Projects
openEuler:24.03
rpm
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
Expand all
Collapse all
Changes of Revision 5
View file
_service:tar_scm:rpm.spec
Changed
@@ -1,6 +1,6 @@ Name: rpm Version: 4.18.2 -Release: 3 +Release: 4 Summary: RPM Package Manager License: GPLv2+ URL: http://www.rpm.org/ @@ -322,6 +322,9 @@ %exclude %{_mandir}/man8/rpmspec.8.gz %changelog +* Thu Mar 21 2024 zhangguangzhi<zhangguangzhi3@huawei.com> - 4.18.2-4 +- ima digest list support modsig + * Thu Mar 14 2024 gengqihu<gengqihu2@h-partners.com> - 4.18.2-3 - Backport some patches from upstream
View file
_service:tar_scm:Add-digest-list-plugin.patch
Changed
@@ -4,16 +4,16 @@ Subject: PATCH Add-digest-list-plugin --- - plugins/digest_list.c | 611 ++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 611 insertions(+) + plugins/digest_list.c | 670 ++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 670 insertions(+) create mode 100644 plugins/digest_list.c diff --git a/plugins/digest_list.c b/plugins/digest_list.c new file mode 100644 -index 0000000..151011c +index 0000000..70cae82 --- /dev/null +++ b/plugins/digest_list.c -@@ -0,0 +1,611 @@ +@@ -0,0 +1,670 @@ +/* + * Copyright (C) 2020-2021 Huawei Technologies Duesseldorf GmbH + * @@ -399,10 +399,59 @@ + return ret; +} + ++static int check_append_signature(const char *path) ++{ ++ const char *magic_str="~Module signature appended~"; ++ int magic_len = strlen(magic_str); ++ char bufmagic_len + 1; ++ FILE *fp = NULL; ++ struct stat st; ++ int file_size = 0; ++ int ret = 0; ++ long offset = 0; ++ ++ if (stat(path, &st) == -1) ++ return 0; ++ ++ file_size = st.st_size; ++ ++ /* the character \0xa is append to MAGIC */ ++ offset = magic_len + 1; ++ if (file_size < offset) { ++ rpmlog(RPMLOG_ERR, "digest_list: not have sig, do nothing\n"); ++ return 0; ++ } ++ ++ fp = fopen(path, "rb+"); ++ if (!fp) { ++ rpmlog(RPMLOG_ERR, "digest_list: could not open '%s': %s\n", path, strerror(errno)); ++ return 0; ++ } ++ ++ ret = fseek(fp, (-offset), SEEK_END); ++ if (ret) { ++ rpmlog(RPMLOG_ERR, "digest_list: seek file fail with %s\n", strerror(errno)); ++ fclose(fp); ++ return 0; ++ } ++ ++ ret = fread(buf, 1, magic_len, fp); ++ if (ret == magic_len) { ++ if (strncmp(buf, magic_str, magic_len) == 0) { ++ fclose(fp); ++ return 1; ++ } ++ } ++ ++ fclose(fp); ++ return 0; ++} ++ +static int process_digest_list(rpmte te, int parser, int pre) +{ + char *path = NULL, *path_sig = NULL; + int digest_list_signed = 0; ++ int digest_list_signed_append = 0; + struct stat st; + ssize_t size; + int type = rpmteType(te); @@ -452,6 +501,11 @@ + if (stat(path, &st) == -1) + goto out; + ++ if (!digest_list_signed && check_append_signature(path)) { ++ digest_list_signed = 1; ++ digest_list_signed_append = 1; ++ } ++ + if (!parser && !digest_list_signed) + snprintf(path, PATH_MAX, "%s/0-metadata_list-rpm-%s-%s-%s.%s", + DIGEST_LIST_DEFAULT_PATH, rpmteN(te), rpmteV(te), @@ -484,6 +538,8 @@ + if (!digest_list_signed) { + /* Write RPM header sig to security.ima */ + ret = write_rpm_digest_list_ima_xattr(te, path); ++ } else if (digest_list_signed_append) { ++ ret = RPMRC_OK; + } else { + ret = write_digest_list_ima_xattr(te, path, path_sig); + } @@ -509,6 +565,9 @@ + goto out; + } + ++ if (digest_list_signed_append) ++ goto out; ++ + ret = lremovexattr(path, XATTR_NAME_IMA); + if (ret < 0) + rpmlog(RPMLOG_ERR, "digest_list: cannot remove " @@ -626,5 +685,5 @@ + .fsm_file_post = digest_list_file_post, +}; -- -2.39.1 +2.33.0
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2