Richard W.M. Jones
2022-Mar-15 10:31 UTC
[Libguestfs] [PATCH] daemon/rpm-c.c: Disable signature checking in librpm
Older distros (eg RHEL 6) used SHA-1 signatures which some newer
distros now prevent us from verifying. Since verifying package
signatures is not essential for inspection, switch the feature off in
librpm.
Reported-by: Xiaodai Wang
Thanks: Panu Matilainen
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2064182
Signed-off-by: Richard W.M. Jones <rjones at redhat.com>
---
daemon/rpm-c.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/daemon/rpm-c.c b/daemon/rpm-c.c
index be0e81e22..f6a7067e1 100644
--- a/daemon/rpm-c.c
+++ b/daemon/rpm-c.c
@@ -89,8 +89,15 @@ static rpmdbMatchIterator iter;
value
guestfs_int_daemon_rpm_start_iterator (value unitv)
{
+ rpmVSFlags oflags;
+
CAMLparam1 (unitv);
ts = rpmtsCreate ();
+
+ /* Disable signature checking (RHBZ#2064182). */
+ oflags = rpmtsVSFlags (ts);
+ rpmtsSetVSFlags (ts, oflags | RPMVSF_MASK_NOSIGNATURES);
+
iter = rpmtsInitIterator (ts, RPMDBI_PACKAGES, NULL, 0);
CAMLreturn (Val_unit);
}
--
2.31.1
Laszlo Ersek
2022-Mar-17 14:33 UTC
[Libguestfs] [PATCH] daemon/rpm-c.c: Disable signature checking in librpm
On 03/15/22 11:31, Richard W.M. Jones wrote:> Older distros (eg RHEL 6) used SHA-1 signatures which some newer > distros now prevent us from verifying. Since verifying package > signatures is not essential for inspection, switch the feature off in > librpm. > > Reported-by: Xiaodai Wang > Thanks: Panu Matilainen > Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2064182 > Signed-off-by: Richard W.M. Jones <rjones at redhat.com> > --- > daemon/rpm-c.c | 7 +++++++ > 1 file changed, 7 insertions(+) > > diff --git a/daemon/rpm-c.c b/daemon/rpm-c.c > index be0e81e22..f6a7067e1 100644 > --- a/daemon/rpm-c.c > +++ b/daemon/rpm-c.c > @@ -89,8 +89,15 @@ static rpmdbMatchIterator iter; > value > guestfs_int_daemon_rpm_start_iterator (value unitv) > { > + rpmVSFlags oflags; > + > CAMLparam1 (unitv); > ts = rpmtsCreate (); > + > + /* Disable signature checking (RHBZ#2064182). */ > + oflags = rpmtsVSFlags (ts); > + rpmtsSetVSFlags (ts, oflags | RPMVSF_MASK_NOSIGNATURES); > + > iter = rpmtsInitIterator (ts, RPMDBI_PACKAGES, NULL, 0); > CAMLreturn (Val_unit); > } >The logic seems OK, but the execution seems to conflict with the *letter* of "Interfacing C with OCaml": https://ocaml.org/manual/intfc.html#ss:c-simple-gc-harmony """ Rule??1? A function that has parameters or local variables of type value must begin with a call to one of the CAMLparam macros [...] """ All ocaml-interfacing C functions I've seen thus far in the v2v projects, and one function that I just checked (namely guestfs_int_daemon_rpm_next_application()), conform to this. The documentation in "/usr/lib64/ocaml/caml/memory.h" seems to support this requirement: """ /* The following macros are used to declare C local variables and function parameters of type [value]. The function body must start with one of the [CAMLparam] macros. """ So, even if it may not matter in practice, I suggest introducing "oflags" *after* CAMLparam1(). With that update: Acked-by: Laszlo Ersek <lersek at redhat.com> Thanks Laszlo