- add --delsign to purge packages of digital signatures.

CVS patchset: 7569
CVS date: 2004/11/10 00:50:41

CHANGES

@@ -29,6 +29,7 @@
 	- attempt dependency tree breadth, take 1.
 	- use external libneon for http/https transport.
 	- python: add python 2.4 support.
+	- add --delsign to purge packages of digital signatures.
 
 4.3.1 -> 4.3.2:
 	- use /etc/selinux/targeted/contexts/files/file_contexts for now.

lib/poptQV.c

@@ -46,6 +46,7 @@ static void rpmQVSourceArgCallback( /*@unused@*/ poptContext con,
     case 'Q':	/* from --querytags (handled by poptALL) */
     case 'V':	/* from --verify, -V */
     case 'A':	/* from --addsign */
+    case 'D':	/* from --delsign */
     case 'I':	/* from --import */
     case 'K':	/* from --checksig, -K */
     case 'R':	/* from --resign */
@@ -399,6 +400,8 @@ struct poptOption rpmSignPoptTable[] = {
 	N_("sign package(s) (identical to --resign)"), NULL },
  { "checksig", 'K', 0, NULL, 'K',
 	N_("verify package signature(s)"), NULL },
+ { "delsign", '\0', 0, NULL, 'D',
+	N_("delete package signatures"), NULL },
  { "import", '\0', 0, NULL, 'I',
 	N_("import an armored public key"), NULL },
  { "resign", '\0', 0, NULL, 'R',

lib/rpmchecksig.c

@@ -184,6 +184,7 @@ static int rpmReSign(/*@unused@*/ rpmts ts,
     void * uh = NULL;
     int_32 uht, uhc;
     int res = EXIT_FAILURE;
+    int deleting = (qva->qva_mode == RPMSIGN_DEL_SIGNATURE);
     rpmRC rc;
     int xx;
     
@@ -290,7 +291,13 @@ static int rpmReSign(/*@unused@*/ rpmts ts,
 	xx = headerRemoveEntry(sigh, RPMSIGTAG_SHA1);
 	xx = rpmAddSignature(sigh, sigtarget, RPMSIGTAG_SHA1, qva->passPhrase);
 
-	/* If gpg/pgp is configured, replace the signature. */
+	if (deleting) {	/* Nuke all the signature tags. */
+	    xx = headerRemoveEntry(sigh, RPMSIGTAG_GPG);
+	    xx = headerRemoveEntry(sigh, RPMSIGTAG_DSA);
+	    xx = headerRemoveEntry(sigh, RPMSIGTAG_PGP5);
+	    xx = headerRemoveEntry(sigh, RPMSIGTAG_PGP);
+	    xx = headerRemoveEntry(sigh, RPMSIGTAG_RSA);
+	} else		/* If gpg/pgp is configured, replace the signature. */
 	if ((sigtag = rpmLookupSignatureType(RPMLOOKUPSIG_QUERY)) > 0) {
 	    unsigned char oldsignid[8], newsignid[8];
 
@@ -331,7 +338,6 @@ static int rpmReSign(/*@unused@*/ rpmts ts,
 		    continue;
 		}
 	    }
-
 	}
 
 	/* Reallocate the signature into one contiguous region. */
@@ -1024,6 +1030,7 @@ int rpmcliSign(rpmts ts, QVA_t qva, const char ** argv)
 	/*@notreached@*/ break;
     case RPMSIGN_NEW_SIGNATURE:
     case RPMSIGN_ADD_SIGNATURE:
+    case RPMSIGN_DEL_SIGNATURE:
 	return rpmReSign(ts, qva, argv);
 	/*@notreached@*/ break;
     case RPMSIGN_NONE:

lib/rpmcli.h

@@ -776,6 +776,7 @@ typedef enum rpmSignFlags_e {
     RPMSIGN_CHK_SIGNATURE	= 'K',	/*!< from --checksig */
     RPMSIGN_NEW_SIGNATURE	= 'R',	/*!< from --resign */
     RPMSIGN_ADD_SIGNATURE	= 'A',	/*!< from --addsign */
+    RPMSIGN_DEL_SIGNATURE	= 'D',	/*!< from --delsign */
     RPMSIGN_IMPORT_PUBKEY	= 'I',	/*!< from --import */
 } rpmSignFlags;
 /*@=typeuse@*/

rpmqv.c

@@ -408,8 +408,9 @@ int main(int argc, const char ** argv)
 	    break;
 	case RPMSIGN_ADD_SIGNATURE:
 	case RPMSIGN_NEW_SIGNATURE:
+	case RPMSIGN_DEL_SIGNATURE:
 	    bigMode = MODE_RESIGN;
-	    ka->sign = 1;
+	    ka->sign = (ka->qva_mode != RPMSIGN_DEL_SIGNATURE);
 	    break;
 	}
   }