rpm  5.4.15
verify.c
Go to the documentation of this file.
1 
6 #include "system.h"
7 
8 #include <rpmiotypes.h>
9 #include <rpmio.h>
10 #include <rpmcb.h>
11 #include "ugid.h"
12 
13 #include <rpmtypes.h>
14 #include <rpmtag.h>
15 #include <pkgio.h>
16 
17 #define _RPMFI_INTERNAL
18 #include <rpmfi.h>
19 
20 #define _RPMSQ_INTERNAL
21 #include "psm.h"
22 
23 #include "legacy.h" /* XXX dodigest(), uidToUname(), gnameToGid */
24 
25 #define _RPMPS_INTERNAL /* XXX rpmps needs iterator. */
26 #define _RPMTS_INTERNAL /* XXX expose rpmtsSetScriptFd */
27 #include <rpmcli.h>
28 
29 #include "debug.h"
30 
31 /*@access rpmts @*/ /* XXX cast */
32 /*@access rpmpsm @*/ /* XXX for %verifyscript through rpmpsmStage() */
33 
34 #define S_ISDEV(m) (S_ISBLK((m)) || S_ISCHR((m)))
35 
36 /*@unchecked@*/
38 
39 typedef struct rpmvf_s * rpmvf;
40 struct rpmvf_s {
41  struct rpmioItem_s _item;
42  const char * fn;
43  const char * flink;
44  struct stat sb;
48  int dalgo;
49  size_t dlen;
50  const unsigned char * digest;
51  const char * fuser;
52  const char * fgroup;
53 #if defined(__LCLINT__NOTYET)
54 /*@refs@*/
55  int nrefs;
56 #endif
57 };
58 
59 #ifdef __cplusplus
60 
61 #define FF_ISSET(_fflags, _FLAG) ((_fflags) & (RPMFILE_##_FLAG))
62 
63 #define VF_ISSET(_vflags, _FLAG) ((_vflags) & (RPMVERIFY_##_FLAG))
64 #define VF_SET(_vflags, _FLAG) \
65  (*((unsigned *)&(_vflags)) |= (RPMVERIFY_##_FLAG))
66 #define VF_CLR(_vflags, _FLAG) \
67  (*((unsigned *)&(_vflags)) &= ~(RPMVERIFY_##_FLAG))
68 
69 #define QVA_ISSET(_qvaflags, _FLAG) ((_qvaflags) & (VERIFY_##_FLAG))
70 
71 #define VSF_ISSET(_vsflags, _FLAG) ((_vsflags) & (RPMVSF_##_FLAG))
72 #define VSF_SET(_vsflags, _FLAG) \
73  (*((unsigned *)&(_vsflags)) |= (RPMVSF_##_FLAG))
74 #define VSF_CLR(_vsflags, _FLAG) \
75  (*((unsigned *)&(_vsflags)) &= ~(RPMVSF_##_FLAG))
76 
77 GENfree(rpmvf)
78 
79 #else /* __cplusplus */
80 
81 #define FF_ISSET(_fflags, _FLAG) ((_fflags) & (RPMFILE_##_FLAG))
82 
83 #define VF_ISSET(_vflags, _FLAG) ((_vflags) & (RPMVERIFY_##_FLAG))
84 #define VF_SET(_vflags, _FLAG) (_vflags) |= (RPMVERIFY_##_FLAG)
85 #define VF_CLR(_vflags, _FLAG) (_vflags) &= ~(RPMVERIFY_##_FLAG)
86 
87 #define QVA_ISSET(_qvaflags, _FLAG) ((_qvaflags) & (VERIFY_##_FLAG))
88 
89 #define VSF_ISSET(_vsflags, _FLAG) ((_vsflags) & (RPMVSF_##_FLAG))
90 #define VSF_SET(_vsflags, _FLAG) (_vsflags) |= (RPMVSF_##_FLAG)
91 #define VSF_CLR(_vsflags, _FLAG) (_vsflags) &= ~(RPMVSF_##_FLAG)
92 
93 #endif /* __cplusplus */
94 
95 static rpmvf rpmvfFree(/*@only@*/ rpmvf vf)
96  /*@modifies vf @*/
97 {
98 
99  if (vf) {
100 #ifdef NOTYET
101  yarnPossess(vf->_item.use);
102  if (yarnPeekLock(vf->_item.use) <= 1L) {
103  yarnLock use = vf->_item.use;
104  vf->fn = _free(vf->fn);
105  vf = _free(vf);
106  yarnTwist(use, TO, 0);
107  use = yarnFreeLock(use);
108  } else
109  yarnTwist(vf->_item.use, BY, -1);
110 #else
111  vf->fn = _free(vf->fn);
112  vf = _free(vf);
113 #endif
114  }
115  return NULL;
116 }
117 
118 /*@only@*/
119 static rpmvf rpmvfNew(rpmts ts, rpmfi fi, int i, rpmVerifyAttrs omitMask)
120  /*@*/
121 {
122  rpmvf vf = (rpmvf) DRD_xcalloc(1, sizeof(*vf));
123 
124 #ifdef NOTYET
125  vf->_item.use = yarnNewLock(1);
126  vf->_item.pool = NULL;
127 #endif
128 
129 /*@-mods@*/
130  vf->fn = rpmGetPath(rpmtsRootDir(ts), fi->dnl[fi->dil[i]], fi->bnl[i], NULL);
131 /*@=mods@*/
132  vf->flink = fi->flinks[i];
133  vf->fuser = fi->fuser[i];
134  vf->fgroup = fi->fgroup[i];
135 
136  { struct stat *st = &vf->sb;
137  st->st_dev =
138  st->st_rdev = fi->frdevs[i];
139  st->st_ino = fi->finodes[i];
140  st->st_mode = fi->fmodes[i];
141 #ifdef NOTNEEDED
142  st->st_nlink = rpmfiFNlink(fi) + (int)S_ISDIR(st->st_mode);
143 #endif
144  if (unameToUid(vf->fuser, &st->st_uid) == -1)
145  st->st_uid = 0; /* XXX */
146  if (gnameToGid(vf->fgroup, &st->st_gid) == -1)
147  st->st_gid = 0; /* XXX */
148  st->st_size = fi->fsizes[i];
149  st->st_blksize = 4 * 1024; /* XXX */
150  st->st_blocks = (st->st_size + (st->st_blksize - 1)) / st->st_blksize;
151  st->st_atime =
152  st->st_ctime =
153  st->st_mtime = fi->fmtimes[i];
154  }
155 
156  vf->fflags = (rpmfileAttrs) fi->fflags[i];
157  vf->fstate = (rpmfileState) fi->fstates[i];
158  vf->vflags = (rpmVerifyAttrs) fi->vflags[i];
159  vf->dalgo = fi->fdigestalgos
160  ? fi->fdigestalgos[i]
161  : fi->digestalgo;
162  vf->dlen = fi->digestlen;
163  vf->digest = fi->digests + (fi->digestlen * i);
164 
165  /* Don't verify any features in omitMask. */
166  { unsigned * _vflagsp = (unsigned *)&vf->vflags;
167  *_vflagsp &= ~(omitMask | RPMVERIFY_FAILURES);
168  }
169 
170  /* Content checks of %ghost files are meaningless. */
171  if (FF_ISSET(vf->fflags, GHOST)) {
172  VF_CLR(vf->vflags, FDIGEST);
173  VF_CLR(vf->vflags, FILESIZE);
174  VF_CLR(vf->vflags, MTIME);
175  VF_CLR(vf->vflags, LINKTO);
176  VF_CLR(vf->vflags, HMAC);
177  }
178 
179  return vf;
180 }
181 
188 static int rpmvfVerify(rpmvf vf, int spew)
189  /*@globals h_errno, fileSystem, internalState @*/
190  /*@modifies vf, fileSystem, internalState @*/
191 {
193  struct stat sb;
194  int ec = 0;
195 
196  /* Check to see if the file was installed - if not pretend all is OK. */
197  switch (vf->fstate) {
198  default:
203  goto exit;
204  /*@notreached@*/ break;
206  break;
207  }
208 
209 assert(vf->fn != NULL);
210  if (vf->fn == NULL || Lstat(vf->fn, &sb) != 0) {
211  VF_SET(res, LSTATFAIL);
212  ec = 1;
213  goto exit;
214  }
215 
216  /* Not all attributes of non-regular files can be verified. */
217  if (S_ISDIR(sb.st_mode)) {
218  VF_CLR(vf->vflags, FDIGEST);
219  VF_CLR(vf->vflags, FILESIZE);
220  VF_CLR(vf->vflags, MTIME);
221  VF_CLR(vf->vflags, LINKTO);
222  VF_CLR(vf->vflags, HMAC);
223  } else if (S_ISLNK(sb.st_mode)) {
224  VF_CLR(vf->vflags, FDIGEST);
225  VF_CLR(vf->vflags, FILESIZE);
226  VF_CLR(vf->vflags, MTIME);
227  VF_CLR(vf->vflags, MODE);
228  VF_CLR(vf->vflags, HMAC);
229 #if CHOWN_FOLLOWS_SYMLINK
230  VF_CLR(vf->vflags, USER);
231  VF_CLR(vf->vflags, GROUP);
232 #endif
233  }
234  else if (S_ISFIFO(sb.st_mode)) {
235  VF_CLR(vf->vflags, FDIGEST);
236  VF_CLR(vf->vflags, FILESIZE);
237  VF_CLR(vf->vflags, MTIME);
238  VF_CLR(vf->vflags, LINKTO);
239  VF_CLR(vf->vflags, HMAC);
240  } else if (S_ISCHR(sb.st_mode)) {
241  VF_CLR(vf->vflags, FDIGEST);
242  VF_CLR(vf->vflags, FILESIZE);
243  VF_CLR(vf->vflags, MTIME);
244  VF_CLR(vf->vflags, LINKTO);
245  VF_CLR(vf->vflags, HMAC);
246  } else if (S_ISBLK(sb.st_mode)) {
247  VF_CLR(vf->vflags, FDIGEST);
248  VF_CLR(vf->vflags, FILESIZE);
249  VF_CLR(vf->vflags, MTIME);
250  VF_CLR(vf->vflags, LINKTO);
251  VF_CLR(vf->vflags, HMAC);
252  } else {
253  VF_CLR(vf->vflags, LINKTO);
254  }
255 
256  if (VF_ISSET(vf->vflags, FDIGEST) || VF_ISSET(vf->vflags, HMAC)) {
257  if (vf->digest == NULL || vf->dlen == 0)
258  VF_SET(res, FDIGEST);
259  else {
260  /* XXX If --nofdigest, then prelinked library sizes fail to verify. */
261  unsigned char * fdigest = (unsigned char *)
262  memset(alloca(vf->dlen), 0, vf->dlen);
263  size_t fsize = 0;
264 #if defined(RPM_VENDOR_PLD)
265 /*
266  * Disable hmac during digest calculation, since rpm package files contain plain md5sums,
267  * hmac support is useless, see:
268  * http://lists.pld-linux.org/mailman/pipermail/pld-devel-en/2012-October/023193.html
269  */
270  int rc = dodigest(vf->dalgo, vf->fn, fdigest, 0, &fsize);
271 #else
272 #define _mask (RPMVERIFY_FDIGEST|RPMVERIFY_HMAC)
273  unsigned dflags = (vf->vflags & _mask) == RPMVERIFY_HMAC
274  ? 0x2 : 0x0;
275 #undef _mask
276  int rc = dodigest(vf->dalgo, vf->fn, fdigest, dflags, &fsize);
277 #endif
278  sb.st_size = fsize;
279  if (rc) {
280  VF_SET(res, READFAIL);
281  VF_SET(res, FDIGEST);
282  } else
283  if (memcmp(fdigest, vf->digest, vf->dlen))
284  VF_SET(res, FDIGEST);
285  }
286  }
287 
288  if (VF_ISSET(vf->vflags, LINKTO)) {
289  char linkto[1024+1];
290  int size = 0;
291 
292  if ((size = Readlink(vf->fn, linkto, sizeof(linkto)-1)) == -1) {
293  VF_SET(res, READLINKFAIL);
294  VF_SET(res, LINKTO);
295  } else {
296  linkto[size] = '\0';
297  if (vf->flink == NULL || strcmp(linkto, vf->flink))
298  VF_SET(res, LINKTO);
299  }
300  }
301 
302  if (VF_ISSET(vf->vflags, FILESIZE)) {
303  if (sb.st_size != vf->sb.st_size)
304  VF_SET(res, FILESIZE);
305  }
306 
307  if (VF_ISSET(vf->vflags, MODE)) {
308  /* XXX AIX has sizeof(mode_t) > sizeof(unsigned short) */
309  unsigned short metamode = (unsigned short)vf->sb.st_mode;
310  unsigned short filemode = (unsigned short)sb.st_mode;
311 
312  /* Comparing type of %ghost files is meaningless, but perms are OK. */
313  if (FF_ISSET(vf->fflags, GHOST)) {
314  metamode &= ~0xf000;
315  filemode &= ~0xf000;
316  }
317  if (metamode != filemode)
318  VF_SET(res, MODE);
319  }
320 
321  if (VF_ISSET(vf->vflags, RDEV)) {
322  if (S_ISCHR(vf->sb.st_mode) != S_ISCHR(sb.st_mode)
323  || S_ISBLK(vf->sb.st_mode) != S_ISBLK(sb.st_mode))
324  VF_SET(res, RDEV);
325  else if (S_ISDEV(vf->sb.st_mode) && S_ISDEV(sb.st_mode)) {
326  rpmuint16_t st_rdev = (rpmuint16_t)(sb.st_rdev & 0xffff);
327  rpmuint16_t frdev = (rpmuint16_t)(vf->sb.st_rdev & 0xffff);
328  if (st_rdev != frdev)
329  VF_SET(res, RDEV);
330  }
331  }
332 
333  if (VF_ISSET(vf->vflags, MTIME)) {
334  if (sb.st_mtime != vf->sb.st_mtime)
335  VF_SET(res, MTIME);
336  }
337 
338  if (VF_ISSET(vf->vflags, USER)) {
339  const char * fuser = uidToUname(sb.st_uid);
340  if (fuser == NULL || vf->fuser == NULL || strcmp(fuser, vf->fuser))
341  VF_SET(res, USER);
342  }
343 
344  if (VF_ISSET(vf->vflags, GROUP)) {
345  const char * fgroup = gidToGname(sb.st_gid);
346  if (fgroup == NULL || vf->fgroup == NULL || strcmp(fgroup, vf->fgroup))
347  VF_SET(res, GROUP);
348  }
349 
350 exit:
351 
352  if (spew) { /* XXX no output w verify(...) probe. */
353  char buf[BUFSIZ];
354  char * t = buf;
355  char * te = t;
356  *te = '\0';
357  if (ec) {
358  if (!(FF_ISSET(vf->fflags, MISSINGOK) ||FF_ISSET(vf->fflags, GHOST))
359  || rpmIsVerbose())
360  {
361  sprintf(te, _("missing %c %s"),
362  (FF_ISSET(vf->fflags, CONFIG) ? 'c' :
363  FF_ISSET(vf->fflags, DOC) ? 'd' :
364  FF_ISSET(vf->fflags, GHOST) ? 'g' :
365  FF_ISSET(vf->fflags, LICENSE) ? 'l' :
366  FF_ISSET(vf->fflags, PUBKEY) ? 'P' :
367  FF_ISSET(vf->fflags, README) ? 'r' : ' '),
368  vf->fn);
369  if (VF_ISSET(res, LSTATFAIL) && errno != ENOENT) {
370  te += strlen(te);
371  sprintf(te, " (%s)", strerror(errno));
372  }
373  }
374  } else if (res || rpmIsVerbose()) {
375  /*@observer@*/ static const char aok[] = ".";
376  /*@observer@*/ static const char unknown[] = "?";
377 
378 #define _verify(_FLAG, _C) \
379  (VF_ISSET(res, _FLAG) ? _C : aok)
380 #define _verifylink(_FLAG, _C) \
381  (VF_ISSET(res, READLINKFAIL) ? unknown : \
382  VF_ISSET(res, _FLAG) ? _C : aok)
383 #define _verifyfile(_FLAG, _C) \
384  (VF_ISSET(res, READFAIL) ? unknown : \
385  VF_ISSET(res, _FLAG) ? _C : aok)
386 
387  const char * digest = _verifyfile(FDIGEST, "5");
388  const char * size = _verify(FILESIZE, "S");
389  const char * link = _verifylink(LINKTO, "L");
390  const char * mtime = _verify(MTIME, "T");
391  const char * rdev = _verify(RDEV, "D");
392  const char * user = _verify(USER, "U");
393  const char * group = _verify(GROUP, "G");
394  const char * mode = _verify(MODE, "M");
395 
396 #undef _verifyfile
397 #undef _verifylink
398 #undef _verify
399 
400  sprintf(te, "%s%s%s%s%s%s%s%s %c %s",
401  size, mode, digest, rdev, link, user, group, mtime,
402  (FF_ISSET(vf->fflags, CONFIG) ? 'c' :
403  FF_ISSET(vf->fflags, DOC) ? 'd' :
404  FF_ISSET(vf->fflags, GHOST) ? 'g' :
405  FF_ISSET(vf->fflags, LICENSE) ? 'l' :
406  FF_ISSET(vf->fflags, PUBKEY) ? 'P' :
407  FF_ISSET(vf->fflags, README) ? 'r' : ' '),
408  vf->fn);
409 
410  }
411 
412  if (t && *t)
413  rpmlog(RPMLOG_NOTICE, "%s\n", t);
414 
415  }
416 
417  return (res != 0);
418 }
419 
429 static int rpmVerifyScript(/*@unused@*/ QVA_t qva, rpmts ts,
430  rpmfi fi, /*@null@*/ FD_t scriptFd)
431  /*@globals rpmGlobalMacroContext, h_errno, fileSystem, internalState @*/
432  /*@modifies ts, fi, scriptFd, rpmGlobalMacroContext,
433  fileSystem, internalState @*/
434 {
435  rpmpsm psm;
436  rpmRC rc;
437  int ec = 0;
438 
439  if (scriptFd != NULL)
440  rpmtsSetScriptFd(ts, scriptFd);
441 
442  psm = rpmpsmNew(ts, NULL, fi);
443 
445  if (rc != RPMRC_OK)
446  ec = 1;
447 
449  if (rc != RPMRC_OK)
450  ec = 1;
451 
452  psm = rpmpsmFree(psm, __FUNCTION__);
453 
454  if (scriptFd != NULL)
455  rpmtsSetScriptFd(ts, NULL);
456 
457  return ec;
458 }
459 
467 static int verifyDependencies(/*@unused@*/ QVA_t qva, rpmts ts,
468  Header h)
469  /*@globals rpmGlobalMacroContext, h_errno, fileSystem, internalState @*/
470  /*@modifies ts, h, rpmGlobalMacroContext, fileSystem, internalState @*/
471 {
472 #ifdef NOTYET
473  uint32_t hdrNum = headerGetInstance(h);
474 #endif
475  rpmps ps;
476  int rc = 0; /* assume no problems */
477  int xx;
478 
479  rpmtsEmpty(ts);
480 
481 #ifdef NOTYET
482  if (hdrNum > 0)
483  (void) rpmtsAddEraseElement(ts, h, hdrNum);
484  else
485 #endif
486  (void) rpmtsAddInstallElement(ts, h, headerGetOrigin(h), 0, NULL);
487 
488  xx = rpmtsCheck(ts);
489  ps = rpmtsProblems(ts);
490 
491  if (rpmpsNumProblems(ps) > 0) {
492  const char * altNEVR;
493  const char * pkgNEVR = NULL;
494  rpmpsi psi;
495  rpmProblem prob;
496  char * t, * te;
497  int nb = 512;
498 
499  psi = rpmpsInitIterator(ps);
500  while (rpmpsNextIterator(psi) >= 0) {
501  prob = rpmpsProblem(psi);
502  if (pkgNEVR == NULL)
503  pkgNEVR = rpmProblemGetPkgNEVR(prob);
504 
505  altNEVR = rpmProblemGetAltNEVR(prob);
506 assert(altNEVR != NULL);
507  if (altNEVR[0] == 'R' && altNEVR[1] == ' ')
508  nb += sizeof("\tRequires: ")-1;
509  if (altNEVR[0] == 'C' && altNEVR[1] == ' ')
510  nb += sizeof("\tConflicts: ")-1;
511  nb += strlen(altNEVR+2) + sizeof("\n") - 1;
512 
513  }
514  psi = rpmpsFreeIterator(psi);
515 
516  te = t = (char *) alloca(nb);
517  *te = '\0';
518  sprintf(te, _("Unsatisfied dependencies for %s:\n"), pkgNEVR);
519  te += strlen(te);
520 
521  psi = rpmpsInitIterator(ps);
522  while (rpmpsNextIterator(psi) >= 0) {
523  prob = rpmpsProblem(psi);
524 
525  if ((altNEVR = rpmProblemGetAltNEVR(prob)) == NULL)
526  altNEVR = "? ?altNEVR?";
527  if (altNEVR[0] == 'R' && altNEVR[1] == ' ')
528  te = stpcpy(te, "\tRequires: ");
529  if (altNEVR[0] == 'C' && altNEVR[1] == ' ')
530  te = stpcpy(te, "\tConflicts: ");
531  te = stpcpy( stpcpy(te, altNEVR+2), "\n");
532 
533  rc++;
534  }
535  psi = rpmpsFreeIterator(psi);
536 
537  if (te > t) {
538  *te++ = '\n';
539  *te = '\0';
540  rpmlog(RPMLOG_NOTICE, "%s", t);
541  te = t;
542  *t = '\0';
543  }
544  }
545 
546  ps = rpmpsFree(ps);
547 
548  rpmtsEmpty(ts);
549 
550  return rc;
551 }
552 
554 {
555  static int scareMem = 0;
556  rpmVerifyAttrs omitMask = (rpmVerifyAttrs)
557  ((qva->qva_flags & VERIFY_ATTRS) ^ VERIFY_ATTRS);
558  int spew = (qva->qva_mode != 'v'); /* XXX no output w verify(...) probe. */
559  int ec = 0;
560  int i;
561 rpmfi fi = rpmfiNew(ts, h, RPMTAG_BASENAMES, scareMem);
562 uint32_t fc = rpmfiFC(fi);
563 
564  {
565  /* Verify header digest/signature. */
566 #if NOTYET
568  {
569  const char * horigin = headerGetOrigin(h);
570  const char * msg = NULL;
571  size_t uhlen = 0;
572  void * uh = headerUnload(h, &uhlen);
573  int lvl = headerCheck(rpmtsDig(ts), uh, uhlen, &msg) == RPMRC_FAIL
575  rpmlog(lvl, "%s: %s\n",
576  (horigin ? horigin : "verify"), (msg ? msg : ""));
577  rpmtsCleanDig(ts);
578  uh = _free(uh);
579  msg = _free(msg);
580  }
581 #endif
582 
583  /* Verify file digests. */
584  if (fc > 0 && (qva->qva_flags & VERIFY_FILES))
585 #if defined(_OPENMP)
586  #pragma omp parallel for private(i) reduction(+:ec)
587 #endif
588  for (i = 0; i < (int)fc; i++) {
589  int fflags = fi->fflags[i];
590  rpmvf vf;
591  int rc;
592 
593  /* If not querying %config, skip config files. */
594  if (FF_ISSET(qva->qva_fflags, CONFIG) && FF_ISSET(fflags, CONFIG))
595  continue;
596 
597  /* If not querying %doc, skip doc files. */
598  if (FF_ISSET(qva->qva_fflags, DOC) && FF_ISSET(fflags, DOC))
599  continue;
600 
601  /* If not verifying %ghost, skip ghost files. */
602  if (FF_ISSET(qva->qva_fflags, GHOST) && FF_ISSET(fflags, GHOST))
603  continue;
604 
605  /* Gather per-file data into a carrier. */
606  vf = rpmvfNew(ts, fi, i, omitMask);
607 
608  /* Verify per-file metadata. */
609  rc = rpmvfVerify(vf, spew);
610  if (rc)
611  ec += rc;
612 
613  (void) rpmvfFree(vf);
614  vf = NULL;
615  }
616 
617  /* Run verify/sanity scripts (if any). */
618  if (qva->qva_flags & VERIFY_SCRIPT)
619  {
620  int rc;
621 
624  {
625  FD_t fdo = fdDup(STDOUT_FILENO);
626 
627  rc = rpmfiSetHeader(fi, h);
628  if ((rc = rpmVerifyScript(qva, ts, fi, fdo)) != 0)
629  ec += rc;
630  if (fdo != NULL)
631  rc = Fclose(fdo);
632  rc = rpmfiSetHeader(fi, NULL);
633  }
634  }
635 
636  /* Verify dependency assertions. */
637  if (qva->qva_flags & VERIFY_DEPS)
638  {
639  int save_noise = _rpmds_unspecified_epoch_noise;
640  int rc;
641 
642 /*@-mods@*/
643  if (rpmIsVerbose())
645  if ((rc = verifyDependencies(qva, ts, h)) != 0)
646  ec += rc;
647  _rpmds_unspecified_epoch_noise = save_noise;
648 /*@=mods@*/
649  }
650  }
651 
652  fi = rpmfiFree(fi);
653 
654  return ec;
655 }
656 
657 int rpmcliVerify(rpmts ts, QVA_t qva, const char ** argv)
658 {
659  rpmdepFlags depFlags = qva->depFlags, odepFlags;
660  rpmtransFlags transFlags = qva->transFlags, otransFlags;
661  rpmVSFlags vsflags, ovsflags;
662  int ec = 0;
663 
664 #if defined(_OPENMP)
665 (void) tagName((rpmTag)0); /* XXX instantiate the tagname store. */
666 omp_set_nested(1); /* XXX permit nested thread teams. */
667 #endif
668 
669  if (qva->qva_showPackage == NULL)
671 
672  /* XXX verify flags are inverted from query. */
673  vsflags = (rpmVSFlags) rpmExpandNumeric("%{?_vsflags_verify}");
674  vsflags = (rpmVSFlags) 0; /* XXX FIXME: ignore default disablers. */
675 #if defined(SUPPORT_NOSIGNATURES)
676  if (!QVA_ISSET(qva->qva_flags, DIGEST)) {
677  VSF_SET(vsflags, NOSHA1HEADER);
678  VSF_SET(vsflags, NOMD5HEADER);
679  VSF_SET(vsflags, NOSHA1);
680  VSF_SET(vsflags, NOMD5);
681  }
682  if (!QVA_ISSET(qva->qva_flags, SIGNATURE)) {
683  VSF_SET(vsflags, NODSAHEADER);
684  VSF_SET(vsflags, NORSAHEADER);
685  VSF_SET(vsflags, NODSA);
686  VSF_SET(vsflags, NORSA);
687  }
688  if (!QVA_ISSET(qva->qva_flags, HDRCHK)) {
689  VSF_SET(vsflags, NOHDRCHK);
690  }
691  VSF_CLR(vsflags, NEEDPAYLOAD);
692 #endif
693 
694  odepFlags = rpmtsSetDFlags(ts, depFlags);
695  otransFlags = rpmtsSetFlags(ts, transFlags);
696  ovsflags = rpmtsSetVSFlags(ts, vsflags);
697  ec = rpmcliArgIter(ts, qva, argv);
698  vsflags = rpmtsSetVSFlags(ts, ovsflags);
699  transFlags = rpmtsSetFlags(ts, otransFlags);
700  depFlags = rpmtsSetDFlags(ts, odepFlags);
701 
703  qva->qva_showPackage = NULL;
704 
705  rpmtsEmpty(ts);
706 
707  return ec;
708 }
const unsigned char * digest
Definition: verify.c:50
struct rpmpsi_s * rpmpsi
Definition: rpmps.h:29
void yarnTwist(yarnLock bolt, yarnTwistOP op, long val)
Definition: yarn.c:279
rpmdepFlags depFlags
Definition: rpmcli.h:671
int rpmfiSetHeader(rpmfi fi, Header h)
Link a header to a file info set.
Definition: rpmfi.c:1275
int headerIsEntry(Header h, rpmTag tag)
Check if tag is in header.
Definition: header.c:1439
rpmfileAttrs fflags
Definition: verify.c:45
const char bson_timestamp_t * ts
Definition: bson.h:1004
const char * rpmtsRootDir(rpmts ts)
Get transaction rootDir, i.e.
Definition: rpmts.c:903
struct stat sb
Definition: verify.c:44
void yarnPossess(yarnLock bolt)
Definition: yarn.c:262
rpmVerifyAttrs vflags
Definition: verify.c:47
static int verifyDependencies(QVA_t qva, rpmts ts, Header h)
Check installed package dependencies for problems.
Definition: verify.c:467
rpmuint32_t rpmfiFNlink(rpmfi fi)
Return (calculated) current file nlink count from file info set.
Definition: rpmfi.c:427
long yarnPeekLock(yarnLock bolt)
Definition: yarn.c:325
yarnLock use
Definition: rpmiotypes.h:44
int _rpmds_unspecified_epoch_noise
Definition: rpmds.c:130
int rpmtsAddInstallElement(rpmts ts, Header h, fnpyKey key, int upgrade, rpmRelocation relocs)
Add package to be installed to transaction set.
Definition: depends.c:547
#define VERIFY_ATTRS
Definition: rpmcli.h:247
char * rpmGetPath(const char *path,...)
Return (malloc'ed) expanded, canonicalized, file path.
Definition: macro.c:3445
Definition: verify.c:40
Structure(s) used for file info tag sets.
rpmpsi rpmpsFreeIterator(rpmpsi psi)
Destroy problem set iterator.
Definition: rpmps.c:91
int rpmcliArgIter(rpmts ts, QVA_t qva, ARGV_t argv)
Definition: query.c:849
struct rpmioItem_s _item
Definition: verify.c:41
The Header data structure.
char * gidToGname(gid_t gid)
Definition: ugid.c:171
Definition: yarn.h:166
rpmQueryFlags qva_flags
Definition: rpmcli.h:633
#define DRD_xcalloc(_nmemb, _size)
Definition: debug.h:174
char * rpmProblemGetPkgNEVR(rpmProblem prob)
Return the package NEVR causing the problem.
Definition: rpmps.c:398
#define _verify(_FLAG, _C)
struct rpmpsm_s * rpmpsm
Package state machine data.
Definition: psm.h:13
static rpmVSFlags vsflags
Definition: rpmcache.c:547
#define RPMVERIFY_FAILURES
Definition: rpmcli.h:163
rpmRC headerCheck(pgpDig dig, const void *uh, size_t uc, const char **msg)
Check header consistency, performing headerGet() the hard way.
Definition: pkgio.c:1075
#define S_ISLNK(mode)
Definition: system.h:651
#define FF_ISSET(_fflags, _FLAG)
Definition: verify.c:81
#define _mask
int errno
enum rpmVerifyAttrs_e rpmVerifyAttrs
Bit(s) for rpmVerifyFile() attributes and result.
rpmfi rpmfiFree(rpmfi fi)
Destroy a file info set.
rpmfileState fstate
Definition: verify.c:46
unsigned short rpmuint16_t
Definition: rpmiotypes.h:27
int dodigest(int dalgo, const char *fn, unsigned char *digest, unsigned dflags, size_t *fsizep)
Return digest and size of a file.
Definition: legacy.c:178
void * pool
Definition: rpmiotypes.h:46
static void rpmlog(int code, const char *fmt,...)
Definition: rpmlog.h:299
struct rpmps_s * rpmps
Transaction problems found while processing a transaction set/.
Definition: rpmps.h:25
#define _verifyfile(_FLAG, _C)
FD_t fdDup(int fdno)
Definition: rpmio.c:266
rpmfi rpmfiNew(const void *_ts, Header h, rpmTag tagN, int flags)
Create and load a file info set.
Definition: rpmfi.c:1403
Command line option information.
Definition: rpmcli.h:630
int rpmfiFC(rpmfi fi)
Return file count from file info set.
Definition: rpmfi.c:87
void * headerUnload(Header h, size_t *lenp)
headerUnload.
Definition: header.c:648
int rpmpsNumProblems(rpmps ps)
Return number of problems in set.
Definition: rpmps.c:70
const char * fn
Definition: verify.c:42
char * alloca()
QVF_t qva_showPackage
Definition: rpmcli.h:642
rpmtransFlags rpmtsSetFlags(rpmts ts, rpmtransFlags transFlags)
Set transaction flags, i.e.
Definition: rpmts.c:1347
#define VSF_CLR(_vsflags, _FLAG)
Definition: verify.c:91
void rpmtsCleanDig(rpmts ts)
Free signature verification data.
Definition: pkgio.c:456
const char * fuser
Definition: verify.c:51
const char * mode
Definition: mongo.h:440
int gnameToGid(const char *thisGname, gid_t *gid)
Definition: ugid.c:71
int rpmpsNextIterator(rpmpsi psi)
Return next problem set iterator index.
Definition: rpmps.c:100
struct rpmfi_s * rpmfi
File info tag sets from a header, so that a header can be discarded early.
Definition: rpmfi.h:83
char * rpmProblemGetAltNEVR(rpmProblem prob)
Return the second package NEVR causing the problem.
Definition: rpmps.c:403
struct rpmvf_s * rpmvf
Definition: verify.c:39
int Lstat(const char *path, struct stat *st)
lstat(2) clone.
Definition: rpmrpc.c:1401
enum rpmdepFlags_e rpmdepFlags
Bit(s) to control rpmtsCheck() and rpmtsOrder() operation.
yarnLock yarnNewLock(long initial)
Definition: yarn.c:248
yarnLock yarnFreeLock(yarnLock bolt)
Definition: yarn.c:330
const char * tagName(rpmTag tag)
Return tag name from value.
Definition: tagname.c:436
rpmtransFlags transFlags
Definition: rpmcli.h:672
int dalgo
Definition: verify.c:48
The FD_t File Handle data structure.
const char const char * user
Definition: mongo.h:828
size_t dlen
Definition: verify.c:49
rpmpsm rpmpsmNew(rpmts ts, rpmte te, rpmfi fi)
Create and load a package state machine.
Definition: psm.c:1850
rpmpsi rpmpsInitIterator(rpmps ps)
Initialize problem set iterator.
Definition: rpmps.c:78
pgpVSFlags rpmVSFlags
Bit(s) to control digest and signature verification.
Definition: rpmts.h:35
rpmfileAttrs qva_fflags
Definition: rpmcli.h:634
const char * headerGetOrigin(Header h)
Return header origin (e.g path or URL).
Definition: header.c:1184
int Fclose(FD_t fd)
fclose(3) clone.
Definition: rpmio.c:2534
static int rpmvfVerify(rpmvf vf, int spew)
Verify file attributes (including file digest).
Definition: verify.c:188
enum rpmfileAttrs_e rpmfileAttrs
File Attributes.
rpmps rpmpsFree(rpmps ps)
Destroy a problem set.
static rpmvf rpmvfNew(rpmts ts, rpmfi fi, int i, rpmVerifyAttrs omitMask)
Definition: verify.c:119
int Readlink(const char *path, char *buf, size_t bufsiz)
readlink(2) clone.
Definition: rpmrpc.c:2154
int rpmcliVerify(rpmts ts, QVA_t qva, const char **argv)
Verify package install.
Definition: verify.c:657
enum rpmRC_e rpmRC
RPM return codes.
#define L(CS)
Definition: fnmatch.c:161
#define VF_ISSET(_vflags, _FLAG)
Definition: verify.c:83
enum rpmfileState_e rpmfileState
File States (when installed).
const char const int i
Definition: bson.h:778
Package state machine to handle a package from a transaction set.
rpmdepFlags rpmtsSetDFlags(rpmts ts, rpmdepFlags depFlags)
Set dependency flags, i.e.
Definition: rpmts.c:1368
const char * flink
Definition: verify.c:43
rpmProblem rpmpsProblem(rpmpsi psi)
Return current problem from problem set.
Definition: rpmps.c:114
Methods to handle package elements.
rpmps rpmtsProblems(rpmts ts)
Return current transaction set problems.
Definition: rpmts.c:584
enum rpmtransFlags_e rpmtransFlags
Bit(s) to control rpmtsRun() operation.
rpmVSFlags rpmtsSetVSFlags(rpmts ts, rpmVSFlags vsflags)
Set verify signatures flag(s).
Definition: rpmts.c:845
#define VF_SET(_vflags, _FLAG)
Definition: verify.c:84
char * stpcpy(char *dest, const char *src)
struct rpmts_s * rpmts
The RPM Transaction Set.
Definition: rpmtypes.h:14
const char const char size_t size
Definition: bson.h:895
const char * fgroup
Definition: verify.c:52
static void * _free(const void *p)
Wrapper to free(3), hides const compilation noise, permit NULL, return NULL.
Definition: rpmiotypes.h:756
char * uidToUname(uid_t uid)
Definition: ugid.c:135
rpmfi fi
Definition: filetriggers.h:15
static int rpmVerifyScript(QVA_t qva, rpmts ts, rpmfi fi, FD_t scriptFd)
Return exit code from running verify script from header.
Definition: verify.c:429
struct rpmProblem_s * rpmProblem
Raw data for an element of a problem set.
Definition: rpmps.h:20
int rpmtsAddEraseElement(rpmts ts, Header h, uint32_t hdrNum)
Add package to be erased to transaction set.
Definition: depends.c:834
int(* rpmtsCheck)(rpmts ts)
Perform dependency resolution on the transaction set.
Definition: depends.c:2097
#define rpmIsVerbose()
Definition: rpmcb.h:21
rpmpsm rpmpsmFree(rpmpsm psm, const char *msg)
Destroy a package state machine.
#define QVA_ISSET(_qvaflags, _FLAG)
Definition: verify.c:87
#define VF_CLR(_vflags, _FLAG)
Definition: verify.c:85
Definition: yarn.h:166
#define _(Text)
Definition: system.h:29
static rpmvf rpmvfFree(rpmvf vf)
Definition: verify.c:95
enum rpmTag_e rpmTag
Definition: rpmtag.h:470
int unameToUid(const char *thisUname, uid_t *uid)
Definition: ugid.c:16
#define _verifylink(_FLAG, _C)
pgpDig rpmtsDig(rpmts ts)
Get OpenPGP packet parameters, i.e.
Definition: pkgio.c:441
rpmRC rpmpsmScriptStage(rpmpsm psm, rpmTag scriptTag, rpmTag progTag)
Run rpmpsmStage(PSM_SCRIPT) for scriptTag and progTag.
Definition: psm.c:1788
#define VSF_SET(_vsflags, _FLAG)
Definition: verify.c:90
#define S_ISDEV(m)
Definition: verify.c:34
uint32_t headerGetInstance(Header h)
Return header instance (if from rpmdb).
Definition: header.c:1275
int rpmExpandNumeric(const char *arg)
Return macro expansion as a numeric value.
Definition: macro.c:3326
void rpmtsSetScriptFd(rpmts ts, FD_t scriptFd)
Definition: rpmts.c:982
void rpmtsEmpty(rpmts ts)
Re-create an empty transaction set.
Definition: rpmts.c:625
int showVerifyPackage(QVA_t qva, rpmts ts, Header h)
Display results of package verify.
Definition: verify.c:553