Merge pull request #450 from oliverkurth/stable-3.5

version 3.5.5

Author: oliverkurth

CMakeLists.txt

@@ -8,7 +8,7 @@
 
 CMAKE_MINIMUM_REQUIRED(VERSION 3.0 FATAL_ERROR)
 
-project(tdnf VERSION 3.5.4 LANGUAGES C)
+project(tdnf VERSION 3.5.5 LANGUAGES C)
 set(VERSION ${PROJECT_VERSION})
 set(PROJECT_YEAR 2023)
 

client/api.c

@@ -31,6 +31,11 @@ static void IsTdnfAlreadyRunning(void);
 
 static void TdnfExitHandler(void)
 {
+    if (gEuid)
+    {
+        return;
+    }
+
     tdnflockFree(instance_lock);
 }
 

client/defines.h

@@ -236,8 +236,8 @@ typedef enum
     {ERROR_TDNF_METADATA_EXPIRE_PARSE, "ERROR_TDNF_METADATA_EXPIRE_PARSE", "metadata_expire value could not be parsed. Check your repo files."},\
     {ERROR_TDNF_PROTECTED,           "ERROR_TDNF_PROTECTED",           "The operation would result in removing a protected package."},\
     {ERROR_TDNF_DOWNGRADE_NOT_ALLOWED,\
-	    "ERROR_TDNF_DOWNGRADE_NOT_ALLOWED",\
-	    "a downgrade is not allowed below the minimal version. Check 'minversions' in the configuration."},\
+        "ERROR_TDNF_DOWNGRADE_NOT_ALLOWED",\
+        "a downgrade is not allowed below the minimal version. Check 'minversions' in the configuration."},\
     {ERROR_TDNF_PERM, "ERROR_TDNF_PERM", "Operation not permitted. You have to be root."},\
     {ERROR_TDNF_OPT_NOT_FOUND, "ERROR_TDNF_OPT_NOT_FOUND", "A required option was not found"},\
     {ERROR_TDNF_OPERATION_ABORTED, "ERROR_TDNF_OPERATION_ABORTED", "Operation aborted."},\
@@ -248,6 +248,8 @@ typedef enum
     {ERROR_TDNF_EVENT_CTXT_ITEM_INVALID_TYPE, "ERROR_TDNF_EVENT_CTXT_ITEM_INVALID_TYPE", "An event item type had a mismatch. This is usually related to plugin events. Try --noplugins to deactivate all plugins or --disableplugin=<plugin> to deactivate a specific one. You can permanently deactivate an offending plugin by setting enable=0 in the plugin config file."},\
     {ERROR_TDNF_NO_GPGKEY_CONF_ENTRY,         "ERROR_TDNF_NO_GPGKEY_CONF_ENTRY",         "gpgkey entry is missing for this repo. please add gpgkey in repo file or use --nogpgcheck to ignore."}, \
     {ERROR_TDNF_URL_INVALID,                          "ERROR_TDNF_URL_INVALID",          "URL is invalid."}, \
+    {ERROR_TDNF_SIZE_MISMATCH,                       "ERROR_TDNF_SIZE_MISMATCH",                       "File size does not match."}, \
+    {ERROR_TDNF_CHECKSUM_MISMATCH,                   "ERROR_TDNF_CHECKSUM_MISMATCH",                   "File checksum does not match."}, \
     {ERROR_TDNF_BASEURL_DOES_NOT_EXISTS,             "ERROR_TDNF_BASEURL_DOES_NOT_EXISTS",             "Base URL and Metalink URL not found in the repo file"},\
     {ERROR_TDNF_CHECKSUM_VALIDATION_FAILED,          "ERROR_TDNF_CHECKSUM_VALIDATION_FAILED",          "Checksum Validation failed for the repomd.xml downloaded using URL from metalink"},\
     {ERROR_TDNF_METALINK_RESOURCE_VALIDATION_FAILED, "ERROR_TDNF_METALINK_RESOURCE_VALIDATION_FAILED", "No Resource present in metalink file for file download"},\

client/includes.h

@@ -63,13 +63,4 @@
 
 #include "config.h"
 
-// Enum in order of preference
-enum {
-    TDNF_HASH_MD5 = 0,
-    TDNF_HASH_SHA1,
-    TDNF_HASH_SHA256,
-    TDNF_HASH_SHA512,
-    TDNF_HASH_SENTINEL
-};
-
 #endif /* __CLIENT_INCLUDES_H__ */

client/packageutils.c

@@ -944,6 +944,7 @@ TDNFPopulatePkgInfos(
     Id dwPkgId = 0;
     PTDNF_PKG_INFO pPkgInfos = NULL;
     PTDNF_PKG_INFO pPkgInfo = NULL;
+    int nChecksumType = 0;
 
     if(!ppPkgInfos)
     {
@@ -998,6 +999,34 @@ TDNFPopulatePkgInfos(
                       &pPkgInfo->pszLocation);
         BAIL_ON_TDNF_ERROR(dwError);
 
+        dwError = SolvGetPkgChecksumFromId(
+                      pSack,
+                      dwPkgId,
+                      &nChecksumType,
+                      &pPkgInfo->pbChecksum);
+        //Ignore no data
+        if(dwError == ERROR_TDNF_NO_DATA)
+        {
+            dwError = 0;
+        } else if (nChecksumType == REPOKEY_TYPE_SHA512)
+        {
+            pPkgInfo->nChecksumType = TDNF_HASH_SHA512;
+        } else if (nChecksumType == REPOKEY_TYPE_SHA256)
+        {
+            pPkgInfo->nChecksumType = TDNF_HASH_SHA256;
+        } else if (nChecksumType == REPOKEY_TYPE_SHA1)
+        {
+            pPkgInfo->nChecksumType = TDNF_HASH_SHA1;
+        } else if (nChecksumType == REPOKEY_TYPE_MD5)
+        {
+            pPkgInfo->nChecksumType = TDNF_HASH_MD5;
+        } else
+        {
+            pPkgInfo->pbChecksum = NULL;
+        }
+
+        BAIL_ON_TDNF_ERROR(dwError);
+
         dwError = SolvGetPkgInstallSizeFromId(
                       pSack,
                       dwPkgId,

client/prototypes.h

@@ -22,9 +22,6 @@
 #define __CLIENT_PROTOTYPES_H__
 
 #include <unistd.h>
-#include <openssl/sha.h>
-#include <openssl/md5.h>
-#include <openssl/evp.h>
 
 extern uid_t gEuid;
 
@@ -871,8 +868,7 @@ uint32_t
 TDNFTransAddInstallPkg(
     PTDNFRPMTS pTS,
     PTDNF pTdnf,
-    const char* pszPackageLocation,
-    const char* pszPkgName,
+    PTDNF_PKG_INFO pInfo,
     PTDNF_REPO_DATA pRepo,
     int nUpgrade
     );

client/remoterepo.c

@@ -163,6 +163,7 @@ TDNFDownloadFile(
     /* lStatus reads CURLINFO_RESPONSE_CODE. Must be long */
     long lStatus = 0;
     int i;
+    int nNoOutput = 1;
 
     /* TDNFFetchRemoteGPGKey sends pszProgressData as NULL */
     if(!pTdnf ||
@@ -215,6 +216,7 @@ TDNFDownloadFile(
         {
             dwError = set_progress_cb(pCurl, pszProgressData);
             BAIL_ON_TDNF_ERROR(dwError);
+            nNoOutput = 0;
         }
     }
 
@@ -253,6 +255,11 @@ TDNFDownloadFile(
         fclose(fp);
         fp = NULL;
     }
+    /* finish progress line output,
+       but only if progrees was enabled */
+    if (!nNoOutput) {
+        pr_info("\n");
+    }
 
     dwError = curl_easy_getinfo(pCurl,
                                 CURLINFO_RESPONSE_CODE,
@@ -405,8 +412,6 @@ TDNFDownloadPackage(
     }
     BAIL_ON_TDNF_ERROR(dwError);
 
-    pr_info("\n");
-
 cleanup:
     TDNF_SAFE_FREE_MEMORY(pszCopyOfPackageLocation);
     TDNF_SAFE_FREE_MEMORY(pszPackageFile);

client/rpmtrans.c

@@ -799,8 +799,7 @@ TDNFTransAddInstallPkgs(
         dwError = TDNFTransAddInstallPkg(
                       pTS,
                       pTdnf,
-                      pInfo->pszLocation,
-                      pInfo->pszName,
+                      pInfo,
                       pRepo,
                       nUpgrade);
         BAIL_ON_TDNF_ERROR(dwError);
@@ -821,8 +820,7 @@ uint32_t
 TDNFTransAddInstallPkg(
     PTDNFRPMTS pTS,
     PTDNF pTdnf,
-    const char* pszPackageLocation,
-    const char* pszPkgName,
+    PTDNF_PKG_INFO pInfo,
     PTDNF_REPO_DATA pRepo,
     int nUpgrade
     )
@@ -832,6 +830,20 @@ TDNFTransAddInstallPkg(
     char* pszFilePath = NULL;
     Header rpmHeader = NULL;
     PTDNF_CACHED_RPM_ENTRY pRpmCache = NULL;
+    const char* pszPackageLocation = NULL;
+    const char* pszPkgName = NULL;
+    uint8_t digest_from_file[EVP_MAX_MD_SIZE] = {0};
+    hash_op *hash = NULL;
+    int nSize;
+
+    if(!pTS || !pTdnf || !pInfo || !pRepo)
+    {
+        dwError = ERROR_TDNF_INVALID_PARAMETER;
+        BAIL_ON_TDNF_ERROR(dwError);
+    }
+
+    pszPackageLocation = pInfo->pszLocation;
+    pszPkgName = pInfo->pszName;
 
     if (pszPackageLocation[0] == '/')
     {
@@ -900,6 +912,29 @@ TDNFTransAddInstallPkg(
         BAIL_ON_TDNF_SYSTEM_ERROR(dwError);
     }
 
+    if(pInfo->pbChecksum != NULL) {
+        hash = hash_ops + pInfo->nChecksumType;
+
+        dwError = TDNFGetDigestForFile(pszFilePath, hash, digest_from_file);
+        BAIL_ON_TDNF_ERROR(dwError);
+
+        if (memcmp(digest_from_file, pInfo->pbChecksum, hash->length))
+        {
+            pr_err("rpm file (%s) Checksum FAILED (digest mismatch)\n", pszFilePath);
+            dwError = ERROR_TDNF_CHECKSUM_MISMATCH;
+            BAIL_ON_TDNF_ERROR(dwError);
+        }
+    }
+
+    dwError = TDNFGetFileSize(pszFilePath, &nSize);
+    BAIL_ON_TDNF_ERROR(dwError);
+
+    if (nSize != (int)pInfo->dwDownloadSizeBytes) {
+        pr_err("rpm file (%s) size (%u) does not match expected size (%u)\n", pszFilePath, nSize, pInfo->dwDownloadSizeBytes);
+        dwError = ERROR_TDNF_SIZE_MISMATCH;
+        BAIL_ON_TDNF_ERROR(dwError);
+    }
+
     dwError = TDNFGPGCheckPackage(pTS, pTdnf, pRepo, pszFilePath, &rpmHeader);
     BAIL_ON_TDNF_ERROR(dwError);
 

common/prototypes.h

@@ -324,4 +324,37 @@ tdnflockNewAcquire(
     const char *descr
     );
 
+int32_t strtoi(const char *ptr);
+
+uint32_t
+TDNFGetDigestForFile(
+    const char *filename,
+    hash_op *hash,
+    uint8_t *digest
+    );
+
+uint32_t
+TDNFCheckHash(
+    const char *filename,
+    unsigned char *digest,
+    int type
+    );
+
+uint32_t
+TDNFCheckHexDigest(
+    const char *hex_digest,
+    int digest_length
+    );
+
+uint32_t
+TDNFHexToUint(
+    const char *hex_digest,
+    unsigned char *uintValue
+    );
+
+uint32_t
+TDNFChecksumFromHexDigest(
+    const char *hex_digest,
+    unsigned char *ppdigest
+    );
 #endif /* __COMMON_PROTOTYPES_H__ */

common/structs.h

@@ -1,5 +1,9 @@
 #pragma once
 
+#include <openssl/sha.h>
+#include <openssl/md5.h>
+#include <openssl/evp.h>
+
 typedef struct _KEYVALUE_
 {
     char *pszKey;
@@ -46,3 +50,26 @@ enum {
     TDNFLOCK_WRITE  = 1 << 1,
     TDNFLOCK_WAIT   = 1 << 2,
 };
+
+// Enum in order of preference
+enum {
+    TDNF_HASH_MD5 = 0,
+    TDNF_HASH_SHA1,
+    TDNF_HASH_SHA256,
+    TDNF_HASH_SHA512,
+    TDNF_HASH_SENTINEL
+};
+
+typedef struct _hash_op {
+    char *hash_type;
+    unsigned int length;
+} hash_op;
+
+typedef struct _hash_type {
+    char *hash_name;
+    unsigned int hash_value;
+}hash_type;
+
+extern hash_op hash_ops[TDNF_HASH_SENTINEL];
+
+extern hash_type hashType[7];