diff --git a/CHANGELOG.md b/CHANGELOG.md index bf73f635..9fce15a3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,13 +6,20 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## [Unreleased] + ### Added -- Support for setting file capabilities via the RPMTAGS_FILECAPS header. -- `PackageMetadata::get_file_entries` method can get capability headers for each file. + - Support for symbolic link in file mode. - Make file type const `REGULAR_FILE_TYPE` `DIR_FILE_TYPE` `SYMBOLIC_LINK_FILE_TYPE` public, because `FileMode::file_type` is public, sometimes we need this const to determin file type. - Fix compile error on Windows which introduced by file capabilities support feature. +## 0.12.1 + +### Added + +- Support for setting file capabilities via the RPMTAGS_FILECAPS header. +- `PackageMetadata::get_file_entries` method can get capability headers for each file. + ## 0.12.0 ### Breaking Changes diff --git a/Cargo.toml b/Cargo.toml index 0c2d672e..49294535 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "rpm" -version = "0.12.0" +version = "0.12.1" authors = [ "René Richter ", "Bernhard Schuster ", @@ -57,8 +57,8 @@ xz2 = "0.1" capctl = "0.2.3" [dev-dependencies] -rsa = { version = "0.8" } -rsa-der = { version = "^0.3.0" } +rsa = { version = "0.9.2" } +rsa-der = { version = "0.3.0" } # Pin time due to msrv time = "=0.3.23" env_logger = "0.10.0" diff --git a/src/rpm/signature/pgp.rs b/src/rpm/signature/pgp.rs index 7600427a..1d9c98d5 100644 --- a/src/rpm/signature/pgp.rs +++ b/src/rpm/signature/pgp.rs @@ -162,41 +162,42 @@ impl traits::Verifying for Verifier { ); } - self.public_key - .public_subkeys - .iter() - .filter(|sub_key| { - if sub_key.key_id().as_ref() == key_id.as_ref() { - log::trace!( - "Found a matching key id {:?} == {:?}", - sub_key.key_id(), - key_id - ); - true - } else { - log::trace!("Not the one we want: {:?}", sub_key); - false - } - }) - .fold( - Err(Error::KeyNotFoundError { - key_ref: format!("{:?}", key_id), - }), - |previous_res, sub_key| { - if previous_res.is_err() { - log::trace!("Test next candidate subkey"); - signature.verify(sub_key, &mut data).map_err(|e| { - Error::VerificationError { - source: Box::new(e), - key_ref: format!("{:?}", sub_key.key_id()), - } + let mut result = Err(Error::KeyNotFoundError { + key_ref: format!("{:?}", key_id), + }); + for sub_key in &self.public_key.public_subkeys { + log::trace!("Trying subkey candidate {:?}", sub_key.key_id()); + + if sub_key.key_id().as_ref() == key_id.as_ref() { + log::trace!( + "Subkey key id {:?} matches signature key id", + sub_key.key_id() + ); + + match signature.verify(sub_key, &mut data) { + Ok(_) => { + log::trace!( + "Signature successfully verified with subkey {:?}", + sub_key.key_id() + ); + return Ok(()); + } + Err(e) => { + log::trace!("Subkey verification failed"); + result = Err(Error::VerificationError { + source: Box::new(e), + key_ref: format!("{:?}", sub_key.key_id()), }) - } else { - log::trace!("Signature already verified, nop"); - Ok(()) } - }, - ) + } + } else { + log::trace!( + "Subkey key id {:?} does not match signature", + sub_key.key_id() + ); + } + } + result } else { log::trace!( "Signature has no issuer ref, attempting primary key: {:?}",