PoC

lib/fsm.cc

@@ -875,13 +875,21 @@ static rpmfi fsmIterFini(rpmfi fi, struct diriter_s *di)
     return rpmfiFree(fi);
 }
 
+static rpmPlugins fsmPlugins(rpmts ts, rpmte te)
+{
+    if (headerIsEntry(rpmteHeader(te), RPMTAG_SOURCEPACKAGE))
+	return NULL;
+    else
+	return rpmtsPlugins(ts);
+}
+
 int rpmPackageFilesInstall(rpmts ts, rpmte te, rpmfiles files,
               rpmpsm psm, char ** failedFile)
 {
     FD_t payload = rpmtePayload(te);
     rpmfi fi = NULL;
     rpmfs fs = rpmteGetFileStates(te);
-    rpmPlugins plugins = rpmtsPlugins(ts);
+    rpmPlugins plugins = fsmPlugins(ts, te);
     int rc = 0;
     int fx = -1;
     int fc = rpmfilesFC(files);
@@ -1123,7 +1131,7 @@ int rpmPackageFilesRemove(rpmts ts, rpmte te, rpmfiles files,
     struct diriter_s di = { -1, -1 };
     rpmfi fi = fsmIter(NULL, files, RPMFI_ITER_BACK, &di);
     rpmfs fs = rpmteGetFileStates(te);
-    rpmPlugins plugins = rpmtsPlugins(ts);
+    rpmPlugins plugins = fsmPlugins(ts, te);
     int fc = rpmfilesFC(files);
     int fx = -1;
     struct filedata_s *fdata = (struct filedata_s *)xcalloc(fc, sizeof(*fdata));

lib/rpmplugins.cc

@@ -139,6 +139,8 @@ rpmRC rpmpluginsAdd(rpmPlugins plugins, const char *name, const char *path,
     rpmRC rc;
     rpmPlugin plugin = rpmPluginNew(name, path, opts);
 
+    if (plugins == NULL)
+	return RPMRC_OK;
     if (plugin == NULL)
 	return RPMRC_FAIL;
 
@@ -235,6 +237,9 @@ rpmRC rpmpluginsCallTsmPre(rpmPlugins plugins, rpmts ts)
     plugin_tsm_pre_func hookFunc;
     rpmRC rc = RPMRC_OK;
 
+    if (!plugins)
+	return rc;
+
     for (auto & plugin : plugins->plugins) {
 	RPMPLUGINS_SET_HOOK_FUNC(tsm_pre);
 	if (hookFunc && hookFunc(plugin, ts) == RPMRC_FAIL) {
@@ -251,6 +256,9 @@ rpmRC rpmpluginsCallTsmPost(rpmPlugins plugins, rpmts ts, int res)
     plugin_tsm_post_func hookFunc;
     rpmRC rc = RPMRC_OK;
 
+    if (!plugins)
+	return rc;
+
     for (auto & plugin : plugins->plugins) {
 	RPMPLUGINS_SET_HOOK_FUNC(tsm_post);
 	if (hookFunc && hookFunc(plugin, ts, res) == RPMRC_FAIL) {
@@ -266,6 +274,9 @@ rpmRC rpmpluginsCallPsmPre(rpmPlugins plugins, rpmte te)
     plugin_psm_pre_func hookFunc;
     rpmRC rc = RPMRC_OK;
 
+    if (!plugins)
+	return rc;
+
     for (auto & plugin : plugins->plugins) {
 	RPMPLUGINS_SET_HOOK_FUNC(psm_pre);
 	if (hookFunc && hookFunc(plugin, te) == RPMRC_FAIL) {
@@ -282,6 +293,9 @@ rpmRC rpmpluginsCallPsmPost(rpmPlugins plugins, rpmte te, int res)
     plugin_psm_post_func hookFunc;
     rpmRC rc = RPMRC_OK;
 
+    if (!plugins)
+	return rc;
+
     for (auto & plugin : plugins->plugins) {
 	RPMPLUGINS_SET_HOOK_FUNC(psm_post);
 	if (hookFunc && hookFunc(plugin, te, res) == RPMRC_FAIL) {
@@ -297,6 +311,9 @@ rpmRC rpmpluginsCallScriptletPre(rpmPlugins plugins, const char *s_name, int typ
     plugin_scriptlet_pre_func hookFunc;
     rpmRC rc = RPMRC_OK;
 
+    if (!plugins)
+	return rc;
+
     for (auto & plugin : plugins->plugins) {
 	RPMPLUGINS_SET_HOOK_FUNC(scriptlet_pre);
 	if (hookFunc && hookFunc(plugin, s_name, type) == RPMRC_FAIL) {
@@ -313,6 +330,9 @@ rpmRC rpmpluginsCallScriptletForkPost(rpmPlugins plugins, const char *path, int
     plugin_scriptlet_fork_post_func hookFunc;
     rpmRC rc = RPMRC_OK;
 
+    if (!plugins)
+	return rc;
+
     for (auto & plugin : plugins->plugins) {
 	RPMPLUGINS_SET_HOOK_FUNC(scriptlet_fork_post);
 	if (hookFunc && hookFunc(plugin, path, type) == RPMRC_FAIL) {
@@ -329,6 +349,9 @@ rpmRC rpmpluginsCallScriptletPost(rpmPlugins plugins, const char *s_name, int ty
     plugin_scriptlet_post_func hookFunc;
     rpmRC rc = RPMRC_OK;
 
+    if (!plugins)
+	return rc;
+
     for (auto & plugin : plugins->plugins) {
 	RPMPLUGINS_SET_HOOK_FUNC(scriptlet_post);
 	if (hookFunc && hookFunc(plugin, s_name, type, res) == RPMRC_FAIL) {
@@ -352,8 +375,11 @@ rpmRC rpmpluginsCallFsmFilePre(rpmPlugins plugins, rpmfi fi, const char *path,
 {
     plugin_fsm_file_pre_func hookFunc;
     rpmRC rc = RPMRC_OK;
-    char *apath = abspath(fi, path);
 
+    if (!plugins)
+	return rc;
+
+    char *apath = abspath(fi, path);
     for (auto & plugin : plugins->plugins) {
 	RPMPLUGINS_SET_HOOK_FUNC(fsm_file_pre);
 	if (hookFunc && hookFunc(plugin, fi, apath, file_mode, op) == RPMRC_FAIL) {
@@ -371,8 +397,11 @@ rpmRC rpmpluginsCallFsmFilePost(rpmPlugins plugins, rpmfi fi, const char *path,
 {
     plugin_fsm_file_post_func hookFunc;
     rpmRC rc = RPMRC_OK;
-    char *apath = abspath(fi, path);
 
+    if (!plugins)
+	return rc;
+
+    char *apath = abspath(fi, path);
     for (auto & plugin : plugins->plugins) {
 	RPMPLUGINS_SET_HOOK_FUNC(fsm_file_post);
 	if (hookFunc && hookFunc(plugin, fi, apath, file_mode, op, res) == RPMRC_FAIL) {
@@ -390,8 +419,11 @@ rpmRC rpmpluginsCallFsmFilePrepare(rpmPlugins plugins, rpmfi fi,
 {
     plugin_fsm_file_prepare_func hookFunc;
     rpmRC rc = RPMRC_OK;
-    char *apath = abspath(fi, path);
 
+    if (!plugins)
+	return rc;
+
+    char *apath = abspath(fi, path);
     for (auto & plugin : plugins->plugins) {
 	RPMPLUGINS_SET_HOOK_FUNC(fsm_file_prepare);
 	if (hookFunc && hookFunc(plugin, fi, fd, apath, dest, file_mode, op) == RPMRC_FAIL) {

sign/rpmgensig.cc

@@ -702,14 +702,19 @@ static int rpmSign(const char *rpm, int deleting, int flags)
     unloadImmutableRegion(&sigh, RPMTAG_HEADERSIGNATURES);
     origSigSize = headerSizeof(sigh, HEADER_MAGIC_YES);
 
-    if (flags & RPMSIGN_FLAG_IMA) {
-	if (includeFileSignatures(&sigh, &h))
-	    goto exit;
-    }
-
-    if (flags & RPMSIGN_FLAG_FSVERITY) {
-	if (includeVeritySignatures(fd, &sigh, &h))
-	    goto exit;
+    if (1 || !headerIsEntry(h, RPMTAG_SOURCEPACKAGE)) {
+	if (flags & RPMSIGN_FLAG_IMA) {
+	    if (includeFileSignatures(&sigh, &h))
+		goto exit;
+	}
+	if (flags & RPMSIGN_FLAG_FSVERITY) {
+	    if (includeVeritySignatures(fd, &sigh, &h))
+		goto exit;
+	}
+    } else if (flags & (RPMSIGN_FLAG_IMA | RPMSIGN_FLAG_FSVERITY)) {
+	rpmlog(RPMLOG_WARNING,
+	       _("File signatures not applicable to source packages: %s\n"),
+	       rpm);
     }
 
     if (deleting == 2) {	/* Nuke IMA + fsverity file signature tags. */