gpgme_data_t sgpgme_data_from_mimeinfo(MimeInfo *mimeinfo) { gpgme_data_t data = NULL; gpgme_error_t err; FILE *fp = g_fopen(mimeinfo->data.filename, "rb"); gchar *tmp_file = NULL; if (!fp) return NULL; tmp_file = get_tmp_file(); copy_file_part(fp, mimeinfo->offset, mimeinfo->length, tmp_file); fclose(fp); fp = NULL; debug_print("tmp file %s\n", tmp_file); err = gpgme_data_new_from_file(&data, tmp_file, 1); claws_unlink(tmp_file); g_free(tmp_file); debug_print("data %p (%d %d)\n", (void *)&data, mimeinfo->offset, mimeinfo->length); if (err) { debug_print ("gpgme_data_new_from_file failed: %s\n", gpgme_strerror (err)); privacy_set_error(_("Couldn't get data from message, %s"), gpgme_strerror(err)); return NULL; } return data; }
int main (int argc, char **argv) { int last_argc = -1; gpgme_error_t err; int anyerr = 0; gpgme_data_t data; gpgme_data_type_t dt; if (argc) { argc--; argv++; } while (argc && last_argc != argc ) { last_argc = argc; if (!strcmp (*argv, "--")) { argc--; argv++; break; } else if (!strcmp (*argv, "--help")) show_usage (0); else if (!strcmp (*argv, "--verbose")) { verbose = 1; argc--; argv++; } else if (!strncmp (*argv, "--", 2)) show_usage (1); } init_gpgme (GPGME_PROTOCOL_OpenPGP); for (; argc; argc--, argv++) { if (verbose) printf ("reading file `%s'\n", *argv); err = gpgme_data_new_from_file (&data, *argv, 1); if (err) { fprintf (stderr, PGM ": error reading '%s': %s\n", *argv, gpg_strerror (err)); anyerr = 1; } else { dt = gpgme_data_identify (data, 0); if (dt == GPGME_DATA_TYPE_INVALID) anyerr = 1; printf ("%s: %s\n", *argv, data_type_to_string (dt)); gpgme_data_release (data); } } return anyerr; }
gboolean fu_keyring_add_public_key (FuKeyring *keyring, const gchar *filename, GError **error) { FuKeyringPrivate *priv = GET_PRIVATE (keyring); gpgme_error_t rc; gpgme_import_result_t result; gpgme_import_status_t s; g_auto(gpgme_data_t) data = NULL; g_return_val_if_fail (FU_IS_KEYRING (keyring), FALSE); g_return_val_if_fail (filename != NULL, FALSE); /* import public key */ g_debug ("Adding public key %s", filename); rc = gpgme_data_new_from_file (&data, filename, 1); if (rc != GPG_ERR_NO_ERROR) { g_set_error (error, FWUPD_ERROR, FWUPD_ERROR_INTERNAL, "failed to load %s: %s", filename, gpgme_strerror (rc)); return FALSE; } rc = gpgme_op_import (priv->ctx, data); if (rc != GPG_ERR_NO_ERROR) { g_set_error (error, FWUPD_ERROR, FWUPD_ERROR_INTERNAL, "failed to import %s: %s", filename, gpgme_strerror (rc)); return FALSE; } /* print what keys were imported */ result = gpgme_op_import_result (priv->ctx); for (s = result->imports; s != NULL; s = s->next) { g_debug ("importing key %s [%u] %s", s->fpr, s->status, gpgme_strerror (s->result)); } /* make sure keys were really imported */ if (result->imported == 0 && result->unchanged == 0) { g_debug("imported: %d, unchanged: %d, not_imported: %d", result->imported, result->unchanged, result->not_imported); g_set_error (error, FWUPD_ERROR, FWUPD_ERROR_INTERNAL, "key import failed %s", filename); return FALSE; } return TRUE; }
int main (int argc, char **argv) { gpgme_ctx_t ctx; gpgme_error_t err; gpgme_data_t in; gpgme_import_result_t result; char *cert_1 = make_filename ("cert_dfn_pca01.der"); char *cert_2 = make_filename ("cert_dfn_pca15.der"); init_gpgme (GPGME_PROTOCOL_CMS); err = gpgme_new (&ctx); fail_if_err (err); gpgme_set_protocol (ctx, GPGME_PROTOCOL_CMS); err = gpgme_data_new_from_file (&in, cert_1, 1); free (cert_1); fail_if_err (err); err = gpgme_op_import (ctx, in); fail_if_err (err); result = gpgme_op_import_result (ctx); check_result (result, "DFA56FB5FC41E3A8921F77AD1622EEFD9152A5AD", 1, 1); gpgme_data_release (in); err = gpgme_data_new_from_file (&in, cert_2, 1); free (cert_2); fail_if_err (err); err = gpgme_op_import (ctx, in); fail_if_err (err); result = gpgme_op_import_result (ctx); check_result (result, "2C8F3C356AB761CB3674835B792CDA52937F9285", 1, 2); gpgme_data_release (in); gpgme_release (ctx); return 0; }
int main (int argc, char *argv[]) { gpgme_ctx_t ctx; gpgme_error_t err; gpgme_data_t in; gpgme_import_result_t result; char *pubkey_1_asc = make_filename ("pubkey-1.asc"); char *seckey_1_asc = make_filename ("seckey-1.asc"); init_gpgme (GPGME_PROTOCOL_OpenPGP); err = gpgme_new (&ctx); fail_if_err (err); err = gpgme_data_new_from_file (&in, pubkey_1_asc, 1); free (pubkey_1_asc); fail_if_err (err); err = gpgme_op_import (ctx, in); fail_if_err (err); result = gpgme_op_import_result (ctx); check_result (result, "ADAB7FCC1F4DE2616ECFA402AF82244F9CD9FD55", 0); gpgme_data_release (in); err = gpgme_data_new_from_file (&in, seckey_1_asc, 1); free (seckey_1_asc); fail_if_err (err); err = gpgme_op_import (ctx, in); fail_if_err (err); result = gpgme_op_import_result (ctx); check_result (result, "ADAB7FCC1F4DE2616ECFA402AF82244F9CD9FD55", 1); gpgme_data_release (in); gpgme_release (ctx); return 0; }
int main (int argc, char *argv[]) { gpgme_ctx_t ctx; gpgme_error_t err; gpgme_data_t in, out; gpgme_decrypt_result_t decrypt_result; gpgme_verify_result_t verify_result; char *cipher_2_asc = make_filename ("cipher-2.asc"); char *agent_info; init_gpgme (GPGME_PROTOCOL_OpenPGP); err = gpgme_new (&ctx); fail_if_err (err); agent_info = getenv("GPG_AGENT_INFO"); if (!(agent_info && strchr (agent_info, ':'))) gpgme_set_passphrase_cb (ctx, passphrase_cb, NULL); err = gpgme_data_new_from_file (&in, cipher_2_asc, 1); free (cipher_2_asc); fail_if_err (err); err = gpgme_data_new (&out); fail_if_err (err); err = gpgme_op_decrypt_verify (ctx, in, out); fail_if_err (err); decrypt_result = gpgme_op_decrypt_result (ctx); if (decrypt_result->unsupported_algorithm) { fprintf (stderr, "%s:%i: unsupported algorithm: %s\n", __FILE__, __LINE__, decrypt_result->unsupported_algorithm); exit (1); } print_data (out); verify_result = gpgme_op_verify_result (ctx); check_verify_result (verify_result, 0, "A0FF4590BB6122EDEF6E3C542D727CC768697734", GPG_ERR_NO_ERROR); gpgme_data_release (in); gpgme_data_release (out); gpgme_release (ctx); return 0; }
int main (int argc, char *argv[]) { gpgme_ctx_t ctx; gpgme_error_t err; gpgme_data_t in, out; gpgme_decrypt_result_t result; char *cipher_1_asc = make_filename ("cipher-1.asc"); char *agent_info; init_gpgme (GPGME_PROTOCOL_OpenPGP); err = gpgme_new (&ctx); fail_if_err (err); agent_info = getenv("GPG_AGENT_INFO"); if (!(agent_info && strchr (agent_info, ':'))) gpgme_set_passphrase_cb (ctx, passphrase_cb, NULL); err = gpgme_data_new_from_file (&in, cipher_1_asc, 1); free (cipher_1_asc); fail_if_err (err); err = gpgme_data_new (&out); fail_if_err (err); err = gpgme_op_decrypt (ctx, in, out); fail_if_err (err); result = gpgme_op_decrypt_result (ctx); if (result->unsupported_algorithm) { fprintf (stderr, "%s:%i: unsupported algorithm: %s\n", __FILE__, __LINE__, result->unsupported_algorithm); exit (1); } print_data (out); gpgme_data_release (in); gpgme_data_release (out); gpgme_release (ctx); return 0; }
void import ( gpgme_ctx_t * context, telem_gpg_opts * options, int num_keys, char ** key_path ) { gpgme_error_t err; int url_mode = 0; int nul_mode = 0; gpgme_import_result_t impres; gpgme_data_t data; for (; num_keys; --num_keys, key_path++) { printf ("reading file `%s'\n", *key_path); err = gpgme_data_new_from_file(&data, *key_path, 1); fail_if_err(err); if (url_mode) gpgme_data_set_encoding( data, (nul_mode? GPGME_DATA_ENCODING_URL0 : GPGME_DATA_ENCODING_URL) ); err = gpgme_op_import(*context, data); fail_if_err(err); impres = gpgme_op_import_result(*context); if (!impres) { fprintf(stderr, "No import result returned\n"); exit(1); } print_import_result(impres); gpgme_data_release(data); } }
int opkg_verify_file (char *text_file, char *sig_file) { #if defined HAVE_GPGME if (conf->check_signature == 0 ) return 0; int status = -1; gpgme_ctx_t ctx; gpgme_data_t sig, text, key; gpgme_error_t err; gpgme_verify_result_t result; gpgme_signature_t s; char *trusted_path = NULL; gpgme_check_version (NULL); err = gpgme_new (&ctx); if (err) return -1; sprintf_alloc(&trusted_path, "%s/%s", conf->offline_root, "/etc/opkg/trusted.gpg"); err = gpgme_data_new_from_file (&key, trusted_path, 1); free (trusted_path); if (err) { return -1; } err = gpgme_op_import (ctx, key); if (err) { gpgme_data_release (key); return -1; } gpgme_data_release (key); err = gpgme_data_new_from_file (&sig, sig_file, 1); if (err) { gpgme_release (ctx); return -1; } err = gpgme_data_new_from_file (&text, text_file, 1); if (err) { gpgme_data_release (sig); gpgme_release (ctx); return -1; } err = gpgme_op_verify (ctx, sig, text, NULL); result = gpgme_op_verify_result (ctx); if (!result) return -1; /* see if any of the signitures matched */ s = result->signatures; while (s) { status = gpg_err_code (s->status); if (status == GPG_ERR_NO_ERROR) break; s = s->next; } gpgme_data_release (sig); gpgme_data_release (text); gpgme_release (ctx); return status; #elif defined HAVE_OPENSSL X509_STORE *store = NULL; PKCS7 *p7 = NULL; BIO *in = NULL, *indata = NULL; // Sig check failed by default ! int status = -1; openssl_init(); // Set-up the key store if(!(store = setup_verify(conf->signature_ca_file, conf->signature_ca_path))){ opkg_msg(ERROR, "Can't open CA certificates.\n"); goto verify_file_end; } // Open a BIO to read the sig file if (!(in = BIO_new_file(sig_file, "rb"))){ opkg_msg(ERROR, "Can't open signature file %s.\n", sig_file); goto verify_file_end; } // Read the PKCS7 block contained in the sig file p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL); if(!p7){ opkg_msg(ERROR, "Can't read signature file %s (Corrupted ?).\n", sig_file); goto verify_file_end; } #if defined(HAVE_PATHFINDER) if(conf->check_x509_path){ if(!pkcs7_pathfinder_verify_signers(p7)){ opkg_msg(ERROR, "pkcs7_pathfinder_verify_signers: " "Path verification failed.\n"); goto verify_file_end; } } #endif // Open the Package file to authenticate if (!(indata = BIO_new_file(text_file, "rb"))){ opkg_msg(ERROR, "Can't open file %s.\n", text_file); goto verify_file_end; } // Let's verify the autenticity ! if (PKCS7_verify(p7, NULL, store, indata, NULL, PKCS7_BINARY) != 1){ // Get Off My Lawn! opkg_msg(ERROR, "Verification failure.\n"); }else{ // Victory ! status = 0; } verify_file_end: BIO_free(in); BIO_free(indata); PKCS7_free(p7); X509_STORE_free(store); return status; #else /* mute `unused variable' warnings. */ (void) sig_file; (void) text_file; (void) conf; return 0; #endif }
GpgME::Data::Data( const char * filename ) { gpgme_data_t data; const gpgme_error_t e = gpgme_data_new_from_file( &data, filename, 1 ); d = new Private( e ? 0 : data ); d->ref(); }
int main (int argc, char **argv) { int last_argc = -1; gpgme_error_t err; gpgme_ctx_t ctx; const char *key_string = NULL; gpgme_protocol_t protocol = GPGME_PROTOCOL_OpenPGP; gpgme_sig_mode_t sigmode = GPGME_SIG_MODE_CLEAR; gpgme_data_t in, out; if (argc) { argc--; argv++; } while (argc && last_argc != argc ) { last_argc = argc; if (!strcmp (*argv, "--")) { argc--; argv++; break; } else if (!strcmp (*argv, "--help")) show_usage (0); else if (!strcmp (*argv, "--key")) { argc--; argv++; if (!argc) show_usage (1); key_string = *argv; argc--; argv++; } else if (!strncmp (*argv, "--", 2)) show_usage (1); } if (argc != 1) show_usage (1); init_gpgme (protocol); err = gpgme_new (&ctx); fail_if_err (err); gpgme_set_protocol (ctx, protocol); gpgme_set_armor (ctx, 1); if (key_string) { gpgme_key_t akey; err = gpgme_get_key (ctx, key_string, &akey, 1); if (err) { exit (1); } err = gpgme_signers_add (ctx, akey); fail_if_err (err); gpgme_key_unref (akey); } err = gpgme_data_new_from_file (&in, *argv, 1); if (err) { fprintf (stderr, PGM ": error reading `%s': %s\n", *argv, gpg_strerror (err)); exit (1); } err = gpgme_data_new (&out); fail_if_err (err); err = gpgme_op_sign (ctx, in, out, sigmode); if (err) { fprintf (stderr, PGM ": signing failed: %s\n", gpg_strerror (err)); exit (1); } print_data (out); gpgme_data_release (out); gpgme_data_release (in); gpgme_release (ctx); return 0; }
gboolean zif_utils_gpg_verify (const gchar *filename, const gchar *filename_gpg, GError **error) { gboolean ret = FALSE; gpgme_ctx_t ctx = NULL; gpgme_data_t repomd_gpg = NULL; gpgme_data_t repomd = NULL; gpgme_error_t rc; gpgme_signature_t s; gpgme_verify_result_t result; /* check version */ gpgme_check_version (NULL); /* startup gpgme */ rc = gpg_err_init (); if (rc != GPG_ERR_NO_ERROR) { g_set_error (error, ZIF_UTILS_ERROR, ZIF_UTILS_ERROR_FAILED, "failed to startup GPG: %s", gpgme_strerror (rc)); goto out; } /* create a new GPG context */ rc = gpgme_new (&ctx); if (rc != GPG_ERR_NO_ERROR) { g_set_error (error, ZIF_UTILS_ERROR, ZIF_UTILS_ERROR_FAILED, "failed to create context: %s", gpgme_strerror (rc)); goto out; } /* set the protocol */ rc = gpgme_set_protocol (ctx, GPGME_PROTOCOL_OpenPGP); if (rc != GPG_ERR_NO_ERROR) { g_set_error (error, ZIF_UTILS_ERROR, ZIF_UTILS_ERROR_FAILED, "failed to set protocol: %s", gpgme_strerror (rc)); goto out; } /* enable armor mode */ gpgme_set_armor (ctx, TRUE); /* load file */ rc = gpgme_data_new_from_file (&repomd, filename, 1); if (rc != GPG_ERR_NO_ERROR) { g_set_error (error, ZIF_UTILS_ERROR, ZIF_UTILS_ERROR_FAILED, "failed to load repomd: %s", gpgme_strerror (rc)); goto out; } /* load signature */ rc = gpgme_data_new_from_file (&repomd_gpg, filename_gpg, 1); if (rc != GPG_ERR_NO_ERROR) { g_set_error (error, ZIF_UTILS_ERROR, ZIF_UTILS_ERROR_FAILED, "failed to load repomd.asc: %s", gpgme_strerror (rc)); goto out; } /* verify the repodata.xml */ g_debug ("verifying %s with %s", filename, filename_gpg); rc = gpgme_op_verify (ctx, repomd_gpg, repomd, NULL); if (rc != GPG_ERR_NO_ERROR) { g_set_error (error, ZIF_UTILS_ERROR, ZIF_UTILS_ERROR_FAILED, "failed to verify: %s", gpgme_strerror (rc)); goto out; } /* verify the result */ result = gpgme_op_verify_result (ctx); if (result == NULL) { g_set_error_literal (error, ZIF_UTILS_ERROR, ZIF_UTILS_ERROR_FAILED, "no result record from libgpgme"); goto out; } /* look at each signature */ for (s = result->signatures; s != NULL ; s = s->next ) { ret = zif_utils_gpg_check_signature (s, error); if (!ret) goto out; } /* success */ ret = TRUE; out: if (ctx != NULL) gpgme_release (ctx); gpgme_data_release (repomd_gpg); gpgme_data_release (repomd); return ret; }
int main (int argc, char **argv) { round_t round = TEST_INITIALIZER; char *text_filename = make_filename ("t-data-1.txt"); char *longer_text_filename = make_filename ("t-data-2.txt"); const char *missing_filename = "this-file-surely-does-not-exist"; gpgme_error_t err = 0; gpgme_data_t data; while (++round) { switch (round) { case TEST_INVALID_ARGUMENT: err = gpgme_data_new (NULL); if (!err) { fprintf (stderr, "%s:%d: gpgme_data_new on NULL pointer succeeded " "unexpectedly\n", __FILE__, __LINE__); exit (1); } continue; case TEST_INOUT_NONE: err = gpgme_data_new (&data); break; case TEST_INOUT_MEM_NO_COPY: err = gpgme_data_new_from_mem (&data, text, strlen (text), 0); break; case TEST_INOUT_MEM_COPY: err = gpgme_data_new_from_mem (&data, text, strlen (text), 1); break; case TEST_INOUT_MEM_FROM_FILE_COPY: err = gpgme_data_new_from_file (&data, text_filename, 1); break; case TEST_INOUT_MEM_FROM_INEXISTANT_FILE: err = gpgme_data_new_from_file (&data, missing_filename, 1); if (!err) { fprintf (stderr, "%s:%d: gpgme_data_new_from_file on inexistant " "file succeeded unexpectedly\n", __FILE__, __LINE__); exit (1); } continue; case TEST_INOUT_MEM_FROM_FILE_NO_COPY: err = gpgme_data_new_from_file (&data, text_filename, 0); /* This is not implemented yet. */ if (gpgme_err_code (err) == GPG_ERR_NOT_IMPLEMENTED || gpgme_err_code (err) == GPG_ERR_INV_VALUE) continue; break; case TEST_INOUT_MEM_FROM_FILE_PART_BY_NAME: err = gpgme_data_new_from_filepart (&data, longer_text_filename, 0, strlen (text), strlen (text)); break; case TEST_INOUT_MEM_FROM_INEXISTANT_FILE_PART: err = gpgme_data_new_from_filepart (&data, missing_filename, 0, strlen (text), strlen (text)); if (!err) { fprintf (stderr, "%s:%d: gpgme_data_new_from_file on inexistant " "file succeeded unexpectedly\n", __FILE__, __LINE__); exit (1); } continue; case TEST_INOUT_MEM_FROM_FILE_PART_BY_FP: { FILE *fp = fopen (longer_text_filename, "rb"); if (! fp) { fprintf (stderr, "%s:%d: fopen: %s\n", __FILE__, __LINE__, strerror (errno)); exit (1); } err = gpgme_data_new_from_filepart (&data, 0, fp, strlen (text), strlen (text)); } break; case TEST_END: goto out; case TEST_INITIALIZER: /* Shouldn't happen. */ fprintf (stderr, "%s:%d: impossible condition\n", __FILE__, __LINE__); exit (1); } fail_if_err (err); read_test (round, data); write_test (round, data); gpgme_data_release (data); } out: free (text_filename); free (longer_text_filename); return 0; }
gboolean fu_keyring_verify_file (FuKeyring *keyring, const gchar *filename, const gchar *signature, GError **error) { FuKeyringPrivate *priv = GET_PRIVATE (keyring); gboolean has_header; gpgme_error_t rc; gpgme_signature_t s; gpgme_verify_result_t result; g_auto(gpgme_data_t) data = NULL; g_auto(gpgme_data_t) sig = NULL; g_autoptr(GString) sig_v1 = NULL; g_return_val_if_fail (FU_IS_KEYRING (keyring), FALSE); g_return_val_if_fail (filename != NULL, FALSE); g_return_val_if_fail (signature != NULL, FALSE); /* setup context */ if (!fu_keyring_setup (keyring, error)) return FALSE; /* has header already */ has_header = g_strstr_len (signature, -1, "BEGIN PGP SIGNATURE") != NULL; /* load file data */ rc = gpgme_data_new_from_file (&data, filename, 1); if (rc != GPG_ERR_NO_ERROR) { g_set_error (error, FWUPD_ERROR, FWUPD_ERROR_INTERNAL, "failed to load %s: %s", filename, gpgme_strerror (rc)); return FALSE; } /* load signature */ sig_v1 = g_string_new (""); if (!has_header) { g_string_append (sig_v1, "-----BEGIN PGP SIGNATURE-----\n"); g_string_append (sig_v1, "Version: GnuPG v1\n\n"); } g_string_append_printf (sig_v1, "%s\n", signature); if (!has_header) g_string_append (sig_v1, "-----END PGP SIGNATURE-----\n"); rc = gpgme_data_new_from_mem (&sig, sig_v1->str, sig_v1->len, 0); if (rc != GPG_ERR_NO_ERROR) { g_set_error (error, FWUPD_ERROR, FWUPD_ERROR_INTERNAL, "failed to load signature %s: %s", signature, gpgme_strerror (rc)); return FALSE; } /* verify */ rc = gpgme_op_verify (priv->ctx, sig, data, NULL); if (rc != GPG_ERR_NO_ERROR) { g_set_error (error, FWUPD_ERROR, FWUPD_ERROR_INTERNAL, "failed to verify %s: %s", filename, gpgme_strerror (rc)); return FALSE; } /* verify the result */ result = gpgme_op_verify_result (priv->ctx); if (result == NULL) { g_set_error_literal (error, FWUPD_ERROR, FWUPD_ERROR_INTERNAL, "no result record from libgpgme"); return FALSE; } /* look at each signature */ for (s = result->signatures; s != NULL ; s = s->next ) { g_debug ("returned signature fingerprint %s", s->fpr); if (!fu_keyring_check_signature (s, error)) return FALSE; } return TRUE; }
int opkg_verify_gpg_signature(const char *file, const char *sigfile) { int status = -1; int ret = -1; gpgme_ctx_t ctx; int have_ctx = 0; gpgme_data_t sig, text, key; int have_sig = 0, have_text = 0, have_key = 0; gpgme_error_t err; gpgme_verify_result_t result; gpgme_signature_t s; gpgme_protocol_t protocol = GPGME_PROTOCOL_OpenPGP; char *trusted_path = NULL; if (opkg_config->check_signature == 0) return 0; gpgme_check_version(NULL); err = gpgme_new(&ctx); if (err) { opkg_msg(ERROR, "Unable to create gpgme context: %s\n", gpg_strerror(err)); goto out_err; } have_ctx = 1; err = gpgme_set_protocol(ctx, protocol); if (err) { opkg_msg(ERROR, "Unable to set gpgme protocol to OpenPGP: %s\n", gpg_strerror(err)); goto out_err; } trusted_path = root_filename_alloc("/etc/opkg/trusted.gpg"); if (!trusted_path) { opkg_msg(ERROR, "Out of memory!\n"); goto out_err; } err = gpgme_data_new_from_file(&key, trusted_path, 1); if (err) { opkg_msg(ERROR, "Unable to get data from file %s: %s\n", trusted_path, gpg_strerror(err)); goto out_err; } have_key = 1; err = gpgme_op_import(ctx, key); if (err) { opkg_msg(ERROR, "Unable to import key from file %s: %s\n", trusted_path, gpg_strerror(err)); goto out_err; } err = gpgme_data_new_from_file(&sig, sigfile, 1); if (err) { opkg_msg(ERROR, "Unable to get data from file %s: %s\n", sigfile, gpg_strerror(err)); goto out_err; } have_sig = 1; err = gpgme_data_new_from_file(&text, file, 1); if (err) { opkg_msg(ERROR, "Unable to get data from file %s: %s\n", file, gpg_strerror(err)); goto out_err; } have_text = 1; err = gpgme_op_verify(ctx, sig, text, NULL); if (err) { opkg_msg(ERROR, "Unable to verify signature: %s\n", gpg_strerror(err)); goto out_err; } result = gpgme_op_verify_result(ctx); if (!result) { opkg_msg(ERROR, "Unable to get verification data: %s\n", gpg_strerror(err)); goto out_err; } /* see if any of the signitures matched */ s = result->signatures; while (s) { status = gpg_err_code(s->status); if (status == GPG_ERR_NO_ERROR) { ret = 0; break; } s = s->next; } out_err: if (have_sig) gpgme_data_release(sig); if (have_text) gpgme_data_release(text); if (have_key) gpgme_data_release(key); if (trusted_path) free(trusted_path); if (have_ctx) gpgme_release(ctx); return ret; }