int rpmcliVerifySignatures(rpmts ts, ARGV_const_t argv) { const char * arg; int res = 0; rpmKeyring keyring = rpmtsGetKeyring(ts, 1); rpmVSFlags vsflags = 0; vsflags |= rpmcliVSFlags; while ((arg = *argv++) != NULL) { FD_t fd = Fopen(arg, "r.ufdio"); if (fd == NULL || Ferror(fd)) { rpmlog(RPMLOG_ERR, _("%s: open failed: %s\n"), arg, Fstrerror(fd)); res++; } else if (rpmpkgVerifySigs(keyring, vsflags, fd, arg)) { res++; } Fclose(fd); rpmsqPoll(); } rpmKeyringFree(keyring); return res; }
int rpmcliVerifySignatures(rpmts ts, ARGV_const_t argv) { const char * arg; int res = 0; rpmKeyring keyring = rpmtsGetKeyring(ts, 1); rpmVerifyFlags verifyFlags = (VERIFY_DIGEST|VERIFY_SIGNATURE); verifyFlags &= ~rpmcliQueryFlags; while ((arg = *argv++) != NULL) { FD_t fd = Fopen(arg, "r.ufdio"); if (fd == NULL || Ferror(fd)) { rpmlog(RPMLOG_ERR, _("%s: open failed: %s\n"), arg, Fstrerror(fd)); res++; } else if (rpmpkgVerifySigs(keyring, verifyFlags, fd, arg)) { res++; } Fclose(fd); rpmdbCheckSignals(); } rpmKeyringFree(keyring); return res; }
/* Wrapper around rpmkVerifySigs to preserve API */ int rpmVerifySignatures(QVA_t qva, rpmts ts, FD_t fd, const char * fn) { int rc = 1; /* assume failure */ if (ts && qva && fd && fn) { rpmKeyring keyring = rpmtsGetKeyring(ts, 1); rc = rpmpkgVerifySigs(keyring, qva->qva_flags, fd, fn); rpmKeyringFree(keyring); } return rc; }
rpmRC rpmReadHeader(rpmts ts, FD_t fd, Header *hdrp, char ** msg) { rpmRC rc; rpmKeyring keyring = rpmtsGetKeyring(ts, 1); rpmVSFlags vsflags = rpmtsVSFlags(ts); rc = rpmpkgReadHeader(keyring, vsflags, fd, hdrp, msg); rpmKeyringFree(keyring); return rc; }
rpmRC rpmReadPackageFile(rpmts ts, FD_t fd, const char * fn, Header * hdrp) { rpmRC rc; rpmVSFlags vsflags = rpmtsVSFlags(ts); rpmKeyring keyring = rpmtsGetKeyring(ts, 1); rc = rpmpkgRead(keyring, vsflags, fd, fn, hdrp); rpmKeyringFree(keyring); return rc; }
rpmRC headerCheck(rpmts ts, const void * uh, size_t uc, char ** msg) { rpmRC rc; rpmVSFlags vsflags = rpmtsVSFlags(ts); rpmKeyring keyring = rpmtsGetKeyring(ts, 1); rpmswEnter(rpmtsOp(ts, RPMTS_OP_DIGEST), 0); rc = headerVerify(keyring, vsflags, uh, uc, msg); rpmswExit(rpmtsOp(ts, RPMTS_OP_DIGEST), uc); rpmKeyringFree(keyring); return rc; }
rpmRC rpmtsImportPubkey(const rpmts ts, const unsigned char * pkt, size_t pktlen) { Header h = NULL; rpmRC rc = RPMRC_FAIL; /* assume failure */ rpmPubkey pubkey = NULL; rpmVSFlags oflags = rpmtsVSFlags(ts); rpmKeyring keyring; rpmtxn txn = rpmtxnBegin(ts, RPMTXN_WRITE); int krc; if (txn == NULL) return rc; /* XXX keyring wont load if sigcheck disabled, force it temporarily */ rpmtsSetVSFlags(ts, (oflags & ~_RPMVSF_NOSIGNATURES)); keyring = rpmtsGetKeyring(ts, 1); rpmtsSetVSFlags(ts, oflags); if ((pubkey = rpmPubkeyNew(pkt, pktlen)) == NULL) goto exit; krc = rpmKeyringAddKey(keyring, pubkey); if (krc < 0) goto exit; /* If we dont already have the key, make a persistent record of it */ if (krc == 0) { rpm_tid_t tid = rpmtsGetTid(ts); if (makePubkeyHeader(ts, pubkey, &h) != 0) goto exit; headerPutUint32(h, RPMTAG_INSTALLTIME, &tid, 1); headerPutUint32(h, RPMTAG_INSTALLTID, &tid, 1); /* Add header to database. */ if (!(rpmtsFlags(ts) & RPMTRANS_FLAG_TEST)) { rc = rpmtsImportHeader(txn, h, 0); } } rc = RPMRC_OK; exit: /* Clean up. */ headerFree(h); rpmPubkeyFree(pubkey); rpmKeyringFree(keyring); rpmtxnEnd(txn); return rc; }
rpmRC rpmReadPackageFile(rpmts ts, FD_t fd, const char * fn, Header * hdrp) { rpmRC rc; rpmVSFlags vsflags = rpmtsVSFlags(ts); rpmKeyring keyring = 0; if ((vsflags & _RPMVSF_NOSIGNATURES) != _RPMVSF_NOSIGNATURES) keyring = rpmtsGetKeyring(ts, 1); rc = rpmpkgRead(keyring, vsflags, fd, fn, hdrp); if (keyring) rpmKeyringFree(keyring); return rc; }
static PyObject *rpmts_getKeyring(rpmtsObject *s, PyObject *args, PyObject *kwds) { rpmKeyring keyring = NULL; int autoload = 1; char * kwlist[] = { "autoload", NULL }; if (!PyArg_ParseTupleAndKeywords(args, kwds, "|i:getKeyring", kwlist, &autoload)) return NULL; keyring = rpmtsGetKeyring(s->ts, autoload); if (keyring) { return rpmKeyring_Wrap(&rpmKeyring_Type, keyring); } else { Py_RETURN_NONE; } }
rpmRC headerCheck(rpmts ts, const void * uh, size_t uc, char ** msg) { rpmRC rc = RPMRC_FAIL; rpmVSFlags vsflags = rpmtsVSFlags(ts); rpmKeyring keyring = rpmtsGetKeyring(ts, 1); struct hdrblob_s blob; if (hdrblobInit(uh, uc, 0, 0, &blob, msg) == RPMRC_OK) { rpmswEnter(rpmtsOp(ts, RPMTS_OP_DIGEST), 0); rc = headerSigVerify(keyring, vsflags, &blob, msg); rpmswExit(rpmtsOp(ts, RPMTS_OP_DIGEST), uc); if (rc == RPMRC_NOTFOUND && msg != NULL && *msg == NULL) rasprintf(msg, "Header sanity check: OK"); } rpmKeyringFree(keyring); return rc; }
rpmRC rpmReadPackageFile(rpmts ts, FD_t fd, const char * fn, Header * hdrp) { rpmRC rc; rpmVSFlags vsflags = rpmtsVSFlags(ts); rpmKeyring keyring = rpmtsGetKeyring(ts, 1); unsigned int keyid = 0; char *msg = NULL; if (fn == NULL) fn = Fdescr(fd); rc = rpmpkgRead(keyring, vsflags, fd, hdrp, &keyid, &msg); switch (rc) { case RPMRC_OK: /* Signature is OK. */ rpmlog(RPMLOG_DEBUG, "%s: %s\n", fn, msg); break; case RPMRC_NOTTRUSTED: /* Signature is OK, but key is not trusted. */ case RPMRC_NOKEY: /* Public key is unavailable. */ /* XXX Print NOKEY/NOTTRUSTED warning only once. */ { int lvl = (stashKeyid(keyid) ? RPMLOG_DEBUG : RPMLOG_WARNING); rpmlog(lvl, "%s: %s\n", fn, msg); } break; case RPMRC_NOTFOUND: /* Signature is unknown type or manifest. */ /* msg == NULL is probably a manifest */ if (msg) rpmlog(RPMLOG_WARNING, "%s: %s\n", fn, msg); break; default: case RPMRC_FAIL: /* Signature does not verify. */ rpmlog(RPMLOG_ERR, "%s: %s\n", fn, msg); break; } rpmKeyringFree(keyring); free(msg); return rc; }