From be950eabb84a88e5773e096435c37b92e3d47ebb Mon Sep 17 00:00:00 2001 From: Panu Matilainen Date: Wed, 22 Feb 2023 12:01:59 +0200 Subject: [PATCH] Fix signature reserved space not restored on --delsign (#2382) Fixes a regression from commit 5c279fb149a44a1bc4d19e11c3c01942732b8486 simplifying this a bit too much, and failing to restore the reclaimed reserved signature space on after --delsign. Add a test-case to ensure --addsign + --delsign returns the package to its original state bit-by-bit. Fixes: #2382 --- sign/rpmgensig.c | 14 ++++++++++---- tests/rpmsigdig.at | 19 +++++++++++++++++++ 2 files changed, 29 insertions(+), 4 deletions(-) diff --git a/sign/rpmgensig.c b/sign/rpmgensig.c index da8cf95ad5..ec25c39b57 100644 --- a/sign/rpmgensig.c +++ b/sign/rpmgensig.c @@ -639,14 +639,20 @@ static int rpmSign(const char *rpm, int deleting, int flags) res = -1; } - /* Try to make new signature smaller to have size of original signature */ + /* Adjust reserved size for added/removed signatures */ if (headerGet(sigh, RPMSIGTAG_RESERVEDSPACE, &utd, HEADERGET_MINMEM)) { int diff = headerSizeof(sigh, HEADER_MAGIC_YES) - origSigSize; - if (diff > 0 && diff < utd.count) { + /* diff can be zero if nothing was added or removed */ + if (diff) { utd.count -= diff; - headerMod(sigh, &utd); - insSig = 1; + if (utd.count > 0 && utd.count < origSigSize) { + char *zeros = xcalloc(utd.count, sizeof(*zeros)); + utd.data = zeros; + headerMod(sigh, &utd); + insSig = 1; + free(zeros); + } } } diff --git a/tests/rpmsigdig.at b/tests/rpmsigdig.at index 2d4bcd23da..9853bdbca7 100644 --- a/tests/rpmsigdig.at +++ b/tests/rpmsigdig.at @@ -982,6 +982,25 @@ POST-DELSIGN ], []) +# test --delsign restores the old package bit-per-bit +AT_CHECK([ +RPMDB_INIT + +ORIG="${RPMTEST}/data/RPMS/hello-2.0-1.x86_64.rpm" +NEW="${RPMTEST}/tmp/hello-2.0-1.x86_64.rpm" + +cp ${ORIG} "${RPMTEST}"/tmp/ +run rpmsign --key-id 1964C5FC --addsign ${NEW} > /dev/null +cmp -s ${ORIG} ${NEW}; echo $? +run rpmsign --delsign ${NEW} > /dev/null +cmp -s ${ORIG} ${NEW}; echo $? +], +[ignore], +[1 +0 +], +[]) + # rpmsign --addsign AT_CHECK([ RPMDB_INIT