rpmRC rpmtsImportPubkey(const rpmts ts, const unsigned char * pkt, size_t pktlen)
{
Header h = NULL;
rpmRC rc = RPMRC_FAIL; /* assume failure */
rpmPubkey pubkey = NULL;
rpmVSFlags oflags = rpmtsVSFlags(ts);
rpmKeyring keyring;
rpmtxn txn = rpmtxnBegin(ts, RPMTXN_WRITE);
int krc;
if (txn == NULL)
return rc;
/* XXX keyring wont load if sigcheck disabled, force it temporarily */
rpmtsSetVSFlags(ts, (oflags & ~_RPMVSF_NOSIGNATURES));
keyring = rpmtsGetKeyring(ts, 1);
rpmtsSetVSFlags(ts, oflags);
if ((pubkey = rpmPubkeyNew(pkt, pktlen)) == NULL)
goto exit;
krc = rpmKeyringAddKey(keyring, pubkey);
if (krc < 0)
goto exit;
/* If we dont already have the key, make a persistent record of it */
if (krc == 0) {
rpm_tid_t tid = rpmtsGetTid(ts);
if (makePubkeyHeader(ts, pubkey, &h) != 0)
goto exit;
headerPutUint32(h, RPMTAG_INSTALLTIME, &tid, 1);
headerPutUint32(h, RPMTAG_INSTALLTID, &tid, 1);
/* Add header to database. */
if (!(rpmtsFlags(ts) & RPMTRANS_FLAG_TEST)) {
rc = rpmtsImportHeader(txn, h, 0);
}
}
rc = RPMRC_OK;
exit:
/* Clean up. */
headerFree(h);
rpmPubkeyFree(pubkey);
rpmKeyringFree(keyring);
rpmtxnEnd(txn);
return rc;
}
rpmPubkey rpmPubkeyRead(const char *filename)
{
uint8_t *pkt = NULL;
size_t pktlen;
rpmPubkey key = NULL;
if (pgpReadPkts(filename, &pkt, &pktlen) <= 0) {
goto exit;
}
key = rpmPubkeyNew(pkt, pktlen);
free(pkt);
exit:
return key;
}
rpmPubkey rpmPubkeyRead(const char *filename)
{
rpmuint8_t *pkt = NULL;
size_t pktlen;
rpmPubkey key = NULL;
/*@-globs@*/
if (pgpReadPkts(filename, &pkt, &pktlen) <= 0)
goto exit;
/*@=globs@*/
key = rpmPubkeyNew(pkt, pktlen);
pkt = _free(pkt);
exit:
return key;
}
static int loadKeyringFromDB(rpmts ts)
{
Header h;
rpmdbMatchIterator mi;
int nkeys = 0;
rpmlog(RPMLOG_DEBUG, "loading keyring from rpmdb\n");
mi = rpmtsInitIterator(ts, RPMDBI_NAME, "gpg-pubkey", 0);
while ((h = rpmdbNextIterator(mi)) != NULL) {
struct rpmtd_s pubkeys;
const char *key;
if (!headerGet(h, RPMTAG_PUBKEYS, &pubkeys, HEADERGET_MINMEM))
continue;
while ((key = rpmtdNextString(&pubkeys))) {
uint8_t *pkt;
size_t pktlen;
if (rpmBase64Decode(key, (void **) &pkt, &pktlen) == 0) {
rpmPubkey key = rpmPubkeyNew(pkt, pktlen);
if (rpmKeyringAddKey(ts->keyring, key) == 0) {
char *nvr = headerGetAsString(h, RPMTAG_NVR);
rpmlog(RPMLOG_DEBUG, "added key %s to keyring\n", nvr);
free(nvr);
nkeys++;
}
rpmPubkeyFree(key);
free(pkt);
}
}
rpmtdFreeData(&pubkeys);
}
rpmdbFreeIterator(mi);
return nkeys;
}
uint32_t
AddKeyToKeyRing(
const char* pszFile,
rpmKeyring pKeyring
)
{
uint32_t dwError = 0;
pgpArmor nArmor = PGPARMOR_NONE;
pgpDig pDig = NULL;
rpmPubkey pPubkey = NULL;
uint8_t* pPkt = NULL;
size_t nPktLen = 0;
char* pszKeyData = NULL;
if(IsNullOrEmptyString(pszFile) || !pKeyring)
{
dwError = ERROR_TDNF_INVALID_PARAMETER;
BAIL_ON_TDNF_ERROR(dwError);
}
dwError = ReadGPGKey(pszFile, &pszKeyData);
BAIL_ON_TDNF_ERROR(dwError);
nArmor = pgpParsePkts(pszKeyData, &pPkt, &nPktLen);
if(nArmor != PGPARMOR_PUBKEY)
{
dwError = ERROR_TDNF_INVALID_PUBKEY_FILE;
BAIL_ON_TDNF_ERROR(dwError);
}
pPubkey = rpmPubkeyNew (pPkt, nPktLen);
if(!pPubkey)
{
dwError = ERROR_TDNF_CREATE_PUBKEY_FAILED;
BAIL_ON_TDNF_ERROR(dwError);
}
pDig = rpmPubkeyDig(pPubkey);
if(!pDig)
{
dwError = ERROR_TDNF_CREATE_PUBKEY_FAILED;
BAIL_ON_TDNF_ERROR(dwError);
}
dwError = rpmKeyringLookup(pKeyring, pDig);
if(dwError == RPMRC_OK)
{
dwError = 0;//key exists
}
else
{
dwError = rpmKeyringAddKey(pKeyring, pPubkey);
if(dwError == 1)
{
dwError = 0;//Already added. ignore
}
BAIL_ON_TDNF_ERROR(dwError);
}
cleanup:
return dwError;
error:
TDNF_SAFE_FREE_MEMORY(pszKeyData);
if(pPubkey)
{
rpmPubkeyFree(pPubkey);
}
goto cleanup;
}
/**
* dnf_keyring_add_public_key:
* @keyring: a #rpmKeyring instance.
* @filename: The public key filename.
* @error: a #GError or %NULL.
*
* Adds a specific public key to the keyring.
*
* Returns: %TRUE for success, %FALSE otherwise
*
* Since: 0.1.0
**/
gboolean
dnf_keyring_add_public_key(rpmKeyring keyring,
const gchar *filename,
GError **error)
{
gboolean ret = TRUE;
gint rc;
gsize len;
pgpArmor armor;
pgpDig dig = NULL;
rpmPubkey pubkey = NULL;
uint8_t *pkt = NULL;
g_autofree gchar *data = NULL;
/* ignore symlinks and directories */
if (!g_file_test(filename, G_FILE_TEST_IS_REGULAR))
goto out;
if (g_file_test(filename, G_FILE_TEST_IS_SYMLINK))
goto out;
/* get data */
ret = g_file_get_contents(filename, &data, &len, error);
if (!ret)
goto out;
/* rip off the ASCII armor and parse it */
armor = pgpParsePkts(data, &pkt, &len);
if (armor < 0) {
ret = FALSE;
g_set_error(error,
DNF_ERROR,
DNF_ERROR_GPG_SIGNATURE_INVALID,
"failed to parse PKI file %s",
filename);
goto out;
}
/* make sure it's something we can add to rpm */
if (armor != PGPARMOR_PUBKEY) {
ret = FALSE;
g_set_error(error,
DNF_ERROR,
DNF_ERROR_GPG_SIGNATURE_INVALID,
"PKI file %s is not a public key",
filename);
goto out;
}
/* test each one */
pubkey = rpmPubkeyNew(pkt, len);
if (pubkey == NULL) {
ret = FALSE;
g_set_error(error,
DNF_ERROR,
DNF_ERROR_GPG_SIGNATURE_INVALID,
"failed to parse public key for %s",
filename);
goto out;
}
/* does the key exist in the keyring */
dig = rpmPubkeyDig(pubkey);
rc = rpmKeyringLookup(keyring, dig);
if (rc == RPMRC_OK) {
ret = TRUE;
g_debug("%s is already present", filename);
goto out;
}
/* add to rpmdb automatically, without a prompt */
rc = rpmKeyringAddKey(keyring, pubkey);
if (rc == 1) {
ret = TRUE;
g_debug("%s is already added", filename);
goto out;
} else if (rc < 0) {
ret = FALSE;
g_set_error(error,
DNF_ERROR,
DNF_ERROR_GPG_SIGNATURE_INVALID,
"failed to add public key %s to rpmdb",
filename);
goto out;
}
/* success */
g_debug("added missing public key %s to rpmdb", filename);
ret = TRUE;
out:
if (pkt != NULL)
free(pkt); /* yes, free() */
if (pubkey != NULL)
rpmPubkeyFree(pubkey);
if (dig != NULL)
pgpFreeDig(dig);
return ret;
}
