int rpmcliVerifySignatures(rpmts ts, ARGV_const_t argv) { const char * arg; int res = 0; rpmKeyring keyring = rpmtsGetKeyring(ts, 1); rpmVerifyFlags verifyFlags = (VERIFY_DIGEST|VERIFY_SIGNATURE); verifyFlags &= ~rpmcliQueryFlags; while ((arg = *argv++) != NULL) { FD_t fd = Fopen(arg, "r.ufdio"); if (fd == NULL || Ferror(fd)) { rpmlog(RPMLOG_ERR, _("%s: open failed: %s\n"), arg, Fstrerror(fd)); res++; } else if (rpmpkgVerifySigs(keyring, verifyFlags, fd, arg)) { res++; } Fclose(fd); rpmdbCheckSignals(); } rpmKeyringFree(keyring); return res; }
int rpmcliVerifySignatures(rpmts ts, ARGV_const_t argv) { const char * arg; int res = 0; rpmKeyring keyring = rpmtsGetKeyring(ts, 1); rpmVSFlags vsflags = 0; vsflags |= rpmcliVSFlags; while ((arg = *argv++) != NULL) { FD_t fd = Fopen(arg, "r.ufdio"); if (fd == NULL || Ferror(fd)) { rpmlog(RPMLOG_ERR, _("%s: open failed: %s\n"), arg, Fstrerror(fd)); res++; } else if (rpmpkgVerifySigs(keyring, vsflags, fd, arg)) { res++; } Fclose(fd); rpmsqPoll(); } rpmKeyringFree(keyring); return res; }
/** \ingroup py_c */ static void rpmKeyring_dealloc(rpmKeyringObject * self) /*@*/ { if (self) { rpmKeyringFree(self->keyring); PyObject_Del(self); } }
int rpmtsSetKeyring(rpmts ts, rpmKeyring keyring) { if (ts == NULL) return -1; rpmKeyringFree(ts->keyring); ts->keyring = rpmKeyringLink(keyring); return 0; }
/* Wrapper around rpmkVerifySigs to preserve API */ int rpmVerifySignatures(QVA_t qva, rpmts ts, FD_t fd, const char * fn) { int rc = 1; /* assume failure */ if (ts && qva && fd && fn) { rpmKeyring keyring = rpmtsGetKeyring(ts, 1); rc = rpmpkgVerifySigs(keyring, qva->qva_flags, fd, fn); rpmKeyringFree(keyring); } return rc; }
rpmRC rpmReadHeader(rpmts ts, FD_t fd, Header *hdrp, char ** msg) { rpmRC rc; rpmKeyring keyring = rpmtsGetKeyring(ts, 1); rpmVSFlags vsflags = rpmtsVSFlags(ts); rc = rpmpkgReadHeader(keyring, vsflags, fd, hdrp, msg); rpmKeyringFree(keyring); return rc; }
rpmRC rpmReadPackageFile(rpmts ts, FD_t fd, const char * fn, Header * hdrp) { rpmRC rc; rpmVSFlags vsflags = rpmtsVSFlags(ts); rpmKeyring keyring = rpmtsGetKeyring(ts, 1); rc = rpmpkgRead(keyring, vsflags, fd, fn, hdrp); rpmKeyringFree(keyring); return rc; }
rpmRC headerCheck(rpmts ts, const void * uh, size_t uc, char ** msg) { rpmRC rc; rpmVSFlags vsflags = rpmtsVSFlags(ts); rpmKeyring keyring = rpmtsGetKeyring(ts, 1); rpmswEnter(rpmtsOp(ts, RPMTS_OP_DIGEST), 0); rc = headerVerify(keyring, vsflags, uh, uc, msg); rpmswExit(rpmtsOp(ts, RPMTS_OP_DIGEST), uc); rpmKeyringFree(keyring); return rc; }
rpmRC rpmtsImportPubkey(const rpmts ts, const unsigned char * pkt, size_t pktlen) { Header h = NULL; rpmRC rc = RPMRC_FAIL; /* assume failure */ rpmPubkey pubkey = NULL; rpmVSFlags oflags = rpmtsVSFlags(ts); rpmKeyring keyring; rpmtxn txn = rpmtxnBegin(ts, RPMTXN_WRITE); int krc; if (txn == NULL) return rc; /* XXX keyring wont load if sigcheck disabled, force it temporarily */ rpmtsSetVSFlags(ts, (oflags & ~_RPMVSF_NOSIGNATURES)); keyring = rpmtsGetKeyring(ts, 1); rpmtsSetVSFlags(ts, oflags); if ((pubkey = rpmPubkeyNew(pkt, pktlen)) == NULL) goto exit; krc = rpmKeyringAddKey(keyring, pubkey); if (krc < 0) goto exit; /* If we dont already have the key, make a persistent record of it */ if (krc == 0) { rpm_tid_t tid = rpmtsGetTid(ts); if (makePubkeyHeader(ts, pubkey, &h) != 0) goto exit; headerPutUint32(h, RPMTAG_INSTALLTIME, &tid, 1); headerPutUint32(h, RPMTAG_INSTALLTID, &tid, 1); /* Add header to database. */ if (!(rpmtsFlags(ts) & RPMTRANS_FLAG_TEST)) { rc = rpmtsImportHeader(txn, h, 0); } } rc = RPMRC_OK; exit: /* Clean up. */ headerFree(h); rpmPubkeyFree(pubkey); rpmKeyringFree(keyring); rpmtxnEnd(txn); return rc; }
rpmRC rpmReadPackageFile(rpmts ts, FD_t fd, const char * fn, Header * hdrp) { rpmRC rc; rpmVSFlags vsflags = rpmtsVSFlags(ts); rpmKeyring keyring = 0; if ((vsflags & _RPMVSF_NOSIGNATURES) != _RPMVSF_NOSIGNATURES) keyring = rpmtsGetKeyring(ts, 1); rc = rpmpkgRead(keyring, vsflags, fd, fn, hdrp); if (keyring) rpmKeyringFree(keyring); return rc; }
rpmts rpmtsFree(rpmts ts) { tsMembers tsmem = rpmtsMembers(ts); if (ts == NULL) return NULL; if (ts->nrefs > 1) return rpmtsUnlink(ts); rpmtsEmpty(ts); (void) rpmtsCloseDB(ts); tsmem->removedPackages = removedHashFree(tsmem->removedPackages); tsmem->order = _free(tsmem->order); ts->members = _free(ts->members); ts->dsi = _free(ts->dsi); if (ts->scriptFd != NULL) { ts->scriptFd = fdFree(ts->scriptFd); ts->scriptFd = NULL; } ts->rootDir = _free(ts->rootDir); ts->lockPath = _free(ts->lockPath); ts->lock = rpmlockFree(ts->lock); ts->keyring = rpmKeyringFree(ts->keyring); ts->netsharedPaths = argvFree(ts->netsharedPaths); ts->installLangs = argvFree(ts->installLangs); ts->plugins = rpmpluginsFree(ts->plugins); if (_rpmts_stats) rpmtsPrintStats(ts); (void) rpmtsUnlink(ts); ts = _free(ts); return NULL; }
rpmRC headerCheck(rpmts ts, const void * uh, size_t uc, char ** msg) { rpmRC rc = RPMRC_FAIL; rpmVSFlags vsflags = rpmtsVSFlags(ts); rpmKeyring keyring = rpmtsGetKeyring(ts, 1); struct hdrblob_s blob; if (hdrblobInit(uh, uc, 0, 0, &blob, msg) == RPMRC_OK) { rpmswEnter(rpmtsOp(ts, RPMTS_OP_DIGEST), 0); rc = headerSigVerify(keyring, vsflags, &blob, msg); rpmswExit(rpmtsOp(ts, RPMTS_OP_DIGEST), uc); if (rc == RPMRC_NOTFOUND && msg != NULL && *msg == NULL) rasprintf(msg, "Header sanity check: OK"); } rpmKeyringFree(keyring); return rc; }
rpmRC rpmReadPackageFile(rpmts ts, FD_t fd, const char * fn, Header * hdrp) { rpmRC rc; rpmVSFlags vsflags = rpmtsVSFlags(ts); rpmKeyring keyring = rpmtsGetKeyring(ts, 1); unsigned int keyid = 0; char *msg = NULL; if (fn == NULL) fn = Fdescr(fd); rc = rpmpkgRead(keyring, vsflags, fd, hdrp, &keyid, &msg); switch (rc) { case RPMRC_OK: /* Signature is OK. */ rpmlog(RPMLOG_DEBUG, "%s: %s\n", fn, msg); break; case RPMRC_NOTTRUSTED: /* Signature is OK, but key is not trusted. */ case RPMRC_NOKEY: /* Public key is unavailable. */ /* XXX Print NOKEY/NOTTRUSTED warning only once. */ { int lvl = (stashKeyid(keyid) ? RPMLOG_DEBUG : RPMLOG_WARNING); rpmlog(lvl, "%s: %s\n", fn, msg); } break; case RPMRC_NOTFOUND: /* Signature is unknown type or manifest. */ /* msg == NULL is probably a manifest */ if (msg) rpmlog(RPMLOG_WARNING, "%s: %s\n", fn, msg); break; default: case RPMRC_FAIL: /* Signature does not verify. */ rpmlog(RPMLOG_ERR, "%s: %s\n", fn, msg); break; } rpmKeyringFree(keyring); free(msg); return rc; }
uint32_t TDNFRpmExecTransaction( PTDNF pTdnf, PTDNF_SOLVED_PKG_INFO pSolvedInfo ) { uint32_t dwError = 0; int nKeepCachedRpms = 0; TDNFRPMTS ts = {0}; if(!pTdnf || !pTdnf->pConf || !pSolvedInfo) { dwError = ERROR_TDNF_INVALID_PARAMETER; BAIL_ON_TDNF_ERROR(dwError); } nKeepCachedRpms = pTdnf->pConf->nKeepCache; ts.pCachedRpmsArray = g_array_new(TRUE, TRUE, sizeof(char*)); if(!ts.pCachedRpmsArray) { dwError = ERROR_TDNF_OUT_OF_MEMORY; BAIL_ON_TDNF_ERROR(dwError); } dwError = rpmReadConfigFiles(NULL, NULL); BAIL_ON_TDNF_ERROR(dwError); rpmSetVerbosity(TDNFConfGetRpmVerbosity(pTdnf)); //Allow downgrades ts.nProbFilterFlags = RPMPROB_FILTER_OLDPACKAGE; if(pSolvedInfo->nAlterType == ALTER_REINSTALL) { ts.nProbFilterFlags = ts.nProbFilterFlags | RPMPROB_FILTER_REPLACEPKG; } ts.pTS = rpmtsCreate(); if(!ts.pTS) { dwError = ERROR_TDNF_RPMTS_CREATE_FAILED; BAIL_ON_TDNF_ERROR(dwError); } ts.pKeyring = rpmKeyringNew(); if(!ts.pKeyring) { dwError = ERROR_TDNF_RPMTS_KEYRING_FAILED; BAIL_ON_TDNF_ERROR(dwError); } ts.nTransFlags = rpmtsSetFlags (ts.pTS, RPMTRANS_FLAG_NONE); if(rpmtsSetRootDir (ts.pTS, pTdnf->pArgs->pszInstallRoot)) { dwError = ERROR_TDNF_RPMTS_BAD_ROOT_DIR; BAIL_ON_TDNF_ERROR(dwError); } if(rpmtsSetNotifyCallback(ts.pTS, TDNFRpmCB, (void*)&ts)) { dwError = ERROR_TDNF_RPMTS_SET_CB_FAILED; BAIL_ON_TDNF_ERROR(dwError); } dwError = TDNFPopulateTransaction(&ts, pTdnf, pSolvedInfo); BAIL_ON_TDNF_ERROR(dwError); dwError = TDNFRunTransaction(&ts, pTdnf); BAIL_ON_TDNF_ERROR(dwError); cleanup: if(ts.pTS) { rpmtsCloseDB(ts.pTS); rpmtsFree(ts.pTS); } if(ts.pKeyring) { rpmKeyringFree(ts.pKeyring); } if(ts.pCachedRpmsArray) { if(!nKeepCachedRpms) { TDNFRemoveCachedRpms(ts.pCachedRpmsArray); } TDNFFreeCachedRpmsArray(ts.pCachedRpmsArray); } return dwError; error: goto cleanup; }