[dpkg] 03/03: dpkg: Add partial --verify support for mode checks

Sun, 21 Nov 2021 16:24:20 -0800 

This is an automated email from the git hooks/post-receive script.

guillem pushed a commit to branch main
in repository dpkg.

View the commit online:
https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=f3454ecc7b626cfd47ef6aaf4a8cd4cb29e2a336

commit f3454ecc7b626cfd47ef6aaf4a8cd4cb29e2a336 (HEAD -> main)
Author: Guillem Jover <[email protected]>
AuthorDate: Sat Nov 20 12:13:05 2021 +0100

    dpkg: Add partial --verify support for mode checks
    
    We can infer that a pathname must be a regular file if we know about its
    digest. In that case mark it as a failure if it is any other file type.
---
 man/dpkg.pod | 8 +++++++-
 src/verify.c | 9 +++++++++
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/man/dpkg.pod b/man/dpkg.pod
index 6171b02b5..15560cc41 100644
--- a/man/dpkg.pod
+++ b/man/dpkg.pod
@@ -973,10 +973,16 @@ The following positions and alphanumeric characters are 
currently supported:
 
 =over
 
-=item 1-2 ‘B<?>’
+=item 1 ‘B<?>’
 
 These checks are currently not supported, will always be ‘B<?>’.
 
+=item 2 ‘B<M>’
+
+The file mode check failed (since dpkg 1.21.0).
+This check currently only applies to regular files that have a known digest,
+and on the filesystem are not regular files.
+
 =item 3 ‘B<5>’
 
 The digest check failed, which means the file contents have changed.
diff --git a/src/verify.c b/src/verify.c
index 10482362c..3d3fb54b0 100644
--- a/src/verify.c
+++ b/src/verify.c
@@ -49,6 +49,7 @@ enum verify_result {
 struct verify_checks {
        int exists_errno;
        enum verify_result exists;
+       enum verify_result mode;
        enum verify_result md5sum;
 };
 
@@ -82,6 +83,7 @@ verify_output_rpm(struct fsys_namenode *namenode, struct 
verify_checks *checks)
                if (checks->exists_errno != ENOENT)
                        m_asprintf(&error, " (%s)", 
strerror(checks->exists_errno));
        } else {
+               result[1] = verify_result_rpm(checks->mode, 'M');
                result[2] = verify_result_rpm(checks->md5sum, '5');
        }
 
@@ -157,6 +159,13 @@ verify_file(const char *filename, struct fsys_namenode 
*fnn,
                fnn->newhash = fnn->oldhash;
 
        if (fnn->newhash != NULL) {
+               /* Mode check heuristic: If we know its digest, the pathname
+                * must be a regular file. */
+               if (!S_ISREG(st.st_mode)) {
+                       checks->mode = VERIFY_FAIL;
+                       failures++;
+               }
+
                if (verify_digest(filename, fnn, checks) < 0)
                        failures++;
        }

-- 
Dpkg.Org's dpkg

Reply via email to