure. +--- + rpmsign.c | 14 ++++++++++---- + 1 file changed, 10 insertions(+), 4 deletions(-) + +diff --git a/rpmsign.c b/rpmsign.c +index a59f2dc1c..ae86f666d 100644 +--- a/rpmsign.c ++++ b/rpmsign.c +@@ -61,7 +61,7 @@ static char *get_fskpass(void) + struct termios flags, tmp_flags; + int passlen = 64; + char *password = xmalloc(passlen); +- char *pwd; ++ char *pwd = NULL; + + tcgetattr(fileno(stdin), &flags); + tmp_flags = flags; +@@ -70,17 +70,23 @@ static char *get_fskpass(void) + + if (tcsetattr(fileno(stdin), TCSANOW, &tmp_flags) != 0) { + perror("tcsetattr"); +- return NULL; ++ goto exit; + } + + printf("PEM password: "); + pwd = fgets(password, passlen, stdin); +- pwd[strlen(pwd) - 1] = '\0'; /* remove newline */ + + if (tcsetattr(fileno(stdin), TCSANOW, &flags) != 0) { + perror("tcsetattr"); +- return NULL; ++ pwd = NULL; ++ goto exit; + } ++ ++exit: ++ if (pwd) ++ pwd[strlen(pwd) - 1] = '\0'; /* remove newline */ ++ else ++ free(password); + return pwd; + } + #endif +-- +2.11.0 + diff --git a/meta-integrity/recipes-devtools/rpm/rpm/0011-Bump-file-digests-to-SHA256-by-default-finally.patch b/meta-integrity/recipes-devtools/rpm/rpm/0011-Bump-file-digests-to-SHA256-by-default-finally.patch new file mode 100644 index 0000000..68d54ad --- /dev/null +++ b/meta-integrity/recipes-devtools/rpm/rpm/0011-Bump-file-digests-to-SHA256-by-default-finally.patch @@ -0,0 +1,47 @@ +From 0cd74ade37d16d282d13e781deb68a219b2c04b9 Mon Sep 17 00:00:00 2001 +From: Panu Matilainen +Date: Wed, 8 Mar 2017 14:51:45 +0200 +Subject: [PATCH] Bump file digests to SHA256 by default, finally + +As a part of modernizing the crypto used by rpm, it's way past time +to use a stronger algorithm for the file digests. The jump from MD5 +is not entirely smooth but at least Fedora and RHEL did that ages ago +and survived, others should too. And of course you can always flip +it back to MD5 if you really need to, for eg building packages for +ancient distro versions. + +Signed-off-by: Lans Zhang +--- + macros.in | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/macros.in b/macros.in +index 72d4a51ed..49a3dab04 100644 +--- a/macros.in ++++ b/macros.in +@@ -355,17 +355,17 @@ package or when debugging this package.\ + + # Algorithm to use for generating file checksum digests on build. + # If not specified or 0, MD5 is used. +-# WARNING: non-MD5 is backwards incompatible, don't enable lightly! +-# The supported algorithms may depend on NSS version, as of NSS +-# 3.11.99.5 the following are supported: ++# WARNING: non-MD5 is backwards incompatible with rpm < 4.6! ++# The supported algorithms may depend on the underlying crypto ++# implementation but generally at least the following are supported: + # 1 MD5 (default) + # 2 SHA1 + # 8 SHA256 + # 9 SHA384 + # 10 SHA512 + # +-#%_source_filedigest_algorithm 1 +-#%_binary_filedigest_algorithm 1 ++%_source_filedigest_algorithm 8 ++%_binary_filedigest_algorithm 8 + + # Configurable vendor information, same as Vendor: in a specfile. + # +-- +2.11.0 + diff --git a/meta-integrity/recipes-devtools/rpm/rpm_%.bbappend b/meta-integrity/recipes-devtools/rpm/rpm_%.bbappend new file mode 100644 index 0000000..c88a8d0 --- /dev/null +++ b/meta-integrity/recipes-devtools/rpm/rpm_%.bbappend @@ -0,0 +1,23 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/rpm:" + +SRC_URI += "\ + file://0001-Pass-sign-arguments-to-signature-deletion-too.patch \ + file://0002-Beat-some-sense-into-rpmsign-cli-parsing.patch \ + file://0003-Fix-thinko-typo-in-file-signing-error-message.patch \ + file://0004-Bury-get_fskpass-inside-rpmsign-utility.patch \ + file://0005-Dont-advertise-file-signing-features-if-support-not-.patch \ + file://0006-Remove-bunch-of-redundant-environ-declarations.patch \ + file://0007-Dont-push-NULL-bodied-macros-in-case-of-get_fskpass-.patch \ + file://0008-Move-key-password-helper-variables-to-local-scope.patch \ + file://0009-Use-rpm-memory-allocator-so-we-dont-need-to-check-fo.patch \ + file://0010-Fix-a-number-of-problems-in-get_fskpass.patch \ + file://0011-Bump-file-digests-to-SHA256-by-default-finally.patch \ +" + +PACKAGECONFIG = "${@bb.utils.contains('DISTRO_FEATURES', 'ima', 'imaevm', '', d)}" +PACKAGECONFIG[imaevm] = "--with-imaevm,,ima-evm-utils" + +# IMA signing support is provided by RPM plugin. +EXTRA_OECONF_remove += "\ + --disable-plugins \ +" -- cgit v1.2.3-54-g00ecf