int rpmcliVerifySignatures(rpmts ts, ARGV_const_t argv)
{
const char * arg;
int res = 0;
rpmKeyring keyring = rpmtsGetKeyring(ts, 1);
rpmVerifyFlags verifyFlags = (VERIFY_DIGEST|VERIFY_SIGNATURE);
verifyFlags &= ~rpmcliQueryFlags;
while ((arg = *argv++) != NULL) {
FD_t fd = Fopen(arg, "r.ufdio");
if (fd == NULL || Ferror(fd)) {
rpmlog(RPMLOG_ERR, _("%s: open failed: %s\n"),
arg, Fstrerror(fd));
res++;
} else if (rpmpkgVerifySigs(keyring, verifyFlags, fd, arg)) {
res++;
}
Fclose(fd);
rpmdbCheckSignals();
}
rpmKeyringFree(keyring);
return res;
}
int rpmcliVerifySignatures(rpmts ts, ARGV_const_t argv)
{
const char * arg;
int res = 0;
rpmKeyring keyring = rpmtsGetKeyring(ts, 1);
rpmVSFlags vsflags = 0;
vsflags |= rpmcliVSFlags;
while ((arg = *argv++) != NULL) {
FD_t fd = Fopen(arg, "r.ufdio");
if (fd == NULL || Ferror(fd)) {
rpmlog(RPMLOG_ERR, _("%s: open failed: %s\n"),
arg, Fstrerror(fd));
res++;
} else if (rpmpkgVerifySigs(keyring, vsflags, fd, arg)) {
res++;
}
Fclose(fd);
rpmsqPoll();
}
rpmKeyringFree(keyring);
return res;
}
/** \ingroup py_c
*/
static void rpmKeyring_dealloc(rpmKeyringObject * self)
/*@*/
{
if (self) {
rpmKeyringFree(self->keyring);
PyObject_Del(self);
}
}
int rpmtsSetKeyring(rpmts ts, rpmKeyring keyring)
{
if (ts == NULL)
return -1;
rpmKeyringFree(ts->keyring);
ts->keyring = rpmKeyringLink(keyring);
return 0;
}
/* Wrapper around rpmkVerifySigs to preserve API */
int rpmVerifySignatures(QVA_t qva, rpmts ts, FD_t fd, const char * fn)
{
int rc = 1; /* assume failure */
if (ts && qva && fd && fn) {
rpmKeyring keyring = rpmtsGetKeyring(ts, 1);
rc = rpmpkgVerifySigs(keyring, qva->qva_flags, fd, fn);
rpmKeyringFree(keyring);
}
return rc;
}
rpmRC rpmReadHeader(rpmts ts, FD_t fd, Header *hdrp, char ** msg)
{
rpmRC rc;
rpmKeyring keyring = rpmtsGetKeyring(ts, 1);
rpmVSFlags vsflags = rpmtsVSFlags(ts);
rc = rpmpkgReadHeader(keyring, vsflags, fd, hdrp, msg);
rpmKeyringFree(keyring);
return rc;
}
rpmRC rpmReadPackageFile(rpmts ts, FD_t fd, const char * fn, Header * hdrp)
{
rpmRC rc;
rpmVSFlags vsflags = rpmtsVSFlags(ts);
rpmKeyring keyring = rpmtsGetKeyring(ts, 1);
rc = rpmpkgRead(keyring, vsflags, fd, fn, hdrp);
rpmKeyringFree(keyring);
return rc;
}
rpmRC headerCheck(rpmts ts, const void * uh, size_t uc, char ** msg)
{
rpmRC rc;
rpmVSFlags vsflags = rpmtsVSFlags(ts);
rpmKeyring keyring = rpmtsGetKeyring(ts, 1);
rpmswEnter(rpmtsOp(ts, RPMTS_OP_DIGEST), 0);
rc = headerVerify(keyring, vsflags, uh, uc, msg);
rpmswExit(rpmtsOp(ts, RPMTS_OP_DIGEST), uc);
rpmKeyringFree(keyring);
return rc;
}
rpmRC rpmtsImportPubkey(const rpmts ts, const unsigned char * pkt, size_t pktlen)
{
Header h = NULL;
rpmRC rc = RPMRC_FAIL; /* assume failure */
rpmPubkey pubkey = NULL;
rpmVSFlags oflags = rpmtsVSFlags(ts);
rpmKeyring keyring;
rpmtxn txn = rpmtxnBegin(ts, RPMTXN_WRITE);
int krc;
if (txn == NULL)
return rc;
/* XXX keyring wont load if sigcheck disabled, force it temporarily */
rpmtsSetVSFlags(ts, (oflags & ~_RPMVSF_NOSIGNATURES));
keyring = rpmtsGetKeyring(ts, 1);
rpmtsSetVSFlags(ts, oflags);
if ((pubkey = rpmPubkeyNew(pkt, pktlen)) == NULL)
goto exit;
krc = rpmKeyringAddKey(keyring, pubkey);
if (krc < 0)
goto exit;
/* If we dont already have the key, make a persistent record of it */
if (krc == 0) {
rpm_tid_t tid = rpmtsGetTid(ts);
if (makePubkeyHeader(ts, pubkey, &h) != 0)
goto exit;
headerPutUint32(h, RPMTAG_INSTALLTIME, &tid, 1);
headerPutUint32(h, RPMTAG_INSTALLTID, &tid, 1);
/* Add header to database. */
if (!(rpmtsFlags(ts) & RPMTRANS_FLAG_TEST)) {
rc = rpmtsImportHeader(txn, h, 0);
}
}
rc = RPMRC_OK;
exit:
/* Clean up. */
headerFree(h);
rpmPubkeyFree(pubkey);
rpmKeyringFree(keyring);
rpmtxnEnd(txn);
return rc;
}
rpmRC rpmReadPackageFile(rpmts ts, FD_t fd, const char * fn, Header * hdrp)
{
rpmRC rc;
rpmVSFlags vsflags = rpmtsVSFlags(ts);
rpmKeyring keyring = 0;
if ((vsflags & _RPMVSF_NOSIGNATURES) != _RPMVSF_NOSIGNATURES)
keyring = rpmtsGetKeyring(ts, 1);
rc = rpmpkgRead(keyring, vsflags, fd, fn, hdrp);
if (keyring)
rpmKeyringFree(keyring);
return rc;
}
rpmts rpmtsFree(rpmts ts)
{
tsMembers tsmem = rpmtsMembers(ts);
if (ts == NULL)
return NULL;
if (ts->nrefs > 1)
return rpmtsUnlink(ts);
rpmtsEmpty(ts);
(void) rpmtsCloseDB(ts);
tsmem->removedPackages = removedHashFree(tsmem->removedPackages);
tsmem->order = _free(tsmem->order);
ts->members = _free(ts->members);
ts->dsi = _free(ts->dsi);
if (ts->scriptFd != NULL) {
ts->scriptFd = fdFree(ts->scriptFd);
ts->scriptFd = NULL;
}
ts->rootDir = _free(ts->rootDir);
ts->lockPath = _free(ts->lockPath);
ts->lock = rpmlockFree(ts->lock);
ts->keyring = rpmKeyringFree(ts->keyring);
ts->netsharedPaths = argvFree(ts->netsharedPaths);
ts->installLangs = argvFree(ts->installLangs);
ts->plugins = rpmpluginsFree(ts->plugins);
if (_rpmts_stats)
rpmtsPrintStats(ts);
(void) rpmtsUnlink(ts);
ts = _free(ts);
return NULL;
}
rpmRC headerCheck(rpmts ts, const void * uh, size_t uc, char ** msg)
{
rpmRC rc = RPMRC_FAIL;
rpmVSFlags vsflags = rpmtsVSFlags(ts);
rpmKeyring keyring = rpmtsGetKeyring(ts, 1);
struct hdrblob_s blob;
if (hdrblobInit(uh, uc, 0, 0, &blob, msg) == RPMRC_OK) {
rpmswEnter(rpmtsOp(ts, RPMTS_OP_DIGEST), 0);
rc = headerSigVerify(keyring, vsflags, &blob, msg);
rpmswExit(rpmtsOp(ts, RPMTS_OP_DIGEST), uc);
if (rc == RPMRC_NOTFOUND && msg != NULL && *msg == NULL)
rasprintf(msg, "Header sanity check: OK");
}
rpmKeyringFree(keyring);
return rc;
}
rpmRC rpmReadPackageFile(rpmts ts, FD_t fd, const char * fn, Header * hdrp)
{
rpmRC rc;
rpmVSFlags vsflags = rpmtsVSFlags(ts);
rpmKeyring keyring = rpmtsGetKeyring(ts, 1);
unsigned int keyid = 0;
char *msg = NULL;
if (fn == NULL)
fn = Fdescr(fd);
rc = rpmpkgRead(keyring, vsflags, fd, hdrp, &keyid, &msg);
switch (rc) {
case RPMRC_OK: /* Signature is OK. */
rpmlog(RPMLOG_DEBUG, "%s: %s\n", fn, msg);
break;
case RPMRC_NOTTRUSTED: /* Signature is OK, but key is not trusted. */
case RPMRC_NOKEY: /* Public key is unavailable. */
/* XXX Print NOKEY/NOTTRUSTED warning only once. */
{ int lvl = (stashKeyid(keyid) ? RPMLOG_DEBUG : RPMLOG_WARNING);
rpmlog(lvl, "%s: %s\n", fn, msg);
} break;
case RPMRC_NOTFOUND: /* Signature is unknown type or manifest. */
/* msg == NULL is probably a manifest */
if (msg)
rpmlog(RPMLOG_WARNING, "%s: %s\n", fn, msg);
break;
default:
case RPMRC_FAIL: /* Signature does not verify. */
rpmlog(RPMLOG_ERR, "%s: %s\n", fn, msg);
break;
}
rpmKeyringFree(keyring);
free(msg);
return rc;
}
uint32_t
TDNFRpmExecTransaction(
PTDNF pTdnf,
PTDNF_SOLVED_PKG_INFO pSolvedInfo
)
{
uint32_t dwError = 0;
int nKeepCachedRpms = 0;
TDNFRPMTS ts = {0};
if(!pTdnf || !pTdnf->pConf || !pSolvedInfo)
{
dwError = ERROR_TDNF_INVALID_PARAMETER;
BAIL_ON_TDNF_ERROR(dwError);
}
nKeepCachedRpms = pTdnf->pConf->nKeepCache;
ts.pCachedRpmsArray = g_array_new(TRUE, TRUE, sizeof(char*));
if(!ts.pCachedRpmsArray)
{
dwError = ERROR_TDNF_OUT_OF_MEMORY;
BAIL_ON_TDNF_ERROR(dwError);
}
dwError = rpmReadConfigFiles(NULL, NULL);
BAIL_ON_TDNF_ERROR(dwError);
rpmSetVerbosity(TDNFConfGetRpmVerbosity(pTdnf));
//Allow downgrades
ts.nProbFilterFlags = RPMPROB_FILTER_OLDPACKAGE;
if(pSolvedInfo->nAlterType == ALTER_REINSTALL)
{
ts.nProbFilterFlags = ts.nProbFilterFlags | RPMPROB_FILTER_REPLACEPKG;
}
ts.pTS = rpmtsCreate();
if(!ts.pTS)
{
dwError = ERROR_TDNF_RPMTS_CREATE_FAILED;
BAIL_ON_TDNF_ERROR(dwError);
}
ts.pKeyring = rpmKeyringNew();
if(!ts.pKeyring)
{
dwError = ERROR_TDNF_RPMTS_KEYRING_FAILED;
BAIL_ON_TDNF_ERROR(dwError);
}
ts.nTransFlags = rpmtsSetFlags (ts.pTS, RPMTRANS_FLAG_NONE);
if(rpmtsSetRootDir (ts.pTS, pTdnf->pArgs->pszInstallRoot))
{
dwError = ERROR_TDNF_RPMTS_BAD_ROOT_DIR;
BAIL_ON_TDNF_ERROR(dwError);
}
if(rpmtsSetNotifyCallback(ts.pTS, TDNFRpmCB, (void*)&ts))
{
dwError = ERROR_TDNF_RPMTS_SET_CB_FAILED;
BAIL_ON_TDNF_ERROR(dwError);
}
dwError = TDNFPopulateTransaction(&ts, pTdnf, pSolvedInfo);
BAIL_ON_TDNF_ERROR(dwError);
dwError = TDNFRunTransaction(&ts, pTdnf);
BAIL_ON_TDNF_ERROR(dwError);
cleanup:
if(ts.pTS)
{
rpmtsCloseDB(ts.pTS);
rpmtsFree(ts.pTS);
}
if(ts.pKeyring)
{
rpmKeyringFree(ts.pKeyring);
}
if(ts.pCachedRpmsArray)
{
if(!nKeepCachedRpms)
{
TDNFRemoveCachedRpms(ts.pCachedRpmsArray);
}
TDNFFreeCachedRpmsArray(ts.pCachedRpmsArray);
}
return dwError;
error:
goto cleanup;
}
