testing/openscap/0002-Refer-to-the-RPMVERIFY_-constants-instead-of-VERIFY_.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99

From 9db9474dd092a67e37af54a2eb898cea625a98cd Mon Sep 17 00:00:00 2001
From: Panu Matilainen <pmatilai@redhat.com>
Date: Tue, 11 Jun 2019 16:12:56 +0300
Subject: [PATCH 2/3] Refer to the RPMVERIFY_* constants instead of VERIFY_*
 counterparts

The RPMVERIFY_* values always refer to corresponding file verification
attributes, which is what we're dealing with here. The VERIFY_*
constants do not exist in all versions, and include things that
do not make any sense at all for files anyway, such as VERIFY_DEPS
and VERIFY_SCRIPT which are package-level operations and VERIFY_SIGNATURE
and VERIFY_DIGEST which are not verify operations at all.
---
 src/OVAL/probes/unix/linux/rpmverify_probe.c  | 21 ++++++----------
 .../probes/unix/linux/rpmverifyfile_probe.c   | 25 +++++++++----------
 2 files changed, 20 insertions(+), 26 deletions(-)

diff --git a/src/OVAL/probes/unix/linux/rpmverify_probe.c b/src/OVAL/probes/unix/linux/rpmverify_probe.c
index 07bd09d84..dbc9523ba 100644
--- a/src/OVAL/probes/unix/linux/rpmverify_probe.c
+++ b/src/OVAL/probes/unix/linux/rpmverify_probe.c
@@ -303,19 +303,14 @@ typedef struct {
 } rpmverify_bhmap_t;
 
 const rpmverify_bhmap_t rpmverify_bhmap[] = {
-        { "nodeps",        (uint64_t)VERIFY_DEPS      },
-        { "nodigest",      (uint64_t)VERIFY_DIGEST    },
-        { "nofiles",       (uint64_t)VERIFY_FILES     },
-        { "noscripts",     (uint64_t)VERIFY_SCRIPT    },
-        { "nosignature",   (uint64_t)VERIFY_SIGNATURE },
-        { "nolinkto",      (uint64_t)VERIFY_LINKTO    },
-        { "nomd5",         (uint64_t)VERIFY_MD5       },
-        { "nosize",        (uint64_t)VERIFY_SIZE      },
-        { "nouser",        (uint64_t)VERIFY_USER      },
-        { "nogroup",       (uint64_t)VERIFY_GROUP     },
-        { "nomtime",       (uint64_t)VERIFY_MTIME     },
-        { "nomode",        (uint64_t)VERIFY_MODE      },
-        { "nordev",        (uint64_t)VERIFY_RDEV      },
+        { "nolinkto",      (uint64_t)RPMVERIFY_LINKTO    },
+        { "nomd5",         (uint64_t)RPMVERIFY_MD5       },
+        { "nosize",        (uint64_t)RPMVERIFY_FILESIZE  },
+        { "nouser",        (uint64_t)RPMVERIFY_USER      },
+        { "nogroup",       (uint64_t)RPMVERIFY_GROUP     },
+        { "nomtime",       (uint64_t)RPMVERIFY_MTIME     },
+        { "nomode",        (uint64_t)RPMVERIFY_MODE      },
+        { "nordev",        (uint64_t)RPMVERIFY_RDEV      },
         { "noconfigfiles", RPMVERIFY_SKIP_CONFIG      },
         { "noghostfiles",  RPMVERIFY_SKIP_GHOST       }
 };
diff --git a/src/OVAL/probes/unix/linux/rpmverifyfile_probe.c b/src/OVAL/probes/unix/linux/rpmverifyfile_probe.c
index d81728ebe..10fcdf8df 100644
--- a/src/OVAL/probes/unix/linux/rpmverifyfile_probe.c
+++ b/src/OVAL/probes/unix/linux/rpmverifyfile_probe.c
@@ -83,11 +83,10 @@ struct rpmverify_res {
 	 * They all have the same value (1) - see 'rpm/rpmvf.h'.
 	 */
 	#define RPMVERIFY_FILEDIGEST RPMVERIFY_MD5
-	#define VERIFY_FILEDIGEST VERIFY_MD5
-	/* VERIFY_CAPS is not supported in older rpmlib.
+	/* RPMVERIFY_CAPS is not supported in older rpmlib.
 	 * We can set it to 0 because 0 is neutral to bit OR operation.
 	 */
-	#define VERIFY_CAPS 0
+	#define RPMVERIFY_CAPS 0
 #endif
 
 #define RPMVERIFY_LOCK   RPM_MUTEX_LOCK(&g_rpm->mutex)
@@ -423,18 +422,18 @@ typedef struct {
 } rpmverifyfile_bhmap_t;
 
 const rpmverifyfile_bhmap_t rpmverifyfile_bhmap[] = {
-	{ "nolinkto",      (uint64_t)VERIFY_LINKTO    },
-	{ "nomd5",	 (uint64_t)VERIFY_MD5       }, // deprecated since OVAL 5.11.1
-	{ "nosize",	(uint64_t)VERIFY_SIZE      },
-	{ "nouser",	(uint64_t)VERIFY_USER      },
-	{ "nogroup",       (uint64_t)VERIFY_GROUP     },
-	{ "nomtime",       (uint64_t)VERIFY_MTIME     },
-	{ "nomode",	(uint64_t)VERIFY_MODE      },
-	{ "nordev",	(uint64_t)VERIFY_RDEV      },
+	{ "nolinkto",      (uint64_t)RPMVERIFY_LINKTO    },
+	{ "nomd5",	 (uint64_t)RPMVERIFY_MD5       }, // deprecated since OVAL 5.11.1
+	{ "nosize",	(uint64_t)RPMVERIFY_FILESIZE      },
+	{ "nouser",	(uint64_t)RPMVERIFY_USER      },
+	{ "nogroup",       (uint64_t)RPMVERIFY_GROUP     },
+	{ "nomtime",       (uint64_t)RPMVERIFY_MTIME     },
+	{ "nomode",	(uint64_t)RPMVERIFY_MODE      },
+	{ "nordev",	(uint64_t)RPMVERIFY_RDEV      },
 	{ "noconfigfiles", RPMVERIFY_SKIP_CONFIG      },
 	{ "noghostfiles",  RPMVERIFY_SKIP_GHOST       },
-	{ "nofiledigest", (uint64_t)VERIFY_FILEDIGEST },
-	{ "nocaps", (uint64_t)VERIFY_CAPS }
+	{ "nofiledigest", (uint64_t)RPMVERIFY_FILEDIGEST },
+	{ "nocaps", (uint64_t)RPMVERIFY_CAPS }
 };
 
 int rpmverifyfile_probe_main(probe_ctx *ctx, void *arg)
-- 
2.22.0