From 5b79e28bd70a0ec5b34c5ff19b66cbbdd1e48835 Mon Sep 17 00:00:00 2001
From: Haiqing Bai <Haiqing.Bai@windriver.com>
Date: Fri, 18 Mar 2016 13:34:07 +0800
Subject: [PATCH] Make smartpm to support check signatures of rpmv5.

The original support for 'rpm-check-signatures' has been
disabled for the RPMv5 does not support '_RPMVSF_NOSIGNATURES'
now. This fix replaces the '_RPMVSF_NOSIGNATURES' with
rpm VS flags set:RPMVSF_NODSAHEADER|RPMVSF_NORSAHEADER|
RPMVSF_NODSA|RPMVSF_NORSA.

Upstream-Status: Pending
Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com>
---
 smart/backends/rpm/base.py      | 43 +++++++++++++++++++++++++++++++----------
 smart/backends/rpm/pm.py        |  2 +-
 smart/plugins/yumchannelsync.py |  5 +++--
 3 files changed, 37 insertions(+), 13 deletions(-)

diff --git a/smart/backends/rpm/base.py b/smart/backends/rpm/base.py
index 85f4d49..dbd6165 100644
--- a/smart/backends/rpm/base.py
+++ b/smart/backends/rpm/base.py
@@ -63,11 +63,23 @@ def getTS(new=False):
         if sysconf.get("rpm-dbpath"):
             rpm.addMacro('_dbpath', "/" + sysconf.get("rpm-dbpath"))
         getTS.ts = rpm.ts(getTS.root)
-        if not sysconf.get("rpm-check-signatures", False):
-            if hasattr(rpm, '_RPMVSF_NOSIGNATURES'):
-                getTS.ts.setVSFlags(rpm._RPMVSF_NOSIGNATURES)
-            else:
-                raise Error, _("rpm requires checking signatures")
+
+        # _RPMVSF_NOSIGNATURES is not supported in RPMv5, so here uses
+        # RPMVSF_NODSAHEADER|RPMVSF_NORSAHEADER|RPMVSF_NODSA|RPMVSF_NORSA
+        # to replace '_RPMVSF_NOSIGNATURES' to continue to support check
+        # rpm signatures
+
+        #if not sysconf.get("rpm-check-signatures", False):
+        #    if hasattr(rpm, '_RPMVSF_NOSIGNATURES'):
+        #        getTS.ts.setVSFlags(rpm._RPMVSF_NOSIGNATURES)
+        #    else:
+        #        raise Error, _("rpm requires checking signatures")
+        if sysconf.get("rpm-check-signatures") == False:
+            getTS.ts.setVSFlags(rpm.RPMVSF_NODSAHEADER|rpm.RPMVSF_NORSAHEADER|\
+                                rpm.RPMVSF_NODSA|rpm.RPMVSF_NORSA)
+        else:
+            getTS.ts.setVSFlags(0)
+
         rpm_dbpath = sysconf.get("rpm-dbpath", "var/lib/rpm")
         dbdir = rpm_join_dbpath(getTS.root, rpm_dbpath)
         if not os.path.isdir(dbdir):
@@ -89,11 +101,22 @@ def getTS(new=False):
         if sysconf.get("rpm-dbpath"):
             rpm.addMacro('_dbpath', "/" + sysconf.get("rpm-dbpath"))
         ts = rpm.ts(getTS.root)
-        if not sysconf.get("rpm-check-signatures", False):
-            if hasattr(rpm, '_RPMVSF_NOSIGNATURES'):
-                ts.setVSFlags(rpm._RPMVSF_NOSIGNATURES)
-            else:
-                raise Error, _("rpm requires checking signatures")
+
+        # _RPMVSF_NOSIGNATURES is not supported in RPMv5, so here uses
+        # RPMVSF_NODSAHEADER|RPMVSF_NORSAHEADER|RPMVSF_NODSA|RPMVSF_NORSA
+        # to replace '_RPMVSF_NOSIGNATURES' to continue to support check
+        # rpm signatures
+
+        #if not sysconf.get("rpm-check-signatures", False):
+        #    if hasattr(rpm, '_RPMVSF_NOSIGNATURES'):
+        #        ts.setVSFlags(rpm._RPMVSF_NOSIGNATURES)
+        #    else:
+        #        raise Error, _("rpm requires checking signatures")
+        if sysconf.get("rpm-check-signatures") == False:
+            ts.setVSFlags(rpm.RPMVSF_NODSAHEADER|rpm.RPMVSF_NORSAHEADER|\
+                                rpm.RPMVSF_NODSA|rpm.RPMVSF_NORSA)
+        else:
+            ts.setVSFlags(0)
         return ts
     else:
         return getTS.ts
diff --git a/smart/backends/rpm/pm.py b/smart/backends/rpm/pm.py
index b57a844..7b651b5 100644
--- a/smart/backends/rpm/pm.py
+++ b/smart/backends/rpm/pm.py
@@ -180,7 +180,7 @@ class RPMPackageManager(PackageManager):
                 fd = os.open(path, os.O_RDONLY)
                 try:
                     h = ts.hdrFromFdno(fd)
-                    if sysconf.get("rpm-check-signatures", False):
+                    if sysconf.get("rpm-check-signatures", True):
                          if get_public_key(h) == '(none)':
                              raise rpm.error('package is not signed')
                 except rpm.error, e:
diff --git a/smart/plugins/yumchannelsync.py b/smart/plugins/yumchannelsync.py
index f8107e6..2dc5482 100644
--- a/smart/plugins/yumchannelsync.py
+++ b/smart/plugins/yumchannelsync.py
@@ -56,8 +56,9 @@ def _getreleasever():
 
     rpmroot = sysconf.get("rpm-root", "/")
     ts = rpmUtils.transaction.initReadOnlyTransaction(root=rpmroot)
-    if hasattr(rpm, '_RPMVSF_NOSIGNATURES') and hasattr(rpm, '_RPMVSF_NODIGESTS'):
-        ts.pushVSFlags(~(rpm._RPMVSF_NOSIGNATURES|rpm._RPMVSF_NODIGESTS))
+    #_RPMVSF_NOSIGNATURES is not supported in RPMv5
+    #if hasattr(rpm, '_RPMVSF_NOSIGNATURES') and hasattr(rpm, '_RPMVSF_NODIGESTS'):
+    #    ts.pushVSFlags(~(rpm._RPMVSF_NOSIGNATURES|rpm._RPMVSF_NODIGESTS))
     releasever = None
     # HACK: we're hard-coding the most used distros, will add more if needed
     idx = ts.dbMatch('provides', 'fedora-release')
-- 
1.9.1