> Exit code sanity come to mind as a related thing.
Does that include exiting with a non-zero status if an I/O error occurs?
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
@DemiMarie requested changes on this pull request.
At a minimum, there needs to be a check for signature type in the code that
verifies package signatures, now that such signatures will no longer be
automatically rejected.
> +return rc;
+}
+
+static int pgpVerifySelf(pgpDigParams key,
I don't think that many things parse output of rpm -q, because it gives a
correct exit code, but maybe I am too optimistic
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
@Conan-Kudo approved this pull request.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1778#pullrequestreview-776065643___
@pmatilai commented on this pull request.
> + (pkt->blen >> 24),
+ (pkt->blen >> 16),
+ (pkt->blen >> 8),
+ (pkt->blen ),
+};
+rpmDigestUpdate(hash, head, 5);
+rpmDigestUpdate(hash, pkt->body, pkt->blen);
+}
+
+static int pgpVerifySelf(pgpDigParams key,
@pmatilai pushed 3 commits.
46c45e9a25fe151e8f7dee055356d398e163fb69 Process MPI's from all kinds of
signatures
26424121e1aee51d7acf25ade18caeb1c976f364 Refactor pgpDigParams construction to
helper function
1dcfa3c00f61594763418da701bea194972f3fac Validate self-signatures and require
subkey
@mlschroe commented on this pull request.
> }
}
- if (pgpPrtPkt(, digp))
+ if (digp->tag == PGPTAG_PUBLIC_KEY && pkt->tag == PGPTAG_SIGNATURE)
+ selfsig = pgpDigParamsNew(pkt->tag);
Maybe it's me ;)
My point is that selfsig will also be set for
@pmatilai commented on this pull request.
> }
}
- if (pgpPrtPkt(, digp))
+ if (digp->tag == PGPTAG_PUBLIC_KEY && pkt->tag == PGPTAG_SIGNATURE)
+ selfsig = pgpDigParamsNew(pkt->tag);
I may be Monday dense here, but I fail to see the problem.
--
You
@pmatilai commented on this pull request.
> + (pkt->blen >> 24),
+ (pkt->blen >> 16),
+ (pkt->blen >> 8),
+ (pkt->blen ),
+};
+rpmDigestUpdate(hash, head, 5);
+rpmDigestUpdate(hash, pkt->body, pkt->blen);
+}
+
+static int pgpVerifySelf(pgpDigParams key,
@mlschroe commented on this pull request.
> + (pkt->blen >> 24),
+ (pkt->blen >> 16),
+ (pkt->blen >> 8),
+ (pkt->blen ),
+};
+rpmDigestUpdate(hash, head, 5);
+rpmDigestUpdate(hash, pkt->body, pkt->blen);
+}
+
+static int pgpVerifySelf(pgpDigParams key,
@mlschroe commented on this pull request.
> }
}
- if (pgpPrtPkt(, digp))
+ if (digp->tag == PGPTAG_PUBLIC_KEY && pkt->tag == PGPTAG_SIGNATURE)
+ selfsig = pgpDigParamsNew(pkt->tag);
Sure, but that's a problem as the signature checking code below is
@pmatilai commented on this pull request.
> + (pkt->blen >> 24),
+ (pkt->blen >> 16),
+ (pkt->blen >> 8),
+ (pkt->blen ),
+};
+rpmDigestUpdate(hash, head, 5);
+rpmDigestUpdate(hash, pkt->body, pkt->blen);
+}
+
+static int pgpVerifySelf(pgpDigParams key,
@pmatilai commented on this pull request.
> if (pkttype == PGPTAG_SIGNATURE)
break;
+
+ if (alloced < i) {
:facepalm:
Thanks for spotting, the '<' is a remnant from a different version where it was
the right thing, but wrong here of course.
--
You are receiving this
@pmatilai commented on this pull request.
> break;
+ if (pkt->tag == PGPTAG_PUBLIC_SUBKEY)
+ expect = PGPTAG_SIGNATURE;
It'd be good to differentiate between verified and non-verified somehow though.
--
You are receiving this because you are subscribed to this
@pmatilai commented on this pull request.
> break;
+ if (pkt->tag == PGPTAG_PUBLIC_SUBKEY)
+ expect = PGPTAG_SIGNATURE;
I considered that, but it'd be against the spec:
> Immediately following each User ID packet, there are zero or more Signature
> packets.
--
@pmatilai commented on this pull request.
> }
}
- if (pgpPrtPkt(, digp))
+ if (digp->tag == PGPTAG_PUBLIC_KEY && pkt->tag == PGPTAG_SIGNATURE)
+ selfsig = pgpDigParamsNew(pkt->tag);
https://datatracker.ietf.org/doc/html/rfc4880#section-11.1 says:
>
NAK, package not being installed is not an error, it's just a state. The actual
problem is that rpm outputs all these "helpful" and "informative" messages to
stdout instead of stderr and changing this is much harder than it should be,
see #962.
--
You are receiving this because you are
Closed #1794.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1794#event-5441119429___
Rpm-maint mailing list
18 matches
Mail list logo
