rpm: allow to enable IMA signing

Signed-off-by: Lans Zhang <jia.zhang@windriver.com>

meta-integrity/recipes-devtools/rpm/rpm/0001-Pass-sign-arguments-to-signature-deletion-too.patch

@@ -0,0 +1,162 @@
+From 23dc36f0d587495f2d29ebefd9e46437069b5a2d Mon Sep 17 00:00:00 2001
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Mon, 29 May 2017 16:11:55 +0300
+Subject: [PATCH] Pass sign arguments to signature deletion too
+
+Refactor rpmsign and python bindings to be more similar on both
+addsign/delsign operations, and always pass the signing arguments
+along. Deletion doesn't actually (yet) use the arguments for anything
+but makes things more symmetric (I remember having doubts about
+this when adding - reminder to self: if in doubt, add more arguments ;)
+
+Yet another API break, but what the hey... Other than that, behavior is
+not supposed to change here.
+---
+ python/rpmsmodule.c | 28 ++++++++++++++++------------
+ rpmsign.c           | 13 +++++++------
+ sign/rpmgensig.c    |  2 +-
+ sign/rpmsign.h      |  3 ++-
+ 4 files changed, 26 insertions(+), 20 deletions(-)
+
+diff --git a/python/rpmsmodule.c b/python/rpmsmodule.c
+index 0601353b9..72465221d 100644
+--- a/python/rpmsmodule.c
++++ b/python/rpmsmodule.c
+@@ -5,32 +5,36 @@
+ static char rpms__doc__[] =
+ "";
+ 
++static int parseSignArgs(PyObject * args, PyObject *kwds,
++			const char **path, struct rpmSignArgs *sargs)
++{
++    char * kwlist[] = { "path", "keyid", "hashalgo", NULL };
++
++    memset(sargs, 0, sizeof(*sargs));
++    return PyArg_ParseTupleAndKeywords(args, kwds, "s|si", kwlist,
++				    path, &sargs->keyid, &sargs->hashalgo);
++}
++
+ static PyObject * addSign(PyObject * self, PyObject * args, PyObject *kwds)
+ {
+     const char *path = NULL;
+-    char * kwlist[] = { "path", "keyid", "hashalgo", NULL };
+-    struct rpmSignArgs sig, *sigp = NULL;
++    struct rpmSignArgs sargs;
+ 
+-    memset(&sig, 0, sizeof(sig));
+-    if (!PyArg_ParseTupleAndKeywords(args, kwds, "s|si", kwlist,
+-				&path, &sig.keyid, &sig.hashalgo))
++    if (parseSignArgs(args, kwds, &path, &sargs))
+ 	return NULL;
+ 
+-    if (sig.keyid || sig.hashalgo)
+-	sigp = &sig;
+-
+-    return PyBool_FromLong(rpmPkgSign(path, sigp) == 0);
++    return PyBool_FromLong(rpmPkgSign(path, &sargs) == 0);
+ }
+ 
+ static PyObject * delSign(PyObject * self, PyObject * args, PyObject *kwds)
+ {
+     const char *path = NULL;
+-    char * kwlist[] = { "path", NULL };
++    struct rpmSignArgs sargs;
+ 
+-    if (!PyArg_ParseTupleAndKeywords(args, kwds, "s", kwlist, &path))
++    if (parseSignArgs(args, kwds, &path, &sargs))
+ 	return NULL;
+ 
+-    return PyBool_FromLong(rpmPkgDelSign(path) == 0);
++    return PyBool_FromLong(rpmPkgDelSign(path, &sargs) == 0);
+ }
+ 
+ /*
+diff --git a/rpmsign.c b/rpmsign.c
+index 3834b505e..0402af556 100644
+--- a/rpmsign.c
++++ b/rpmsign.c
+@@ -25,6 +25,8 @@ static int signfiles = 0, fskpass = 0;
+ static char * fileSigningKey = NULL;
+ static char * fileSigningKeyPassword = NULL;
+ 
++static struct rpmSignArgs sargs = {NULL, 0, 0};
++
+ static struct poptOption signOptsTable[] = {
+     { "addsign", '\0', (POPT_ARG_VAL|POPT_ARGFLAG_OR), &mode, MODE_ADDSIGN,
+ 	N_("sign package(s)"), NULL },
+@@ -54,11 +56,10 @@ static struct poptOption optionsTable[] = {
+ };
+ 
+ /* TODO: permit overriding macro setup on the command line */
+-static int doSign(poptContext optCon)
++static int doSign(poptContext optCon, struct rpmSignArgs *sargs)
+ {
+     int rc = EXIT_FAILURE;
+     char * name = rpmExpand("%{?_gpg_name}", NULL);
+-    struct rpmSignArgs sig = {NULL, 0, 0};
+     char *key = NULL;
+ 
+     if (rstreq(name, "")) {
+@@ -92,13 +93,13 @@ static int doSign(poptContext optCon)
+ 	    free(fileSigningKeyPassword);
+ 	}
+ 
+-	sig.signfiles = 1;
++	sargs->signfiles = 1;
+     }
+ 
+     const char *arg;
+     rc = 0;
+     while ((arg = poptGetArg(optCon)) != NULL) {
+-	rc += rpmPkgSign(arg, &sig);
++	rc += rpmPkgSign(arg, sargs);
+     }
+ 
+ exit:
+@@ -133,12 +134,12 @@ int main(int argc, char *argv[])
+     switch (mode) {
+     case MODE_ADDSIGN:
+     case MODE_RESIGN:
+-	ec = doSign(optCon);
++	ec = doSign(optCon, &sargs);
+ 	break;
+     case MODE_DELSIGN:
+ 	ec = 0;
+ 	while ((arg = poptGetArg(optCon)) != NULL) {
+-	    ec += rpmPkgDelSign(arg);
++	    ec += rpmPkgDelSign(arg, &sargs);
+ 	}
+ 	break;
+     default:
+diff --git a/sign/rpmgensig.c b/sign/rpmgensig.c
+index 4f5ff7b59..32bcfb3fb 100644
+--- a/sign/rpmgensig.c
++++ b/sign/rpmgensig.c
+@@ -863,7 +863,7 @@ int rpmPkgSign(const char *path, const struct rpmSignArgs * args)
+     return rc;
+ }
+ 
+-int rpmPkgDelSign(const char *path)
++int rpmPkgDelSign(const char *path, const struct rpmSignArgs * args)
+ {
+     return rpmSign(path, 1, 0);
+ }
+diff --git a/sign/rpmsign.h b/sign/rpmsign.h
+index b41e3caab..bed8d6245 100644
+--- a/sign/rpmsign.h
++++ b/sign/rpmsign.h
+@@ -31,9 +31,10 @@ int rpmPkgSign(const char *path, const struct rpmSignArgs * args);
+ /** \ingroup rpmsign
+  * Delete signature(s) from a package
+  * @param path		path to package
++ * @param args		signing parameters (or NULL for defaults)
+  * @return		0 on success
+  */
+-int rpmPkgDelSign(const char *path);
++int rpmPkgDelSign(const char *path, const struct rpmSignArgs * args);
+ 
+ #ifdef __cplusplus
+ }
+-- 
+2.11.0
+

meta-integrity/recipes-devtools/rpm/rpm/0002-Beat-some-sense-into-rpmsign-cli-parsing.patch

@@ -0,0 +1,43 @@
+From 8bcfd98c0545eaf98bbc99e56cc2118c995a8fad Mon Sep 17 00:00:00 2001
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Thu, 8 Jun 2017 12:39:53 +0300
+Subject: [PATCH] Beat some sense into rpmsign cli parsing
+
+Separate missing mode and several modes, print usage in the former
+and mumble about modes only if more than one actually specified.
+---
+ rpmsign.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/rpmsign.c b/rpmsign.c
+index 0402af556..de6f79384 100644
+--- a/rpmsign.c
++++ b/rpmsign.c
+@@ -14,12 +14,13 @@ char ** environ = NULL;
+ #endif
+ 
+ enum modes {
++    MODE_NONE    = 0,
+     MODE_ADDSIGN = (1 << 0),
+     MODE_RESIGN  = (1 << 1),
+     MODE_DELSIGN = (1 << 2),
+ };
+ 
+-static int mode = 0;
++static int mode = MODE_NONE;
+ 
+ static int signfiles = 0, fskpass = 0;
+ static char * fileSigningKey = NULL;
+@@ -142,6 +143,9 @@ int main(int argc, char *argv[])
+ 	    ec += rpmPkgDelSign(arg, &sargs);
+ 	}
+ 	break;
++    case MODE_NONE:
++	printUsage(optCon, stderr, 0);
++	break;
+     default:
+ 	argerror(_("only one major mode may be specified"));
+ 	break;
+-- 
+2.11.0
+

meta-integrity/recipes-devtools/rpm/rpm/0003-Fix-thinko-typo-in-file-signing-error-message.patch

@@ -0,0 +1,25 @@
+From 26cae3941f68c96e44d8126fea330ef7f0327913 Mon Sep 17 00:00:00 2001
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Thu, 8 Jun 2017 12:42:00 +0300
+Subject: [PATCH] Fix %% -> $$ thinko/typo in file signing error message
+
+---
+ rpmsign.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/rpmsign.c b/rpmsign.c
+index de6f79384..66ab8e5eb 100644
+--- a/rpmsign.c
++++ b/rpmsign.c
+@@ -75,7 +75,7 @@ static int doSign(poptContext optCon, struct rpmSignArgs *sargs)
+     if (signfiles) {
+ 	key = rpmExpand("%{?_file_signing_key}", NULL);
+ 	if (rstreq(key, "")) {
+-	    fprintf(stderr, _("You must set \"$$_file_signing_key\" in your macro file or on the command line with --fskpath\n"));
++	    fprintf(stderr, _("You must set \"%%_file_signing_key\" in your macro file or on the command line with --fskpath\n"));
+ 	    goto exit;
+ 	}
+ 
+-- 
+2.11.0
+

meta-integrity/recipes-devtools/rpm/rpm/0004-Bury-get_fskpass-inside-rpmsign-utility.patch

@@ -0,0 +1,145 @@
+From 5a76125050c2f389cdc1c3017dff5fec4aef7e57 Mon Sep 17 00:00:00 2001
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Thu, 8 Jun 2017 16:55:16 +0300
+Subject: [PATCH] Bury get_fskpass() inside rpmsign utility
+
+librpm is not in the business of providing terminal utility functions,
+file signing might well need to ask for passwords but it doesn't
+have to be a non-prefixed function in a shared library. The library
+provides means to *pass* the password and its up to calling applications
+to ask for it if needed.
+---
+ lib/rpmsignfiles.c | 35 -----------------------------------
+ lib/rpmsignfiles.h |  2 --
+ rpmsign.c          | 37 ++++++++++++++++++++++++++++++++++++-
+ 3 files changed, 36 insertions(+), 38 deletions(-)
+
+diff --git a/lib/rpmsignfiles.c b/lib/rpmsignfiles.c
+index 87e4e4265..aacb34647 100644
+--- a/lib/rpmsignfiles.c
++++ b/lib/rpmsignfiles.c
+@@ -7,8 +7,6 @@
+ #include "system.h"
+ #include "imaevm.h"
+ 
+-#include <termios.h>
+-
+ #include <rpm/rpmlog.h>		/* rpmlog */
+ #include <rpm/rpmstring.h>	/* rnibble */
+ #include <rpm/rpmpgp.h>		/* rpmDigestLength */
+@@ -34,39 +32,6 @@ static const char *hash_algo_name[] = {
+ 
+ #define ARRAY_SIZE(a)  (sizeof(a) / sizeof(a[0]))
+ 
+-char *get_fskpass(void)
+-{
+-    struct termios flags, tmp_flags;
+-    char *password, *pwd;
+-    int passlen = 64;
+-
+-    password = malloc(passlen);
+-    if (!password) {
+-	perror("malloc");
+-	return NULL;
+-    }
+-
+-    tcgetattr(fileno(stdin), &flags);
+-    tmp_flags = flags;
+-    tmp_flags.c_lflag &= ~ECHO;
+-    tmp_flags.c_lflag |= ECHONL;
+-
+-    if (tcsetattr(fileno(stdin), TCSANOW, &tmp_flags) != 0) {
+-	perror("tcsetattr");
+-	return NULL;
+-    }
+-
+-    printf("PEM password: ");
+-    pwd = fgets(password, passlen, stdin);
+-    pwd[strlen(pwd) - 1] = '\0';  /* remove newline */
+-
+-    if (tcsetattr(fileno(stdin), TCSANOW, &flags) != 0) {
+-	perror("tcsetattr");
+-	return NULL;
+-    }
+-    return pwd;
+-}
+-
+ static char *signFile(const char *algo, const char *fdigest, int diglen,
+ const char *key, char *keypass)
+ {
+diff --git a/lib/rpmsignfiles.h b/lib/rpmsignfiles.h
+index 52e2482a9..70ed69412 100644
+--- a/lib/rpmsignfiles.h
++++ b/lib/rpmsignfiles.h
+@@ -14,8 +14,6 @@ extern "C" {
+  */
+ rpmRC rpmSignFiles(Header h, const char *key, char *keypass);
+ 
+-char *get_fskpass(void); /* get file signing key password */
+-
+ #ifdef _cplusplus
+ }
+ #endif
+diff --git a/rpmsign.c b/rpmsign.c
+index 66ab8e5eb..6cd63d872 100644
+--- a/rpmsign.c
++++ b/rpmsign.c
+@@ -1,12 +1,12 @@
+ #include "system.h"
+ #include <errno.h>
+ #include <sys/wait.h>
++#include <termios.h>
+ 
+ #include <popt.h>
+ #include <rpm/rpmcli.h>
+ #include <rpm/rpmsign.h>
+ #include "cliutils.h"
+-#include "lib/rpmsignfiles.h"
+ #include "debug.h"
+ 
+ #if !defined(__GLIBC__) && !defined(__APPLE__)
+@@ -56,6 +56,41 @@ static struct poptOption optionsTable[] = {
+     POPT_TABLEEND
+ };
+ 
++#ifdef WITH_IMAEVM
++static char *get_fskpass(void)
++{
++    struct termios flags, tmp_flags;
++    char *password, *pwd;
++    int passlen = 64;
++
++    password = malloc(passlen);
++    if (!password) {
++	perror("malloc");
++	return NULL;
++    }
++
++    tcgetattr(fileno(stdin), &flags);
++    tmp_flags = flags;
++    tmp_flags.c_lflag &= ~ECHO;
++    tmp_flags.c_lflag |= ECHONL;
++
++    if (tcsetattr(fileno(stdin), TCSANOW, &tmp_flags) != 0) {
++	perror("tcsetattr");
++	return NULL;
++    }
++
++    printf("PEM password: ");
++    pwd = fgets(password, passlen, stdin);
++    pwd[strlen(pwd) - 1] = '\0';  /* remove newline */
++
++    if (tcsetattr(fileno(stdin), TCSANOW, &flags) != 0) {
++	perror("tcsetattr");
++	return NULL;
++    }
++    return pwd;
++}
++#endif
++
+ /* TODO: permit overriding macro setup on the command line */
+ static int doSign(poptContext optCon, struct rpmSignArgs *sargs)
+ {
+-- 
+2.11.0
+

meta-integrity/recipes-devtools/rpm/rpm/0005-Dont-advertise-file-signing-features-if-support-not-.patch

@@ -0,0 +1,87 @@
+From a77d2d3476919fdbcba9baf0dd44c98db1620360 Mon Sep 17 00:00:00 2001
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Thu, 8 Jun 2017 17:36:28 +0300
+Subject: [PATCH] Dont advertise file signing features if support not built in
+
+ifdef the whole thing out when not enabled, instead of blurting out
+obscure error messages. A few to many ifdefs for my taste but
+that's a topic for another day...
+---
+ rpmsign.c | 12 ++++++++----
+ 1 file changed, 8 insertions(+), 4 deletions(-)
+
+diff --git a/rpmsign.c b/rpmsign.c
+index 6cd63d872..dce342af0 100644
+--- a/rpmsign.c
++++ b/rpmsign.c
+@@ -22,9 +22,11 @@ enum modes {
+ 
+ static int mode = MODE_NONE;
+ 
++#ifdef WITH_IMAEVM
+ static int signfiles = 0, fskpass = 0;
+ static char * fileSigningKey = NULL;
+ static char * fileSigningKeyPassword = NULL;
++#endif
+ 
+ static struct rpmSignArgs sargs = {NULL, 0, 0};
+ 
+@@ -35,6 +37,7 @@ static struct poptOption signOptsTable[] = {
+ 	N_("sign package(s) (identical to --addsign)"), NULL },
+     { "delsign", '\0', (POPT_ARG_VAL|POPT_ARGFLAG_OR), &mode, MODE_DELSIGN,
+ 	N_("delete package signatures"), NULL },
++#ifdef WITH_IMAEVM
+     { "signfiles", '\0', POPT_ARG_NONE, &signfiles, 0,
+ 	N_("sign package(s) files"), NULL},
+     { "fskpath", '\0', POPT_ARG_STRING, &fileSigningKey, 0,
+@@ -42,6 +45,7 @@ static struct poptOption signOptsTable[] = {
+ 	N_("<key>") },
+     { "fskpass", '\0', POPT_ARG_NONE, &fskpass, 0,
+ 	N_("prompt for file signing key password"), NULL},
++#endif
+     POPT_TABLEEND
+ };
+ 
+@@ -103,6 +107,7 @@ static int doSign(poptContext optCon, struct rpmSignArgs *sargs)
+ 	goto exit;
+     }
+ 
++#ifdef WITH_IMAEVM
+     if (fileSigningKey) {
+ 	rpmPushMacro(NULL, "_file_signing_key", NULL, fileSigningKey, RMIL_GLOBAL);
+     }
+@@ -115,11 +120,7 @@ static int doSign(poptContext optCon, struct rpmSignArgs *sargs)
+ 	}
+ 
+ 	if (fskpass) {
+-#ifndef WITH_IMAEVM
+-	    argerror(_("--fskpass may only be specified when signing files"));
+-#else
+ 	    fileSigningKeyPassword = get_fskpass();
+-#endif
+ 	}
+ 
+ 	rpmPushMacro(NULL, "_file_signing_key_password", NULL,
+@@ -131,6 +132,7 @@ static int doSign(poptContext optCon, struct rpmSignArgs *sargs)
+ 
+ 	sargs->signfiles = 1;
+     }
++#endif
+ 
+     const char *arg;
+     rc = 0;
+@@ -163,9 +165,11 @@ int main(int argc, char *argv[])
+ 	argerror(_("no arguments given"));
+     }
+ 
++#ifdef WITH_IMAEVM
+     if (fileSigningKey && !signfiles) {
+ 	argerror(_("--fskpath may only be specified when signing files"));
+     }
++#endif
+ 
+     switch (mode) {
+     case MODE_ADDSIGN:
+-- 
+2.11.0
+

meta-integrity/recipes-devtools/rpm/rpm/0006-Remove-bunch-of-redundant-environ-declarations.patch

@@ -0,0 +1,85 @@
+From 8fae14f4dfc655dabd3de11be4d7e9b7c1cb6898 Mon Sep 17 00:00:00 2001
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Fri, 9 Jun 2017 11:37:03 +0300
+Subject: [PATCH] Remove bunch of redundant environ declarations
+
+rpmsign.c used to actually use "environ" to pass to execve(), but
+that call moved to librpmsign a long, long time ago. rpmdb.c and
+rpmkeys.c never used it at all but guess it was copy-paste inherited
+from rpmsign.c back in the day (dfbaa77152ccf98524c4f27afe85d32e6f690522)
+
+rpmgensig.c actually refers to environ, but this is a POSIX required
+variable and while Apple has managed to screw it up, it's handled
+in system.h and that must be sufficient for all relevant systems
+as we also refer to environ in rpmfileutil.c open_dso() and there's
+no fake environ definition there. So drop the one in rpmgensig.c too.
+---
+ rpmdb.c          | 4 ----
+ rpmkeys.c        | 4 ----
+ rpmsign.c        | 4 ----
+ sign/rpmgensig.c | 4 ----
+ 4 files changed, 16 deletions(-)
+
+diff --git a/rpmdb.c b/rpmdb.c
+index 67630d00c..25c088da9 100644
+--- a/rpmdb.c
++++ b/rpmdb.c
+@@ -6,10 +6,6 @@
+ #include "cliutils.h"
+ #include "debug.h"
+ 
+-#if !defined(__GLIBC__) && !defined(__APPLE__)
+-char ** environ = NULL;
+-#endif
+-
+ enum modes {
+     MODE_INITDB		= (1 << 0),
+     MODE_REBUILDDB	= (1 << 1),
+diff --git a/rpmkeys.c b/rpmkeys.c
+index 0ecc65ed1..2b60a729e 100644
+--- a/rpmkeys.c
++++ b/rpmkeys.c
+@@ -5,10 +5,6 @@
+ #include "cliutils.h"
+ #include "debug.h"
+ 
+-#if !defined(__GLIBC__) && !defined(__APPLE__)
+-char ** environ = NULL;
+-#endif
+-
+ enum modes {
+     MODE_CHECKSIG	= (1 << 0),
+     MODE_IMPORTKEY	= (1 << 1),
+diff --git a/rpmsign.c b/rpmsign.c
+index dce342af0..04738c052 100644
+--- a/rpmsign.c
++++ b/rpmsign.c
+@@ -9,10 +9,6 @@
+ #include "cliutils.h"
+ #include "debug.h"
+ 
+-#if !defined(__GLIBC__) && !defined(__APPLE__)
+-char ** environ = NULL;
+-#endif
+-
+ enum modes {
+     MODE_NONE    = 0,
+     MODE_ADDSIGN = (1 << 0),
+diff --git a/sign/rpmgensig.c b/sign/rpmgensig.c
+index 141ad1530..5c04e9218 100644
+--- a/sign/rpmgensig.c
++++ b/sign/rpmgensig.c
+@@ -25,10 +25,6 @@
+ 
+ #include "debug.h"
+ 
+-#if !defined(__GLIBC__) && !defined(__APPLE__)
+-char ** environ = NULL;
+-#endif
+-
+ typedef struct sigTarget_s {
+     FD_t fd;
+     const char *fileName;
+-- 
+2.11.0
+

meta-integrity/recipes-devtools/rpm/rpm/0007-Dont-push-NULL-bodied-macros-in-case-of-get_fskpass-.patch

@@ -0,0 +1,43 @@
+From 5a6acd24a55d31a7c7e68dc4e46149598f1699a4 Mon Sep 17 00:00:00 2001
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Fri, 9 Jun 2017 12:33:23 +0300
+Subject: [PATCH] Dont push NULL-bodied macros (in case of get_fskpass()
+ failure)
+
+---
+ rpmsign.c        | 4 ++--
+ sign/rpmgensig.c | 2 +-
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/rpmsign.c b/rpmsign.c
+index 04738c052..578079a4d 100644
+--- a/rpmsign.c
++++ b/rpmsign.c
+@@ -119,9 +119,9 @@ static int doSign(poptContext optCon, struct rpmSignArgs *sargs)
+ 	    fileSigningKeyPassword = get_fskpass();
+ 	}
+ 
+-	rpmPushMacro(NULL, "_file_signing_key_password", NULL,
+-	    fileSigningKeyPassword, RMIL_CMDLINE);
+ 	if (fileSigningKeyPassword) {
++	    rpmPushMacro(NULL, "_file_signing_key_password", NULL,
++			fileSigningKeyPassword, RMIL_CMDLINE);
+ 	    memset(fileSigningKeyPassword, 0, strlen(fileSigningKeyPassword));
+ 	    free(fileSigningKeyPassword);
+ 	}
+diff --git a/sign/rpmgensig.c b/sign/rpmgensig.c
+index 5c04e9218..073136364 100644
+--- a/sign/rpmgensig.c
++++ b/sign/rpmgensig.c
+@@ -538,7 +538,7 @@ static rpmRC includeFileSignatures(FD_t fd, const char *rpm,
+ 
+     key = rpmExpand("%{?_file_signing_key}", NULL);
+ 
+-    keypass = rpmExpand("%{_file_signing_key_password}", NULL);
++    keypass = rpmExpand("%{?_file_signing_key_password}", NULL);
+     if (rstreq(keypass, "")) {
+ 	free(keypass);
+ 	keypass = NULL;
+-- 
+2.11.0
+

meta-integrity/recipes-devtools/rpm/rpm/0008-Move-key-password-helper-variables-to-local-scope.patch

@@ -0,0 +1,58 @@
+From 46eadbf33d06a0a97be0845afe09873acb44af3c Mon Sep 17 00:00:00 2001
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Fri, 9 Jun 2017 12:35:43 +0300
+Subject: [PATCH] Move key/password helper variables to local scope
+
+---
+ rpmsign.c | 7 +++----
+ 1 file changed, 3 insertions(+), 4 deletions(-)
+
+diff --git a/rpmsign.c b/rpmsign.c
+index 578079a4d..35c5ee966 100644
+--- a/rpmsign.c
++++ b/rpmsign.c
+@@ -21,7 +21,6 @@ static int mode = MODE_NONE;
+ #ifdef WITH_IMAEVM
+ static int signfiles = 0, fskpass = 0;
+ static char * fileSigningKey = NULL;
+-static char * fileSigningKeyPassword = NULL;
+ #endif
+ 
+ static struct rpmSignArgs sargs = {NULL, 0, 0};
+@@ -96,7 +95,6 @@ static int doSign(poptContext optCon, struct rpmSignArgs *sargs)
+ {
+     int rc = EXIT_FAILURE;
+     char * name = rpmExpand("%{?_gpg_name}", NULL);
+-    char *key = NULL;
+ 
+     if (rstreq(name, "")) {
+ 	fprintf(stderr, _("You must set \"%%_gpg_name\" in your macro file\n"));
+@@ -109,7 +107,8 @@ static int doSign(poptContext optCon, struct rpmSignArgs *sargs)
+     }
+ 
+     if (signfiles) {
+-	key = rpmExpand("%{?_file_signing_key}", NULL);
++	char *fileSigningKeyPassword = NULL;
++	char *key = rpmExpand("%{?_file_signing_key}", NULL);
+ 	if (rstreq(key, "")) {
+ 	    fprintf(stderr, _("You must set \"%%_file_signing_key\" in your macro file or on the command line with --fskpath\n"));
+ 	    goto exit;
+@@ -127,6 +126,7 @@ static int doSign(poptContext optCon, struct rpmSignArgs *sargs)
+ 	}
+ 
+ 	sargs->signfiles = 1;
++	free(key);
+     }
+ #endif
+ 
+@@ -137,7 +137,6 @@ static int doSign(poptContext optCon, struct rpmSignArgs *sargs)
+     }
+ 
+ exit:
+-    free(key);
+     free(name);
+     return rc;
+ }
+-- 
+2.11.0
+

meta-integrity/recipes-devtools/rpm/rpm/0009-Use-rpm-memory-allocator-so-we-dont-need-to-check-fo.patch

@@ -0,0 +1,33 @@
+From 542f41a8bdc385ed849170565ac353956a47683a Mon Sep 17 00:00:00 2001
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Fri, 9 Jun 2017 12:45:21 +0300
+Subject: [PATCH] Use rpm memory allocator so we dont need to check for return
+
+---
+ rpmsign.c | 9 ++-------
+ 1 file changed, 2 insertions(+), 7 deletions(-)
+
+diff --git a/rpmsign.c b/rpmsign.c
+index 35c5ee966..a59f2dc1c 100644
+--- a/rpmsign.c
++++ b/rpmsign.c
+@@ -59,14 +59,9 @@ static struct poptOption optionsTable[] = {
+ static char *get_fskpass(void)
+ {
+     struct termios flags, tmp_flags;
+-    char *password, *pwd;
+     int passlen = 64;
+-
+-    password = malloc(passlen);
+-    if (!password) {
+-	perror("malloc");
+-	return NULL;
+-    }
++    char *password = xmalloc(passlen);
++    char *pwd;
+ 
+     tcgetattr(fileno(stdin), &flags);
+     tmp_flags = flags;
+-- 
+2.11.0
+

meta-integrity/recipes-devtools/rpm/rpm/0010-Fix-a-number-of-problems-in-get_fskpass.patch

@@ -0,0 +1,54 @@
+From 46c7bf438e5349676139dba0655faed3b2230827 Mon Sep 17 00:00:00 2001
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Fri, 9 Jun 2017 12:52:08 +0300
+Subject: [PATCH] Fix a number of problems in get_fskpass()
+
+Fix segfault in case of fgets() failure, fix memleak on password
+buffer on failure.
+---
+ rpmsign.c | 14 ++++++++++----
+ 1 file changed, 10 insertions(+), 4 deletions(-)
+
+diff --git a/rpmsign.c b/rpmsign.c
+index a59f2dc1c..ae86f666d 100644
+--- a/rpmsign.c
++++ b/rpmsign.c
+@@ -61,7 +61,7 @@ static char *get_fskpass(void)
+     struct termios flags, tmp_flags;
+     int passlen = 64;
+     char *password = xmalloc(passlen);
+-    char *pwd;
++    char *pwd = NULL;
+ 
+     tcgetattr(fileno(stdin), &flags);
+     tmp_flags = flags;
+@@ -70,17 +70,23 @@ static char *get_fskpass(void)
+ 
+     if (tcsetattr(fileno(stdin), TCSANOW, &tmp_flags) != 0) {
+ 	perror("tcsetattr");
+-	return NULL;
++	goto exit;
+     }
+ 
+     printf("PEM password: ");
+     pwd = fgets(password, passlen, stdin);
+-    pwd[strlen(pwd) - 1] = '\0';  /* remove newline */
+ 
+     if (tcsetattr(fileno(stdin), TCSANOW, &flags) != 0) {
+ 	perror("tcsetattr");
+-	return NULL;
++	pwd = NULL;
++	goto exit;
+     }
++
++exit:
++    if (pwd)
++	pwd[strlen(pwd) - 1] = '\0';  /* remove newline */
++    else
++	free(password);
+     return pwd;
+ }
+ #endif
+-- 
+2.11.0
+

meta-integrity/recipes-devtools/rpm/rpm/0011-Bump-file-digests-to-SHA256-by-default-finally.patch

@@ -0,0 +1,47 @@
+From 0cd74ade37d16d282d13e781deb68a219b2c04b9 Mon Sep 17 00:00:00 2001
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Wed, 8 Mar 2017 14:51:45 +0200
+Subject: [PATCH] Bump file digests to SHA256 by default, finally
+
+As a part of modernizing the crypto used by rpm, it's way past time
+to use a stronger algorithm for the file digests. The jump from MD5
+is not entirely smooth but at least Fedora and RHEL did that ages ago
+and survived, others should too. And of course you can always flip
+it back to MD5 if you really need to, for eg building packages for
+ancient distro versions.
+
+Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
+---
+ macros.in | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/macros.in b/macros.in
+index 72d4a51ed..49a3dab04 100644
+--- a/macros.in
++++ b/macros.in
+@@ -355,17 +355,17 @@ package or when debugging this package.\
+ 
+ #	Algorithm to use for generating file checksum digests on build.
+ #	If not specified or 0, MD5 is used.
+-#	WARNING: non-MD5 is backwards incompatible, don't enable lightly!
+-#	The supported algorithms may depend on NSS version, as of NSS
+-#	3.11.99.5 the following are supported:
++#	WARNING: non-MD5 is backwards incompatible with rpm < 4.6!
++#	The supported algorithms may depend on the underlying crypto
++#	implementation but generally at least the following are supported:
+ #	1	MD5 (default)
+ #	2	SHA1
+ #	8	SHA256
+ #	9	SHA384
+ #	10	SHA512
+ #
+-#%_source_filedigest_algorithm	1
+-#%_binary_filedigest_algorithm	1
++%_source_filedigest_algorithm	8
++%_binary_filedigest_algorithm	8
+ 
+ #	Configurable vendor information, same as Vendor: in a specfile.
+ #
+-- 
+2.11.0
+

meta-integrity/recipes-devtools/rpm/rpm_%.bbappend

@@ -0,0 +1,23 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/rpm:"
+
+SRC_URI += "\
+    file://0001-Pass-sign-arguments-to-signature-deletion-too.patch \
+    file://0002-Beat-some-sense-into-rpmsign-cli-parsing.patch \
+    file://0003-Fix-thinko-typo-in-file-signing-error-message.patch \
+    file://0004-Bury-get_fskpass-inside-rpmsign-utility.patch \
+    file://0005-Dont-advertise-file-signing-features-if-support-not-.patch \
+    file://0006-Remove-bunch-of-redundant-environ-declarations.patch \
+    file://0007-Dont-push-NULL-bodied-macros-in-case-of-get_fskpass-.patch \
+    file://0008-Move-key-password-helper-variables-to-local-scope.patch \
+    file://0009-Use-rpm-memory-allocator-so-we-dont-need-to-check-fo.patch \
+    file://0010-Fix-a-number-of-problems-in-get_fskpass.patch \
+    file://0011-Bump-file-digests-to-SHA256-by-default-finally.patch \
+"
+
+PACKAGECONFIG = "${@bb.utils.contains('DISTRO_FEATURES', 'ima', 'imaevm', '', d)}"
+PACKAGECONFIG[imaevm] = "--with-imaevm,,ima-evm-utils"
+
+# IMA signing support is provided by RPM plugin.
+EXTRA_OECONF_remove += "\
+    --disable-plugins \
+"