diff options
author | Hongxu Jia <hongxu.jia@windriver.com> | 2020-06-03 14:55:31 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2020-06-04 13:27:32 +0100 |
commit | 7adde4fa40d7ab15398c25504a7e3bd963ed1ca0 (patch) | |
tree | ad9adad3b4fa8f840c78a0c9a962b7a885a90e90 | |
parent | e4faf3b3d00ec11e39e76120617e5a782c322920 (diff) | |
download | poky-7adde4fa40d7ab15398c25504a7e3bd963ed1ca0.tar.gz |
rpm: fix rpm -Kv xxx.rpm failed if signature header is larger than 64KB
Since commits [Place file signatures into the signature header where they
belong][1] applied, run `rpm -Kv **.rpm' failed if signature header
is larger than 64KB. Here are steps:
1) A unsigned rpm package, the size is 227560 bytes
$ ls -al xz-src-5.2.5-r0.corei7_64.rpm
-rw-------. 1 mockbuild 1000 227560 Jun 3 09:59
2) Sign the rpm package
$ rpmsign --addsign ... xz-src-5.2.5-r0.corei7_64.rpm
3) The size of signed rpm is 312208 bytes
$ ls -al xz-src-5.2.5-r0.corei7_64.rpm
-rw-------. 1 mockbuild 1000 312208 Jun 3 09:48
4) Run `rpm -Kv' failed with signature hdr data out of range
$ rpm -Kv xz-src-5.2.5-r0.corei7_64.rpm
xz-src-5.2.5-r0.corei7_64.rpm:
error: xz-src-5.2.5-r0.corei7_64.rpm: signature hdr data: BAD, no. of
bytes(88864) out of range
>From 1) and 3), the size of signed rpm package increased
312208 - 227560 = 84648, so the check of dl_max (64KB,65536)
is not enough.
As [1] said:
This also means the signature header can be MUCH bigger than ever
before,so bump up the limit (to 64MB, arbitrary something for now)
So [1] missed to multiply by 1024.
[1] https://github.com/rpm-software-management/rpm/commit/f558e886050c4e98f6cdde391df679a411b3f62c
(From OE-Core rev: 8359bdd60afafd80d354f7f40ed648643d8db292)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta/recipes-devtools/rpm/files/0001-Bump-up-the-limit-of-signature-header-to-64MB.patch | 62 | ||||
-rw-r--r-- | meta/recipes-devtools/rpm/rpm_4.15.1.bb | 1 |
2 files changed, 63 insertions, 0 deletions
diff --git a/meta/recipes-devtools/rpm/files/0001-Bump-up-the-limit-of-signature-header-to-64MB.patch b/meta/recipes-devtools/rpm/files/0001-Bump-up-the-limit-of-signature-header-to-64MB.patch new file mode 100644 index 0000000000..0a19c12a7a --- /dev/null +++ b/meta/recipes-devtools/rpm/files/0001-Bump-up-the-limit-of-signature-header-to-64MB.patch | |||
@@ -0,0 +1,62 @@ | |||
1 | From e8bf0eba7143abb6e69db82ee747a0c6790dd00a Mon Sep 17 00:00:00 2001 | ||
2 | From: Hongxu Jia <hongxu.jia@windriver.com> | ||
3 | Date: Wed, 3 Jun 2020 10:25:24 +0800 | ||
4 | Subject: [PATCH] Bump up the limit of signature header to 64MB | ||
5 | |||
6 | Since commits [Place file signatures into the signature header where they | ||
7 | belong][1] applied, run `rpm -Kv **.rpm' failed if signature header | ||
8 | is larger than 64KB. Here are steps: | ||
9 | |||
10 | 1) A unsigned rpm package, the size is 227560 bytes | ||
11 | $ ls -al xz-src-5.2.5-r0.corei7_64.rpm | ||
12 | -rw-------. 1 mockbuild 1000 227560 Jun 3 09:59 | ||
13 | |||
14 | 2) Sign the rpm package | ||
15 | $ rpmsign --addsign ... xz-src-5.2.5-r0.corei7_64.rpm | ||
16 | |||
17 | 3) The size of signed rpm is 312208 bytes | ||
18 | $ ls -al xz-src-5.2.5-r0.corei7_64.rpm | ||
19 | -rw-------. 1 mockbuild 1000 312208 Jun 3 09:48 | ||
20 | |||
21 | 4) Run `rpm -Kv' failed with signature hdr data out of range | ||
22 | $ rpm -Kv xz-src-5.2.5-r0.corei7_64.rpm | ||
23 | xz-src-5.2.5-r0.corei7_64.rpm: | ||
24 | error: xz-src-5.2.5-r0.corei7_64.rpm: signature hdr data: BAD, no. of | ||
25 | bytes(88864) out of range | ||
26 | |||
27 | From 1) and 3), the size of signed rpm package increased | ||
28 | 312208 - 227560 = 84648, so the check of dl_max (64KB,65536) | ||
29 | is not enough. | ||
30 | |||
31 | As [1] said: | ||
32 | |||
33 | This also means the signature header can be MUCH bigger than ever | ||
34 | before,so bump up the limit (to 64MB, arbitrary something for now) | ||
35 | |||
36 | So [1] missed to multiply by 1024. | ||
37 | |||
38 | [1] https://github.com/rpm-software-management/rpm/commit/f558e886050c4e98f6cdde391df679a411b3f62c | ||
39 | |||
40 | Upstream-Status: Backport [https://github.com/rpm-software-management/rpm/commit/486579912381ede82172dc6d0ff3941a6d0536b5] | ||
41 | |||
42 | Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> | ||
43 | --- | ||
44 | lib/header.c | 2 +- | ||
45 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
46 | |||
47 | diff --git a/lib/header.c b/lib/header.c | ||
48 | index 9ec7ed0..cbf6890 100644 | ||
49 | --- a/lib/header.c | ||
50 | +++ b/lib/header.c | ||
51 | @@ -1906,7 +1906,7 @@ rpmRC hdrblobRead(FD_t fd, int magic, int exact_size, rpmTagVal regionTag, hdrbl | ||
52 | |||
53 | if (regionTag == RPMTAG_HEADERSIGNATURES) { | ||
54 | il_max = 32; | ||
55 | - dl_max = 64 * 1024; | ||
56 | + dl_max = 64 * 1024 * 1024; | ||
57 | } | ||
58 | |||
59 | memset(block, 0, sizeof(block)); | ||
60 | -- | ||
61 | 2.25.4 | ||
62 | |||
diff --git a/meta/recipes-devtools/rpm/rpm_4.15.1.bb b/meta/recipes-devtools/rpm/rpm_4.15.1.bb index 8add142461..cbe1acffe2 100644 --- a/meta/recipes-devtools/rpm/rpm_4.15.1.bb +++ b/meta/recipes-devtools/rpm/rpm_4.15.1.bb | |||
@@ -40,6 +40,7 @@ SRC_URI = "git://github.com/rpm-software-management/rpm;branch=rpm-4.15.x \ | |||
40 | file://0001-rpmplugins.c-call-dlerror-prior-to-dlsym.patch \ | 40 | file://0001-rpmplugins.c-call-dlerror-prior-to-dlsym.patch \ |
41 | file://0001-rpmfc.c-do-not-run-file-classification-in-parallel.patch \ | 41 | file://0001-rpmfc.c-do-not-run-file-classification-in-parallel.patch \ |
42 | file://0001-lib-transaction.c-fix-file-conflicts-for-MIPS64-N32.patch \ | 42 | file://0001-lib-transaction.c-fix-file-conflicts-for-MIPS64-N32.patch \ |
43 | file://0001-Bump-up-the-limit-of-signature-header-to-64MB.patch \ | ||
43 | " | 44 | " |
44 | 45 | ||
45 | PE = "1" | 46 | PE = "1" |