Pin::Pin() {
gpg_error_t res;
pid_t pid;
int flags;
const char *argv[2];
gpg_err_init();
res = assuan_new (&ctx);
if(res)
throw runtime_error(strprintf("pinentry initialisation: %s", gpg_strerror(res)));
assuan_set_assuan_log_prefix("Pin: ");
// needed esp. for ncurses
lang = strprintf("OPTION lc-ctype=%s",getenv("LANG"));
tty = strprintf("OPTION ttyname=%s",getenv("TTY"));
flags = 0x0;
argv[0] = "bitcoind"; // fake argv
argv[1] = NULL;
res = assuan_pipe_connect (ctx, SECURE_EXEC_PATH"/pinentry",
argv, NULL, NULL, NULL, flags);
if(res)
throw runtime_error(strprintf("pinentry pipe forking: %s", gpg_strerror(res)));
pid = assuan_get_pid(ctx);
if(pid == ASSUAN_INVALID_PID)
throw runtime_error(strprintf("pinentry not running: %s", gpg_strerror(res)));
cmd(tty.c_str());
cmd(lang.c_str());
}
int
main (int argc, char *argv[])
{
int i = 1;
int listmode = 0;
const char *source_sym;
const char *error_sym;
gpg_error_t err;
#ifndef GPG_ERR_INITIALIZED
gpg_err_init ();
#endif
i18n_init ();
if (argc == 1)
{
fprintf (stderr, _("Usage: %s GPG-ERROR [...]\n"),
strrchr (argv[0],'/')? (strrchr (argv[0], '/')+1): argv[0]);
exit (1);
}
else if (argc == 2 && !strcmp (argv[1], "--version"))
{
fputs ("gpg-error (" PACKAGE_NAME ") " PACKAGE_VERSION "\n", stdout);
exit (0);
}
else if (argc == 2 && !strcmp (argv[1], "--list"))
{
listmode = 1;
}
if (listmode)
{
for (i=0; i < GPG_ERR_SOURCE_DIM; i++)
{
/* We use error code 1 because gpg_err_make requires a
non-zero error code. */
err = gpg_err_make (i, 1);
err -= 1;
source_sym = gpg_strsource_sym (err);
if (source_sym)
printf ("%u = (%u, -) = (%s, -) = (%s, -)\n",
err, gpg_err_source (err),
source_sym, gpg_strsource (err));
}
for (i=0; i < GPG_ERR_CODE_DIM; i++)
{
err = gpg_err_make (GPG_ERR_SOURCE_UNKNOWN, i);
error_sym = gpg_strerror_sym (err);
if (error_sym)
printf ("%u = (-, %u) = (-, %s) = (-, %s)\n",
err, gpg_err_code (err),
error_sym, gpg_strerror (err));
}
i = argc; /* Don't run the usual stuff. */
}
while (i < argc)
{
if (get_err_from_number (argv[i], &err)
|| get_err_from_symbol (argv[i], &err)
|| get_err_from_str (argv[i], &err))
{
source_sym = gpg_strsource_sym (err);
error_sym = gpg_strerror_sym (err);
printf ("%u = (%u, %u) = (%s, %s) = (%s, %s)\n",
err, gpg_err_source (err), gpg_err_code (err),
source_sym ? source_sym : "-", error_sym ? error_sym : "-",
gpg_strsource (err), gpg_strerror (err));
}
else
fprintf (stderr, _("%s: warning: could not recognize %s\n"),
argv[0], argv[i]);
i++;
}
exit (0);
}
gboolean
zif_utils_gpg_verify (const gchar *filename,
const gchar *filename_gpg,
GError **error)
{
gboolean ret = FALSE;
gpgme_ctx_t ctx = NULL;
gpgme_data_t repomd_gpg = NULL;
gpgme_data_t repomd = NULL;
gpgme_error_t rc;
gpgme_signature_t s;
gpgme_verify_result_t result;
/* check version */
gpgme_check_version (NULL);
/* startup gpgme */
rc = gpg_err_init ();
if (rc != GPG_ERR_NO_ERROR) {
g_set_error (error,
ZIF_UTILS_ERROR,
ZIF_UTILS_ERROR_FAILED,
"failed to startup GPG: %s",
gpgme_strerror (rc));
goto out;
}
/* create a new GPG context */
rc = gpgme_new (&ctx);
if (rc != GPG_ERR_NO_ERROR) {
g_set_error (error,
ZIF_UTILS_ERROR,
ZIF_UTILS_ERROR_FAILED,
"failed to create context: %s",
gpgme_strerror (rc));
goto out;
}
/* set the protocol */
rc = gpgme_set_protocol (ctx, GPGME_PROTOCOL_OpenPGP);
if (rc != GPG_ERR_NO_ERROR) {
g_set_error (error,
ZIF_UTILS_ERROR,
ZIF_UTILS_ERROR_FAILED,
"failed to set protocol: %s",
gpgme_strerror (rc));
goto out;
}
/* enable armor mode */
gpgme_set_armor (ctx, TRUE);
/* load file */
rc = gpgme_data_new_from_file (&repomd, filename, 1);
if (rc != GPG_ERR_NO_ERROR) {
g_set_error (error,
ZIF_UTILS_ERROR,
ZIF_UTILS_ERROR_FAILED,
"failed to load repomd: %s",
gpgme_strerror (rc));
goto out;
}
/* load signature */
rc = gpgme_data_new_from_file (&repomd_gpg, filename_gpg, 1);
if (rc != GPG_ERR_NO_ERROR) {
g_set_error (error,
ZIF_UTILS_ERROR,
ZIF_UTILS_ERROR_FAILED,
"failed to load repomd.asc: %s",
gpgme_strerror (rc));
goto out;
}
/* verify the repodata.xml */
g_debug ("verifying %s with %s", filename, filename_gpg);
rc = gpgme_op_verify (ctx, repomd_gpg, repomd, NULL);
if (rc != GPG_ERR_NO_ERROR) {
g_set_error (error,
ZIF_UTILS_ERROR,
ZIF_UTILS_ERROR_FAILED,
"failed to verify: %s",
gpgme_strerror (rc));
goto out;
}
/* verify the result */
result = gpgme_op_verify_result (ctx);
if (result == NULL) {
g_set_error_literal (error,
ZIF_UTILS_ERROR,
ZIF_UTILS_ERROR_FAILED,
"no result record from libgpgme");
goto out;
}
/* look at each signature */
for (s = result->signatures; s != NULL ; s = s->next ) {
ret = zif_utils_gpg_check_signature (s, error);
if (!ret)
goto out;
}
/* success */
ret = TRUE;
out:
if (ctx != NULL)
gpgme_release (ctx);
gpgme_data_release (repomd_gpg);
gpgme_data_release (repomd);
return ret;
}
static gboolean
fu_keyring_setup (FuKeyring *keyring, GError **error)
{
FuKeyringPrivate *priv = GET_PRIVATE (keyring);
gpgme_error_t rc;
g_autofree gchar *gpg_home = NULL;
g_return_val_if_fail (FU_IS_KEYRING (keyring), FALSE);
if (priv->ctx != NULL)
return TRUE;
/* check version */
gpgme_check_version (NULL);
/* startup gpgme */
rc = gpg_err_init ();
if (rc != GPG_ERR_NO_ERROR) {
g_set_error (error,
FWUPD_ERROR,
FWUPD_ERROR_INTERNAL,
"failed to startup GPG: %s",
gpgme_strerror (rc));
return FALSE;
}
/* create a new GPG context */
rc = gpgme_new (&priv->ctx);
if (rc != GPG_ERR_NO_ERROR) {
g_set_error (error,
FWUPD_ERROR,
FWUPD_ERROR_INTERNAL,
"failed to create context: %s",
gpgme_strerror (rc));
return FALSE;
}
/* set the protocol */
rc = gpgme_set_protocol (priv->ctx, GPGME_PROTOCOL_OpenPGP);
if (rc != GPG_ERR_NO_ERROR) {
g_set_error (error,
FWUPD_ERROR,
FWUPD_ERROR_INTERNAL,
"failed to set protocol: %s",
gpgme_strerror (rc));
return FALSE;
}
/* set a custom home directory */
gpg_home = g_build_filename (LOCALSTATEDIR,
"lib",
PACKAGE_NAME,
"gnupg",
NULL);
if (g_mkdir_with_parents (gpg_home, 0700) < 0) {
g_set_error (error,
FWUPD_ERROR,
FWUPD_ERROR_INTERNAL,
"failed to create %s",
gpg_home);
return FALSE;
}
g_debug ("Using keyring at %s", gpg_home);
rc = gpgme_ctx_set_engine_info (priv->ctx,
GPGME_PROTOCOL_OpenPGP,
NULL,
gpg_home);
if (rc != GPG_ERR_NO_ERROR) {
g_set_error (error,
FWUPD_ERROR,
FWUPD_ERROR_INTERNAL,
"failed to set protocol: %s",
gpgme_strerror (rc));
return FALSE;
}
/* enable armor mode */
gpgme_set_armor (priv->ctx, TRUE);
return TRUE;
}
