rpm-ostree/0002-Remove-redundant-and-obsolete-cruft-in-dnf_keyring_c.patch

97 lines
3.0 KiB
Diff
Raw Normal View History

From 4572ee7ff49d5ced4c53c5d789571adbdbd119bb Mon Sep 17 00:00:00 2001
From: Panu Matilainen <pmatilai@redhat.com>
Date: Wed, 10 May 2023 10:34:22 +0300
Subject: [PATCH 2/3] Remove redundant and obsolete cruft in
dnf_keyring_check_untrusted_file()
These APIs have been obsolete for years and now removed in rpm 4.19.
This was always a rather strange way to go at verifying a package,
but now also wholly redundant because the signature are already verified
by rpmcliVerifySignatures().
---
libdnf/dnf-keyring.cpp | 53 ------------------------------------------
1 file changed, 53 deletions(-)
diff --git a/libdnf/dnf-keyring.cpp b/libdnf/dnf-keyring.cpp
index a8fdb993..5f6c7d7f 100644
--- a/libdnf/libdnf/dnf-keyring.cpp
+++ b/libdnf/libdnf/dnf-keyring.cpp
@@ -238,9 +238,7 @@ dnf_keyring_check_untrusted_file(rpmKeyring keyring,
FD_t fd = NULL;
gboolean ret = FALSE;
Header hdr = NULL;
- pgpDig dig = NULL;
rpmRC rc;
- rpmtd td = NULL;
rpmts ts = NULL;
char *path = g_strdup(filename);
@@ -302,51 +300,6 @@ dnf_keyring_check_untrusted_file(rpmKeyring keyring,
goto out;
}
- /* convert and upscale */
- headerConvert(hdr, HEADERCONV_RETROFIT_V3);
-
- /* get RSA key */
- td = rpmtdNew();
- rc = static_cast<rpmRC>(headerGet(hdr, RPMTAG_RSAHEADER, td, HEADERGET_MINMEM));
- if (rc != RPMRC_NOTFOUND) {
- /* try to read DSA key as a fallback */
- rc = static_cast<rpmRC>(headerGet(hdr, RPMTAG_DSAHEADER, td, HEADERGET_MINMEM));
- }
-
- /* the package has no signing key */
- if (rc != RPMRC_NOTFOUND) {
- g_autofree char *package_filename = g_path_get_basename(filename);
- ret = FALSE;
- g_set_error(error,
- DNF_ERROR,
- DNF_ERROR_GPG_SIGNATURE_INVALID,
- "package not signed: %s", package_filename);
- goto out;
- }
-
- /* make it into a digest */
- dig = pgpNewDig();
- rc = static_cast<rpmRC>(pgpPrtPkts(static_cast<const uint8_t *>(td->data), td->count, dig, 0));
- if (rc != RPMRC_OK) {
- g_set_error(error,
- DNF_ERROR,
- DNF_ERROR_FILE_INVALID,
- "failed to parse digest header for %s",
- filename);
- goto out;
- }
-
- /* does the key exist in the keyring */
- rc = rpmKeyringLookup(keyring, dig);
- if (rc != RPMRC_OK) {
- g_set_error(error,
- DNF_ERROR,
- DNF_ERROR_GPG_SIGNATURE_INVALID,
- "failed to lookup digest in keyring for %s",
- filename);
- goto out;
- }
-
/* the package is signed by a key we trust */
g_debug("%s has been verified as trusted", filename);
ret = TRUE;
@@ -355,12 +308,6 @@ out:
if (path != NULL)
g_free(path);
- if (dig != NULL)
- pgpFreeDig(dig);
- if (td != NULL) {
- rpmtdFreeData(td);
- rpmtdFree(td);
- }
if (ts != NULL)
rpmtsFree(ts);
if (hdr != NULL)
--
2.41.0.rc1