integ/base/rpm/patches/0001-sign-files-only.patch

diff --git a/rpmsign.c b/rpmsign.c
index ae86f66..8855e01 100644
--- a/rpmsign.c
+++ b/rpmsign.c
@@ -19,7 +19,7 @@ enum modes {
 static int mode = MODE_NONE;
 
 #ifdef WITH_IMAEVM
-static int signfiles = 0, fskpass = 0;
+static int signfiles = 0, fskpass = 0, signpkg=0;
 static char * fileSigningKey = NULL;
 #endif
 
@@ -97,9 +97,11 @@ static int doSign(poptContext optCon, struct rpmSignArgs *sargs)
     int rc = EXIT_FAILURE;
     char * name = rpmExpand("%{?_gpg_name}", NULL);
 
-    if (rstreq(name, "")) {
-	fprintf(stderr, _("You must set \"%%_gpg_name\" in your macro file\n"));
-	goto exit;
+    if (signpkg) {
+	if (rstreq(name, "")) {
+	    fprintf(stderr, _("You must set \"%%_gpg_name\" in your macro file\n"));
+	    goto exit;
+	}
     }
 
 #ifdef WITH_IMAEVM
@@ -179,7 +181,11 @@ int main(int argc, char *argv[])
 	}
 	break;
     case MODE_NONE:
-	printUsage(optCon, stderr, 0);
+	if (signfiles) {
+	    ec = doSign(optCon, &sargs);
+	} else {
+	    printUsage(optCon, stderr, 0);
+	}
 	break;
     default:
 	argerror(_("only one major mode may be specified"));
diff --git a/sign/rpmgensig.c b/sign/rpmgensig.c
index d29c178..66168d2 100644
--- a/sign/rpmgensig.c
+++ b/sign/rpmgensig.c
@@ -507,7 +507,9 @@ static rpmRC replaceSigDigests(FD_t fd, const char *rpm, Header *sigp,
 	goto exit;
     }
 
+/*
     headerFree(*sigp);
+*/
     rc = rpmReadSignature(fd, sigp, NULL);
     if (rc != RPMRC_OK) {
 	rpmlog(RPMLOG_ERR, _("rpmReadSignature failed\n"));
@@ -519,6 +521,15 @@ exit:
 }
 #endif
 
+static void *nullDigest(int algo, int ascii)
+{
+    void *d = NULL;
+    DIGEST_CTX ctx = rpmDigestInit(algo, 0);
+    rpmDigestFinal(ctx, &d, NULL, ascii);
+    return d;
+}
+
+
 static rpmRC includeFileSignatures(FD_t fd, const char *rpm,
 				   Header *sigp, Header *hdrp,
 				   off_t sigStart, off_t headerStart)
@@ -572,6 +583,27 @@ static rpmRC includeFileSignatures(FD_t fd, const char *rpm,
 	goto exit;
     }
 
+    /* Generate and write a placeholder signature header */
+    if (Fseek(fd, sigStart, SEEK_SET) < 0) {
+	rc = RPMRC_FAIL;
+	rpmlog(RPMLOG_ERR, _("Could not seek in file %s: %s\n"),
+		rpm, Fstrerror(fd));
+	goto exit;
+    }
+    SHA1 = nullDigest(PGPHASHALGO_SHA1, 1);
+    SHA256 = nullDigest(PGPHASHALGO_SHA256, 1);
+    MD5 = nullDigest(PGPHASHALGO_MD5, 0);
+    replaceSigDigests(fd, rpm, sigp, sigStart, sigTargetSize, SHA256, SHA1, MD5);
+    SHA1 = _free(SHA1);
+    SHA256 = _free(SHA256);
+    MD5 = _free(MD5);
+    SHA1 = NULL;
+    SHA256 = NULL;
+    MD5 = NULL;
+
+    /* get new header start */
+    headerStart = Ftell(fd);
+
     if (Fseek(fd, headerStart, SEEK_SET) < 0) {
 	rc = RPMRC_FAIL;
 	rpmlog(RPMLOG_ERR, _("Could not seek in file %s: %s\n"),
@@ -590,9 +622,12 @@ static rpmRC includeFileSignatures(FD_t fd, const char *rpm,
 	rpmlog(RPMLOG_ERR, _("headerWrite failed\n"));
 	goto exit;
     }
+
     fdFiniDigest(fd, RPMSIGTAG_SHA1, (void **)&SHA1, NULL, 1);
     /* Only add SHA256 if it was there to begin with */
+/*
     if (headerIsEntry(*sigp, RPMSIGTAG_SHA256))
+*/
 	fdFiniDigest(fd, RPMSIGTAG_SHA256, (void **)&SHA256, NULL, 1);
 
     /* Copy archive from temp file */
@@ -621,8 +656,10 @@ static rpmRC includeFileSignatures(FD_t fd, const char *rpm,
 	rpmlog(RPMLOG_WARNING,
 	       _("%s already contains identical file signatures\n"),
 	       rpm);
-    else
+    else {
 	replaceSigDigests(fd, rpm, sigp, sigStart, sigTargetSize, SHA256, SHA1, MD5);
+	rc = headerWrite(fd, *hdrp, HEADER_MAGIC_YES);
+    }
 
 exit:
     free(trpm);
@@ -697,6 +734,22 @@ static int rpmSign(const char *rpm, int deleting, int signfiles)
 
     if (signfiles) {
 	includeFileSignatures(fd, rpm, &sigh, &h, sigStart, headerStart);
+
+	if (Fseek(fd, sigStart, SEEK_SET) < 0) {
+	    rpmlog(RPMLOG_ERR, _("Could not seek in file %s: %s\n"),
+		    rpm, Fstrerror(fd));
+	    goto exit;
+	}
+
+    rc = rpmReadSignature(fd, &sigh, &msg);
+    if (rc != RPMRC_OK) {
+        rpmlog(RPMLOG_ERR, _("%s: rpmReadSignature failed: %s"), rpm,
+                    (msg && *msg ? msg : "\n"));
+        goto exit;
+    }
+
+    headerStart = Ftell(fd);
+
     }
 
     unloadImmutableRegion(&sigh, RPMTAG_HEADERSIGNATURES);
@@ -730,6 +783,7 @@ static int rpmSign(const char *rpm, int deleting, int signfiles)
     }
 
     /* Try to make new signature smaller to have size of original signature */
+/*
     rpmtdReset(&utd);
     if (headerGet(sigh, RPMSIGTAG_RESERVEDSPACE, &utd, HEADERGET_MINMEM)) {
 	int diff;
@@ -752,6 +806,7 @@ static int rpmSign(const char *rpm, int deleting, int signfiles)
 	    insSig = 1;
 	}
     }
+*/
 
     /* Reallocate the signature into one contiguous region. */
     sigh = headerReload(sigh, RPMTAG_HEADERSIGNATURES);
@@ -794,12 +849,12 @@ static int rpmSign(const char *rpm, int deleting, int signfiles)
 		Fstrerror(ofd));
 	    goto exit;
 	}
-
 	if (Fseek(fd, headerStart, SEEK_SET) < 0) {
 	    rpmlog(RPMLOG_ERR, _("Could not seek in file %s: %s\n"),
 		    rpm, Fstrerror(fd));
 	    goto exit;
 	}
+
 	/* Append the header and archive from the temp file */
 	if (copyFile(&fd, rpm, &ofd, trpm) == 0) {
 	    struct stat st;
@@ -848,7 +903,7 @@ int rpmPkgSign(const char *path, const struct rpmSignArgs * args)
 	}
     }
 
-    rc = rpmSign(path, 0, args ? args->signfiles : 0);
+    rc = rpmSign(path, args ? args->signfiles : 0, args ? args->signfiles : 0);
 
     if (args) {
 	if (args->hashalgo) {
diff --git a/sign/rpmsignfiles.c b/sign/rpmsignfiles.c
index 61b73bd..d6c593d 100644
--- a/sign/rpmsignfiles.c
+++ b/sign/rpmsignfiles.c
@@ -126,10 +126,15 @@ rpmRC rpmSignFiles(Header h, const char *key, char *keypass)
 	    rc = RPMRC_FAIL;
 	    goto exit;
 	}
+/* 
 	free(signature);
+*/
+
     }
 
 exit:
+/*
     rpmtdFreeData(&digests);
+*/
     return rc;
 }