uint32_t VerifyRpmSig( rpmKeyring pKeyring, const char* pszPkgFile ) { uint32_t dwError = 0; FD_t pFD_t = NULL; rpmts pTS = NULL; rpmtd pTD = NULL; Header pPkgHeader = NULL; pgpDig pDigest = NULL; if(!pKeyring || IsNullOrEmptyString(pszPkgFile)) { dwError = ERROR_TDNF_INVALID_PARAMETER; BAIL_ON_TDNF_ERROR(dwError); } pFD_t = Fopen(pszPkgFile, "r.fdio"); if(!pFD_t) { dwError = errno; BAIL_ON_TDNF_SYSTEM_ERROR(dwError); } pTS = rpmtsCreate(); if(!pTS) { dwError = ERROR_TDNF_RPMTS_CREATE_FAILED; BAIL_ON_TDNF_RPM_ERROR(dwError); } rpmtsSetVSFlags (pTS, _RPMVSF_NOSIGNATURES); pTD = rpmtdNew(); if(!pTD) { dwError = ERROR_TDNF_RPMTD_CREATE_FAILED; BAIL_ON_TDNF_RPM_ERROR(dwError); } dwError = rpmReadPackageFile(pTS, pFD_t, pszPkgFile, &pPkgHeader); BAIL_ON_TDNF_RPM_ERROR(dwError); if(!headerConvert(pPkgHeader, HEADERCONV_RETROFIT_V3)) { dwError = ERROR_TDNF_RPM_HEADER_CONVERT_FAILED; BAIL_ON_TDNF_RPM_ERROR(dwError); } if(!headerGet(pPkgHeader, RPMTAG_RSAHEADER, pTD, HEADERGET_MINMEM)) { dwError = ERROR_TDNF_RPM_GET_RSAHEADER_FAILED; BAIL_ON_TDNF_ERROR(dwError); } pDigest = pgpNewDig(); if(pgpPrtPkts(pTD->data, pTD->count, pDigest, 0)) { dwError = ERROR_TDNF_RPM_GPG_PARSE_FAILED; BAIL_ON_TDNF_ERROR(dwError); } if(rpmKeyringLookup(pKeyring, pDigest) != RPMRC_OK) { dwError = ERROR_TDNF_RPM_GPG_NO_MATCH; BAIL_ON_TDNF_ERROR(dwError); } cleanup: if(pFD_t) { Fclose(pFD_t); } if(pDigest) { pgpFreeDig(pDigest); } if(pPkgHeader) { headerFree(pPkgHeader); } if(pTD) { rpmtdFree(pTD); } if(pTS) { rpmtsFree(pTS); } return dwError; error: goto cleanup; }
uint32_t TDNFTransAddInstallPkg( PTDNFRPMTS pTS, PTDNF pTdnf, HyPackage hPkg, int nUpgrade ) { uint32_t dwError = 0; int nGPGCheck = 0; char* pszRpmCacheDir = NULL; char* pszFilePath = NULL; const char* pszRepoName = NULL; char* pszHyName = NULL; Header rpmHeader = NULL; FD_t fp = NULL; char* pszDownloadCacheDir = NULL; char* pszUrlGPGKey = NULL; pszRepoName = hy_package_get_reponame(hPkg); pszHyName = hy_package_get_location(hPkg); pszRpmCacheDir = g_build_filename( G_DIR_SEPARATOR_S, pTdnf->pConf->pszCacheDir, pszRepoName, "rpms", G_DIR_SEPARATOR_S, NULL); pszFilePath = g_build_filename(pszRpmCacheDir, pszHyName, NULL); if(pTS->pCachedRpmsArray) { if(!g_array_append_val(pTS->pCachedRpmsArray, pszFilePath)) { dwError = ERROR_TDNF_OUT_OF_MEMORY; BAIL_ON_TDNF_ERROR(dwError); } } pszDownloadCacheDir = g_path_get_dirname(pszFilePath); if(!pszDownloadCacheDir) { dwError = ENOENT; BAIL_ON_TDNF_SYSTEM_ERROR(dwError); } if(access(pszDownloadCacheDir, F_OK)) { if(errno != ENOENT) { dwError = errno; } BAIL_ON_TDNF_SYSTEM_ERROR(dwError); dwError = TDNFUtilsMakeDirs(pszDownloadCacheDir); BAIL_ON_TDNF_ERROR(dwError); } if(access(pszFilePath, F_OK)) { if(errno != ENOENT) { dwError = errno; BAIL_ON_TDNF_SYSTEM_ERROR(dwError); } dwError = TDNFDownloadPackage(pTdnf, hPkg, pszDownloadCacheDir); BAIL_ON_TDNF_ERROR(dwError); } //A download could have been triggered. //So check access and bail if not available if(access(pszFilePath, F_OK)) { dwError = errno; BAIL_ON_TDNF_SYSTEM_ERROR(dwError); } //Check override, then repo config and launch //gpg check if needed dwError = TDNFGetGPGCheck(pTdnf, pszRepoName, &nGPGCheck, &pszUrlGPGKey); BAIL_ON_TDNF_ERROR(dwError); if(nGPGCheck) { dwError = TDNFGPGCheck(pTS->pKeyring, pszUrlGPGKey, pszFilePath); BAIL_ON_TDNF_ERROR(dwError); } fp = Fopen (pszFilePath, "r.ufdio"); if(!fp) { dwError = errno; BAIL_ON_TDNF_SYSTEM_ERROR(dwError); } dwError = rpmReadPackageFile( pTS->pTS, fp, pszFilePath, &rpmHeader); //If not checking gpg sigs, ignore signature errors if(!nGPGCheck && (dwError == RPMRC_NOTTRUSTED || dwError == RPMRC_NOKEY)) { dwError = 0; } BAIL_ON_TDNF_RPM_ERROR(dwError); dwError = rpmtsAddInstallElement( pTS->pTS, rpmHeader, (fnpyKey)pszFilePath, nUpgrade, NULL); BAIL_ON_TDNF_RPM_ERROR(dwError); cleanup: TDNF_SAFE_FREE_MEMORY(pszUrlGPGKey); if(pszHyName) { hy_free(pszHyName); } if(pszDownloadCacheDir) { g_free(pszDownloadCacheDir); } if(pszRpmCacheDir) { g_free(pszRpmCacheDir); } if(fp) { Fclose(fp); } if(rpmHeader) { headerFree(rpmHeader); } return dwError; error: goto cleanup; }