Initial debdb implementation.

[stridge-cruxml]

This allows fapolicyd to read the md5 hashes from dpkg as a trust source. Add a deb_test binary to run the backend standalone for debugging.

Fixes #218

The approach used is to look at the md5 hashes from dpkg, verify they match then compute the sha256sum on the files again. This means fapolicyd is still using sha256 internally/everywhere else.

Unfortunately this means when running with debdb backend, this is only going to be secured with md5 which is still better than nothing.

This is still a WIP. See the TODOs.

[stridge-cruxml]

Built with:

./configure --with-audit --disable-shared --without-rpm --prefix=/usr --with-deb

[stevegrubb]

Thanks for the patch. I'll try to look at it soon.

[stevegrubb]

OK, had a chance to look it over. Overall it's in pretty good shape. Matches the project's coding style. But I do have a couple minor suggestions.

1. In add_file_to_backend(), I'd suggest reversing the order and check the MD5 first so that if there is a mismatch, we don't waste time on a sha256. (This also cleans up freeing sha_digest on error paths.)
2. There are a couple error paths in the same function that leak fd. It needs to be closed before returning.
3. In rpm_load_list, we drop documentation, symlinks, and config files. (I don't know if dpkg has metadata for initial screening or not.) After this initial sniff based on rpm metadata, we call filter_check() to drop pdfs, jpgs, etc. We do not want to pollute the database with junk that will not be executed. Dropping unneeded files helps the lookup time of the trust db and reduces the memory footprint. You can probably call the same function to test if the file should be dropped.

That's it. Clean those up and we can merge it.

[stevegrubb]

@stridge-cruxml were you going to update the patch or shall we clean it up? Thanks again for the contribution.

[stridge-cruxml]

@stevegrubb sorry i missed your feedback! I am unable to work on this in the next month, but I do need this functionality in the next 3 months and I will work on it more if it is still needed then. You are more than welcome to take over though!

I don't know if dpkg has metadata for initial screening or not.

I have had a look and as far as I can tell it does not. I agree it is inefficient and should be improved. filter_check() is a good start though and should be easy enough to implement.

For your other comments, I will fix them when I get a chance (unless you have already done it).

[stevegrubb]

I am going to merge this and start fixing it. Looks like Fedora has a dpkg-devel which might be usable to at least check the compilation.

[stevegrubb]

It seems that libdpkg links against MD5Init, MD5Update, and MD5Final. I don't think they are in openssl. Wonder what library provides that? Would it be libbsd?

Also, it now complains of multiple definitions of the symbol "debug". Looking with readelf, it sure looks like libdpkg indeed has a global function named "debug". That really should be name spaced to not collide with user programs.

[stevegrubb]

Actually, it seems to be libmd. (Added detection to configure.ac) Only have the multiple definitions of debug left to fix and it's ready for testing.