@jessorensen commented on this pull request.
> @@ -166,8 +184,9 @@ int main(int argc, char *argv[])
argerror(_("no arguments given"));
}
-#ifdef WITH_IMAEVM
-if (fileSigningKey && !(sargs.signflags & RPMSIGN_FLAG_IMA)) {
+#if defined(WITH_IMAEVM) || defined(WITH_FSVERITY)
+
@jessorensen commented on this pull request.
> @@ -494,6 +505,36 @@ static rpmRC includeFileSignatures(Header *sigp, Header
> *hdrp)
#endif
}
+static rpmRC includeVeritySignatures(FD_t fd, Header *sigp, Header *hdrp)
+{
+#ifdef WITH_FSVERITY
+rpmRC rc;
+char *key =
@jessorensen commented on this pull request.
> @@ -3,7 +3,8 @@
include $(top_srcdir)/rpm.am
AM_CFLAGS = @RPMCFLAGS@
-AM_CPPFLAGS = -I$(top_builddir) -I$(top_srcdir) -I$(top_builddir)/include/
+AM_CPPFLAGS = -I$(top_builddir) -I$(top_srcdir) -I$(top_builddir)/include/ \
+
@jessorensen commented on this pull request.
> + rpmlog(RPMLOG_DEBUG, "fsverity not supported by file system for
> %s\n",
+ path);
+ break;
+ case EOPNOTSUPP:
+ rpmlog(RPMLOG_DEBUG, "fsverity not enabled on file system for %s\n",
+
@jessorensen commented on this pull request.
> +}
+
+static char *rpmVeritySignFile(rpmfi fi, size_t *sig_size, char *key,
+ char *keypass, char *cert, uint16_t algo,
+ uint32_t block_size)
+{
+struct libfsverity_merkle_tree_params
@jessorensen commented on this pull request.
> + * Copyright (C) 2020 Facebook
+ *
+ * Author: Jes Sorensen
+ */
+
+#include "system.h"
+
+#include /* RPMSIGTAG & related */
+#include /* rpmlog */
+#include
+#include /* rpmDigestLength */
@jessorensen commented on this pull request.
> if (deleting) { /* Nuke all the signature tags. */
deleteSigs(sigh);
+ deleteFileSigs(sigh);
>From my understanding, the package signature covers the file signatures, so we
>cannot remove them without invalidating the package
@jessorensen commented on this pull request.
> @@ -71,6 +71,18 @@ void headerMergeLegacySigs(Header h, Header sigh)
case RPMSIGTAG_FILESIGNATURELENGTH:
td.tag = RPMTAG_FILESIGNATURELENGTH;
break;
+ case RPMSIGTAG_VERITYSIGNATURES:
+ td.tag =
@jessorensen commented on this pull request.
> @@ -396,6 +397,16 @@ static void deleteSigs(Header sigh)
headerDel(sigh, RPMSIGTAG_PGP5);
}
+static void deleteFileSigs(Header sigh)
+{
+headerDel(sigh, RPMSIGTAG_FILESIGNATURELENGTH);
+headerDel(sigh, RPMSIGTAG_FILESIGNATURES);
+
@jessorensen commented on this pull request.
> @@ -116,8 +116,12 @@ struct rpmfiles_s {
int digestalgo;/*!< File digest algorithm */
int signaturelength; /*!< File signature length */
+int veritysiglength; /*!< Verity signature length */
+uint16_t
@jessorensen commented on this pull request.
> +}
+
+rpmlog(RPMLOG_DEBUG, _("key: %s\n"), key);
+rpmlog(RPMLOG_DEBUG, _("cert: %s\n"), cert);
+
+compr = headerGetString(h, RPMTAG_PAYLOADCOMPRESSOR);
+rpmio_flags = rstrscat(NULL, "r.", compr ? compr : "gzip", NULL);
+
+
@jessorensen commented on this pull request.
> @@ -430,6 +438,10 @@ typedef enum rpmSigTag_e {
RPMSIGTAG_SHA256 = RPMTAG_SHA256HEADER,
RPMSIGTAG_FILESIGNATURES = RPMTAG_SIG_BASE + 18,
RPMSIGTAG_FILESIGNATURELENGTH = RPMTAG_SIG_BASE + 19,
+
:fireworks:
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1233#issuecomment-634635458___
Rpm-maint mailing list
Closed #1217 via #1233.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/1217#event-3377935109___
Rpm-maint mailing list
Merged #1233 into master.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1233#event-3377935097___
Rpm-maint mailing list
It should be compatible for legit values of E, V, R. I'm quite positive you can
come up with strange behavior differences if you feed it versions containing
':' or '-' though.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on
Rebased.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1233#issuecomment-634630500___
Rpm-maint mailing list
Just to make sure, this behaviour change of `rpm.vercmp` in lua is
backwards-compatible, right?
I would assume so, as any segment is also a valid EVR, but there might be some
edge case.
Currently we're doing the parsing "by hand" in lua:
Closed #897 via a1d2722c4a88a49008daa58653c9c5ebf9344d63.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
Closed #561 via #1221.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/561#event-3377826209___
Rpm-maint mailing list
Merged #1221 into master.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1221#event-3377826189___
Rpm-maint mailing list
Rebased once more with some tweaks to gain support strings in Python
labelCompare() essentially for free things like `rpm.labelCompare("1:1.0-1",
"2.0-3")` now do the right thing without requiring the painful tuples.
--
You are receiving this because you are subscribed to this thread.
Reply to
@pmatilai pushed 2 commits.
953767bf81eded071976026958a7c4c2c8a4e709 fixup! Add Python bindings for the
new version API
e94232b258e51084254d7d423bd7146f1c546d55 Support EVR strings to Python
labelCompare()
--
You are receiving this because you are subscribed to this thread.
View it on
Another fixup to avoid multiple reallocations in rpmverEVR().
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
@pmatilai pushed 1 commit.
dd852a0bf6db9609c34b83e4b614572b8b27b9fd fixup! Add (beginnings of) a rpm
version API (parsing, comparison)
--
You are receiving this because you are subscribed to this thread.
View it on GitHub:
This doesn't actually add any mallocs that were not there before for the busy
case of rpmds comparisons: previously the strings were strdup()'ed in
rpmdsCompareEVR() before passing to parseEVR(), now this is happens in rpmevr.c
instead. The ver handle is all alloced as a single blob so there's
This looks good (only looking at the last three - parser related - patches).
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
@pmatilai pushed 1 commit.
0aa1b9778ad3f88b9bb959739e331aebece25988 fixup! Add Python bindings for the
new version API
--
You are receiving this because you are subscribed to this thread.
View it on GitHub:
Overall this looks good. I am wondering what all the malloc and free costs us
as we might do a few version comparisons during a transaction. Probably not
enough to actually worry. Converting the EVR of the rpmds object just for
comparison seems kinda weird. I am fine with this as a first step
Removing the nopromote API in Python but keeping it in C seems inconsistent.
Not sure if I really care.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
@pmatilai pushed 1 commit.
a07ba0f0c5445f7189823bb33ac647a42434d46b Add Python bindings for the new
version API
--
You are receiving this because you are subscribed to this thread.
View it on GitHub:
And are you planning to include the relevant scripts from these different repos
into the releases of rpm?
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
Thank you too, @pmatilai!
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1242#issuecomment-634522612___
Rpm-maint mailing list
@pmatilai hopefully should be fixed and rebased.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1235#issuecomment-634501079___
Rebase to clear fixups.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1221#issuecomment-634485072___
Rpm-maint mailing list
@pmatilai requested changes on this pull request.
Various things to address, to a large part due to unfortunate use of file
signing as the example, and hopefully significant simplification is possible,
but overall I think we're on the manageable side.
--
You are receiving this because you
@pmatilai commented on this pull request.
> @@ -494,6 +505,36 @@ static rpmRC includeFileSignatures(Header *sigp, Header
> *hdrp)
#endif
}
+static rpmRC includeVeritySignatures(FD_t fd, Header *sigp, Header *hdrp)
+{
+#ifdef WITH_FSVERITY
+rpmRC rc;
+char *key =
@pmatilai commented on this pull request.
> @@ -166,8 +184,9 @@ int main(int argc, char *argv[])
argerror(_("no arguments given"));
}
-#ifdef WITH_IMAEVM
-if (fileSigningKey && !(sargs.signflags & RPMSIGN_FLAG_IMA)) {
+#if defined(WITH_IMAEVM) || defined(WITH_FSVERITY)
+
@pmatilai commented on this pull request.
> @@ -3,7 +3,8 @@
include $(top_srcdir)/rpm.am
AM_CFLAGS = @RPMCFLAGS@
-AM_CPPFLAGS = -I$(top_builddir) -I$(top_srcdir) -I$(top_builddir)/include/
+AM_CPPFLAGS = -I$(top_builddir) -I$(top_srcdir) -I$(top_builddir)/include/ \
+ -I$(includedir)
@pmatilai commented on this pull request.
> + rpmlog(RPMLOG_DEBUG, "fsverity not supported by file system for
> %s\n",
+ path);
+ break;
+ case EOPNOTSUPP:
+ rpmlog(RPMLOG_DEBUG, "fsverity not enabled on file system for %s\n",
+
40 matches
Mail list logo