Support packages that are head-signed

This supports packages which do not have the RPMv3 signature scheme (over the full RPM header+payload), but instead only have signatures over the header (v4 scheme). For the v4 scheme, the signature is only stored in SIGTAG_RSA (or SIGTAG_DSA). Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
2021-08-03 22:27:56 +02:00 · 2021-08-03 22:27:56 +02:00 · af25fc2e24
commit af25fc2e24
parent f358fd7bc4
6 changed files with 162 additions and 2 deletions
--- a/cli/koji_cli/commands.py
+++ b/cli/koji_cli/commands.py
@ -1617,12 +1617,17 @@ def handle_import_sig(goptions, session, args):
    activate_session(session, goptions)
    for path in args:
        data = koji.get_header_fields(path, ('name', 'version', 'release', 'arch', 'siggpg',
-                                             'sigpgp', 'sourcepackage'))
+                                             'sigpgp', 'dsaheader', 'rsaheader',
+                                             'sourcepackage'))
        if data['sourcepackage']:
            data['arch'] = 'src'
        sigkey = data['siggpg']
        if not sigkey:
            sigkey = data['sigpgp']
+        if not sigkey:
+            sigkey = data['dsaheader']
+        if not sigkey:
+            sigkey = data['rsaheader']
        if not sigkey:
            sigkey = ""
            if not options.with_unsigned:
@ -1632,6 +1637,8 @@ def handle_import_sig(goptions, session, args):
            sigkey = koji.get_sigpacket_key_id(sigkey)
        del data['siggpg']
        del data['sigpgp']
+        del data['dsaheader']
+        del data['rsaheader']
        rinfo = session.getRPM(data)
        if not rinfo:
            print("No such rpm in system: %(name)s-%(version)s-%(release)s.%(arch)s" % data)