rpm/sign/rpmsignfiles.h

#ifndef H_RPMSIGNFILES
#define H_RPMSIGNFILES

#include <rpm/rpmtypes.h>
#include <rpm/rpmutil.h>

#ifdef __cplusplus
extern "C" {
#endif

/**
 * Sign file digests in header into signature header
 * @param sigh		package signature header
 * @param h		package header
 * @param key		signing key
 * @param keypass	signing key password
 * @return		RPMRC_OK on success
 */
RPM_GNUC_INTERNAL
rpmRC rpmSignFiles(Header sigh, Header h, const char *key, char *keypass);

#ifdef _cplusplus
}
#endif

#endif /* H_RPMSIGNFILES */
Sign file digests and store signatures in header This patch introduces rpmSignFiles, which extracts file digests from the provided header and signs them using libimaevm and the provided key. The file signatures are stored in the header as hex strings under the tag RPM_FILESIGNATURES. Changelog: - fix signatureLength() - Mimi - remove existing file signatures and the file signature length, before adding new file signatures. - Mimi - fix dependency on ima - Fin [lkardos@redhat.com: fixed indentation] Signed-off-by: Lubos Kardos <lkardos@redhat.com> 2015-07-22 01:00:41 +08:00			`#ifndef H_RPMSIGNFILES`
			`#define H_RPMSIGNFILES`

rpmSignFiles() is an internal-only API 2017-06-08 22:23:15 +08:00			`#include <rpm/rpmtypes.h>`
			`#include <rpm/rpmutil.h>`

Sign file digests and store signatures in header This patch introduces rpmSignFiles, which extracts file digests from the provided header and signs them using libimaevm and the provided key. The file signatures are stored in the header as hex strings under the tag RPM_FILESIGNATURES. Changelog: - fix signatureLength() - Mimi - remove existing file signatures and the file signature length, before adding new file signatures. - Mimi - fix dependency on ima - Fin [lkardos@redhat.com: fixed indentation] Signed-off-by: Lubos Kardos <lkardos@redhat.com> 2015-07-22 01:00:41 +08:00			`#ifdef __cplusplus`
			`extern "C" {`
			`#endif`

			`/**`
Place file signatures into the signature header where they belong The original file signing puts the file signatures into the main header immutable region, invalidating all previous signatures and digests so the package no longer appears to be what it was when it came out of the assembly line. Which is bad. Doing that also requires recalculating everything again which is just added complexity, and since it adds stuff to different place from the rest of the signing, it requires yet complexity to deal with that. Moving the file signatures into the signature header solves all that and allows removing a big pile of now unnecessary code. Because this means retrofitting tags bass-ackwards into the signature header, the tag definitions are backwards to everything else. Other options would certainly be possible, but this makes things look more normal on the signature header side. "Users" only ever see the unchanged file signature tags as they have always been. This also means the signature header can be MUCH bigger than ever before, so bump up the limit (to 64MB, arbitrary something for now), and permit string array types to be migrated from the signature header on package read. Caveats: This loses the check for identical existing signatures to keep the complexity down, it's hardly a critical thing and can be added back later. While file signing could now be done separately to other signing, that is not handled here. 2017-10-10 16:44:10 +08:00			`* Sign file digests in header into signature header`
			`* @param sigh package signature header`
Sign file digests and store signatures in header This patch introduces rpmSignFiles, which extracts file digests from the provided header and signs them using libimaevm and the provided key. The file signatures are stored in the header as hex strings under the tag RPM_FILESIGNATURES. Changelog: - fix signatureLength() - Mimi - remove existing file signatures and the file signature length, before adding new file signatures. - Mimi - fix dependency on ima - Fin [lkardos@redhat.com: fixed indentation] Signed-off-by: Lubos Kardos <lkardos@redhat.com> 2015-07-22 01:00:41 +08:00			`* @param h package header`
			`* @param key signing key`
Add support for passing the file signing key password The option to provide a password for signing an RPM package was recently removed in favor of using the underlying mechanisms. Requiring a user to enter a password for each file being signed, however, is tedious. This patch adds support for prompting the user for the password. Dependency on ima-evm-utils version > "0.9" Changelog: - update get_fskpass() based on Dmitry's comments Signed-off-by: Lubos Kardos <lkardos@redhat.com> 2015-07-22 01:00:46 +08:00			`* @param keypass signing key password`
Sign file digests and store signatures in header This patch introduces rpmSignFiles, which extracts file digests from the provided header and signs them using libimaevm and the provided key. The file signatures are stored in the header as hex strings under the tag RPM_FILESIGNATURES. Changelog: - fix signatureLength() - Mimi - remove existing file signatures and the file signature length, before adding new file signatures. - Mimi - fix dependency on ima - Fin [lkardos@redhat.com: fixed indentation] Signed-off-by: Lubos Kardos <lkardos@redhat.com> 2015-07-22 01:00:41 +08:00			`* @return RPMRC_OK on success`
			`*/`
rpmSignFiles() is an internal-only API 2017-06-08 22:23:15 +08:00			`RPM_GNUC_INTERNAL`
Place file signatures into the signature header where they belong The original file signing puts the file signatures into the main header immutable region, invalidating all previous signatures and digests so the package no longer appears to be what it was when it came out of the assembly line. Which is bad. Doing that also requires recalculating everything again which is just added complexity, and since it adds stuff to different place from the rest of the signing, it requires yet complexity to deal with that. Moving the file signatures into the signature header solves all that and allows removing a big pile of now unnecessary code. Because this means retrofitting tags bass-ackwards into the signature header, the tag definitions are backwards to everything else. Other options would certainly be possible, but this makes things look more normal on the signature header side. "Users" only ever see the unchanged file signature tags as they have always been. This also means the signature header can be MUCH bigger than ever before, so bump up the limit (to 64MB, arbitrary something for now), and permit string array types to be migrated from the signature header on package read. Caveats: This loses the check for identical existing signatures to keep the complexity down, it's hardly a critical thing and can be added back later. While file signing could now be done separately to other signing, that is not handled here. 2017-10-10 16:44:10 +08:00			`rpmRC rpmSignFiles(Header sigh, Header h, const char key, char keypass);`
Add support for passing the file signing key password The option to provide a password for signing an RPM package was recently removed in favor of using the underlying mechanisms. Requiring a user to enter a password for each file being signed, however, is tedious. This patch adds support for prompting the user for the password. Dependency on ima-evm-utils version > "0.9" Changelog: - update get_fskpass() based on Dmitry's comments Signed-off-by: Lubos Kardos <lkardos@redhat.com> 2015-07-22 01:00:46 +08:00
Sign file digests and store signatures in header This patch introduces rpmSignFiles, which extracts file digests from the provided header and signs them using libimaevm and the provided key. The file signatures are stored in the header as hex strings under the tag RPM_FILESIGNATURES. Changelog: - fix signatureLength() - Mimi - remove existing file signatures and the file signature length, before adding new file signatures. - Mimi - fix dependency on ima - Fin [lkardos@redhat.com: fixed indentation] Signed-off-by: Lubos Kardos <lkardos@redhat.com> 2015-07-22 01:00:41 +08:00			`#ifdef _cplusplus`
			`}`
			`#endif`

			`#endif /* H_RPMSIGNFILES */`