Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Exempt src.rpm packages from file signature business #3470

Open
wants to merge 3 commits into
base: master
Choose a base branch
from

Conversation

dmnks
Copy link
Contributor

@dmnks dmnks commented Nov 26, 2024

Don't add file signatures to source packages and if they happen to be present (i.e. built with an older rpm version), ignore them when unpacking (by not running plugins at all for source packages).

AC (taken from original bug):

  • IMA signature don't make any sense on src.rpm files - so Fedora shouldn't be signing them, and rpm shouldn't let them
  • Even if the assertion above fails and you somehow end up with an src.rpm with IMA signatures on it, rpm should not barf up on it

@dmnks dmnks requested a review from a team as a code owner November 26, 2024 12:37
@dmnks dmnks requested review from ffesti and removed request for a team November 26, 2024 12:37
@dmnks dmnks changed the title Excempt src.rpm packages from file signature business Exempt src.rpm packages from file signature business Nov 26, 2024
lib/transaction.cc Outdated Show resolved Hide resolved
sign/rpmgensig.cc Outdated Show resolved Hide resolved
@dmnks
Copy link
Contributor Author

dmnks commented Dec 4, 2024

Should be fixed now, based on the above discussion.

Note that I'm not a huge fan of the additional NULL checks in all the plugin hook functions (first commit in the series), it just makes it more noisy, and we could just initialize an empty rpmPlugins struct with rpmpluginsNew() in fsmPlugins() instead of returning NULL. But then, it's probably safer to have the NULL checks in place.

@dmnks
Copy link
Contributor Author

dmnks commented Dec 4, 2024

Argh, what a strange CI failure, looking now...

@dmnks
Copy link
Contributor Author

dmnks commented Dec 4, 2024

A silly memory leak in my code! Fixing now...

@dmnks
Copy link
Contributor Author

dmnks commented Dec 4, 2024

... aaand fixed.

This shouldn't normally happen but rpmtsPlugins() does return NULL when
the passed transaction (ts) is NULL.  Handle that in the plugin hooks
and other utility functions so that we don't try to dereference a NULL
pointer in such a case.

This is also useful for the next commit where we'll make this into a
deliberate case.
Source packages aren't really "installed", just unpacked, and plugins
are by design meant for transactions, so disable the tsm/fsm/psm and
scriptlet hooks for those.

Note that the init and cleanup hooks will still run, those are supposed
to only do reversible actions such as opening and closing files, and we
wouldn't avoid them if there was a binary package supplied on the rpm -i
command line anyway.

This fixes, in particular, src.rpm installations done by a regular user
(a common case) on systems with a plugin that requires root privileges,
such as the ima plugin, which would otherwise cause a spurious warning
or even failure (see RhBug:2316785).

Extending rpmtsPlugins() here would be nicer but it's public API so just
add a static wrapper.

Reuse the plugin development test, we don't have anything better at the
moment and it does the job well.
File signatures make no sense in source packages as they don't ship
binaries to be installed on the target system, they're just fancy
archives unpacked into %_topdir for packaging purposes.

Disable the respective flags when processing a src.rpm and log a debug
message as a heads-up, but don't skip the rest, header signatures are
still relevant for source rpms, as is the deletion of existing file
signatures.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants