diff options
author | Hongxu Jia <hongxu.jia@windriver.com> | 2020-06-03 14:55:31 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2020-06-04 13:21:00 +0100 |
commit | 8359bdd60afafd80d354f7f40ed648643d8db292 (patch) | |
tree | bc9f774c6906d499b9bca91241837d76cc1196be /meta/recipes-devtools | |
parent | 189fae9f2df58759e9d66a3877c9ef30df4854bf (diff) | |
download | openembedded-core-contrib-8359bdd60afafd80d354f7f40ed648643d8db292.tar.gz |
rpm: fix rpm -Kv xxx.rpm failed if signature header is larger than 64KB
Since commits [Place file signatures into the signature header where they
belong][1] applied, run `rpm -Kv **.rpm' failed if signature header
is larger than 64KB. Here are steps:
1) A unsigned rpm package, the size is 227560 bytes
$ ls -al xz-src-5.2.5-r0.corei7_64.rpm
-rw-------. 1 mockbuild 1000 227560 Jun 3 09:59
2) Sign the rpm package
$ rpmsign --addsign ... xz-src-5.2.5-r0.corei7_64.rpm
3) The size of signed rpm is 312208 bytes
$ ls -al xz-src-5.2.5-r0.corei7_64.rpm
-rw-------. 1 mockbuild 1000 312208 Jun 3 09:48
4) Run `rpm -Kv' failed with signature hdr data out of range
$ rpm -Kv xz-src-5.2.5-r0.corei7_64.rpm
xz-src-5.2.5-r0.corei7_64.rpm:
error: xz-src-5.2.5-r0.corei7_64.rpm: signature hdr data: BAD, no. of
bytes(88864) out of range
>From 1) and 3), the size of signed rpm package increased
312208 - 227560 = 84648, so the check of dl_max (64KB,65536)
is not enough.
As [1] said:
This also means the signature header can be MUCH bigger than ever
before,so bump up the limit (to 64MB, arbitrary something for now)
So [1] missed to multiply by 1024.
[1] https://github.com/rpm-software-management/rpm/commit/f558e886050c4e98f6cdde391df679a411b3f62c
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools')
-rw-r--r-- | meta/recipes-devtools/rpm/files/0001-Bump-up-the-limit-of-signature-header-to-64MB.patch | 62 | ||||
-rw-r--r-- | meta/recipes-devtools/rpm/rpm_4.15.1.bb | 1 |
2 files changed, 63 insertions, 0 deletions
diff --git a/meta/recipes-devtools/rpm/files/0001-Bump-up-the-limit-of-signature-header-to-64MB.patch b/meta/recipes-devtools/rpm/files/0001-Bump-up-the-limit-of-signature-header-to-64MB.patch new file mode 100644 index 0000000000..0a19c12a7a --- /dev/null +++ b/meta/recipes-devtools/rpm/files/0001-Bump-up-the-limit-of-signature-header-to-64MB.patch @@ -0,0 +1,62 @@ +From e8bf0eba7143abb6e69db82ee747a0c6790dd00a Mon Sep 17 00:00:00 2001 +From: Hongxu Jia <hongxu.jia@windriver.com> +Date: Wed, 3 Jun 2020 10:25:24 +0800 +Subject: [PATCH] Bump up the limit of signature header to 64MB + +Since commits [Place file signatures into the signature header where they +belong][1] applied, run `rpm -Kv **.rpm' failed if signature header +is larger than 64KB. Here are steps: + +1) A unsigned rpm package, the size is 227560 bytes +$ ls -al xz-src-5.2.5-r0.corei7_64.rpm +-rw-------. 1 mockbuild 1000 227560 Jun 3 09:59 + +2) Sign the rpm package +$ rpmsign --addsign ... xz-src-5.2.5-r0.corei7_64.rpm + +3) The size of signed rpm is 312208 bytes +$ ls -al xz-src-5.2.5-r0.corei7_64.rpm +-rw-------. 1 mockbuild 1000 312208 Jun 3 09:48 + +4) Run `rpm -Kv' failed with signature hdr data out of range +$ rpm -Kv xz-src-5.2.5-r0.corei7_64.rpm +xz-src-5.2.5-r0.corei7_64.rpm: +error: xz-src-5.2.5-r0.corei7_64.rpm: signature hdr data: BAD, no. of +bytes(88864) out of range + +From 1) and 3), the size of signed rpm package increased +312208 - 227560 = 84648, so the check of dl_max (64KB,65536) +is not enough. + +As [1] said: + + This also means the signature header can be MUCH bigger than ever + before,so bump up the limit (to 64MB, arbitrary something for now) + +So [1] missed to multiply by 1024. + +[1] https://github.com/rpm-software-management/rpm/commit/f558e886050c4e98f6cdde391df679a411b3f62c + +Upstream-Status: Backport [https://github.com/rpm-software-management/rpm/commit/486579912381ede82172dc6d0ff3941a6d0536b5] + +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +--- + lib/header.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/header.c b/lib/header.c +index 9ec7ed0..cbf6890 100644 +--- a/lib/header.c ++++ b/lib/header.c +@@ -1906,7 +1906,7 @@ rpmRC hdrblobRead(FD_t fd, int magic, int exact_size, rpmTagVal regionTag, hdrbl + + if (regionTag == RPMTAG_HEADERSIGNATURES) { + il_max = 32; +- dl_max = 64 * 1024; ++ dl_max = 64 * 1024 * 1024; + } + + memset(block, 0, sizeof(block)); +-- +2.25.4 + diff --git a/meta/recipes-devtools/rpm/rpm_4.15.1.bb b/meta/recipes-devtools/rpm/rpm_4.15.1.bb index 8add142461..cbe1acffe2 100644 --- a/meta/recipes-devtools/rpm/rpm_4.15.1.bb +++ b/meta/recipes-devtools/rpm/rpm_4.15.1.bb @@ -40,6 +40,7 @@ SRC_URI = "git://github.com/rpm-software-management/rpm;branch=rpm-4.15.x \ file://0001-rpmplugins.c-call-dlerror-prior-to-dlsym.patch \ file://0001-rpmfc.c-do-not-run-file-classification-in-parallel.patch \ file://0001-lib-transaction.c-fix-file-conflicts-for-MIPS64-N32.patch \ + file://0001-Bump-up-the-limit-of-signature-header-to-64MB.patch \ " PE = "1" |