int rpmcliVerifySignatures(rpmts ts, ARGV_const_t argv)
{
const char * arg;
int res = 0;
rpmKeyring keyring = rpmtsGetKeyring(ts, 1);
rpmVSFlags vsflags = 0;
vsflags |= rpmcliVSFlags;
while ((arg = *argv++) != NULL) {
FD_t fd = Fopen(arg, "r.ufdio");
if (fd == NULL || Ferror(fd)) {
rpmlog(RPMLOG_ERR, _("%s: open failed: %s\n"),
arg, Fstrerror(fd));
res++;
} else if (rpmpkgVerifySigs(keyring, vsflags, fd, arg)) {
res++;
}
Fclose(fd);
rpmsqPoll();
}
rpmKeyringFree(keyring);
return res;
}
int rpmcliVerifySignatures(rpmts ts, ARGV_const_t argv)
{
const char * arg;
int res = 0;
rpmKeyring keyring = rpmtsGetKeyring(ts, 1);
rpmVerifyFlags verifyFlags = (VERIFY_DIGEST|VERIFY_SIGNATURE);
verifyFlags &= ~rpmcliQueryFlags;
while ((arg = *argv++) != NULL) {
FD_t fd = Fopen(arg, "r.ufdio");
if (fd == NULL || Ferror(fd)) {
rpmlog(RPMLOG_ERR, _("%s: open failed: %s\n"),
arg, Fstrerror(fd));
res++;
} else if (rpmpkgVerifySigs(keyring, verifyFlags, fd, arg)) {
res++;
}
Fclose(fd);
rpmdbCheckSignals();
}
rpmKeyringFree(keyring);
return res;
}
/* Wrapper around rpmkVerifySigs to preserve API */
int rpmVerifySignatures(QVA_t qva, rpmts ts, FD_t fd, const char * fn)
{
int rc = 1; /* assume failure */
if (ts && qva && fd && fn) {
rpmKeyring keyring = rpmtsGetKeyring(ts, 1);
rc = rpmpkgVerifySigs(keyring, qva->qva_flags, fd, fn);
rpmKeyringFree(keyring);
}
return rc;
}
rpmRC rpmReadHeader(rpmts ts, FD_t fd, Header *hdrp, char ** msg)
{
rpmRC rc;
rpmKeyring keyring = rpmtsGetKeyring(ts, 1);
rpmVSFlags vsflags = rpmtsVSFlags(ts);
rc = rpmpkgReadHeader(keyring, vsflags, fd, hdrp, msg);
rpmKeyringFree(keyring);
return rc;
}
rpmRC rpmReadPackageFile(rpmts ts, FD_t fd, const char * fn, Header * hdrp)
{
rpmRC rc;
rpmVSFlags vsflags = rpmtsVSFlags(ts);
rpmKeyring keyring = rpmtsGetKeyring(ts, 1);
rc = rpmpkgRead(keyring, vsflags, fd, fn, hdrp);
rpmKeyringFree(keyring);
return rc;
}
rpmRC headerCheck(rpmts ts, const void * uh, size_t uc, char ** msg)
{
rpmRC rc;
rpmVSFlags vsflags = rpmtsVSFlags(ts);
rpmKeyring keyring = rpmtsGetKeyring(ts, 1);
rpmswEnter(rpmtsOp(ts, RPMTS_OP_DIGEST), 0);
rc = headerVerify(keyring, vsflags, uh, uc, msg);
rpmswExit(rpmtsOp(ts, RPMTS_OP_DIGEST), uc);
rpmKeyringFree(keyring);
return rc;
}
rpmRC rpmtsImportPubkey(const rpmts ts, const unsigned char * pkt, size_t pktlen)
{
Header h = NULL;
rpmRC rc = RPMRC_FAIL; /* assume failure */
rpmPubkey pubkey = NULL;
rpmVSFlags oflags = rpmtsVSFlags(ts);
rpmKeyring keyring;
rpmtxn txn = rpmtxnBegin(ts, RPMTXN_WRITE);
int krc;
if (txn == NULL)
return rc;
/* XXX keyring wont load if sigcheck disabled, force it temporarily */
rpmtsSetVSFlags(ts, (oflags & ~_RPMVSF_NOSIGNATURES));
keyring = rpmtsGetKeyring(ts, 1);
rpmtsSetVSFlags(ts, oflags);
if ((pubkey = rpmPubkeyNew(pkt, pktlen)) == NULL)
goto exit;
krc = rpmKeyringAddKey(keyring, pubkey);
if (krc < 0)
goto exit;
/* If we dont already have the key, make a persistent record of it */
if (krc == 0) {
rpm_tid_t tid = rpmtsGetTid(ts);
if (makePubkeyHeader(ts, pubkey, &h) != 0)
goto exit;
headerPutUint32(h, RPMTAG_INSTALLTIME, &tid, 1);
headerPutUint32(h, RPMTAG_INSTALLTID, &tid, 1);
/* Add header to database. */
if (!(rpmtsFlags(ts) & RPMTRANS_FLAG_TEST)) {
rc = rpmtsImportHeader(txn, h, 0);
}
}
rc = RPMRC_OK;
exit:
/* Clean up. */
headerFree(h);
rpmPubkeyFree(pubkey);
rpmKeyringFree(keyring);
rpmtxnEnd(txn);
return rc;
}
rpmRC rpmReadPackageFile(rpmts ts, FD_t fd, const char * fn, Header * hdrp)
{
rpmRC rc;
rpmVSFlags vsflags = rpmtsVSFlags(ts);
rpmKeyring keyring = 0;
if ((vsflags & _RPMVSF_NOSIGNATURES) != _RPMVSF_NOSIGNATURES)
keyring = rpmtsGetKeyring(ts, 1);
rc = rpmpkgRead(keyring, vsflags, fd, fn, hdrp);
if (keyring)
rpmKeyringFree(keyring);
return rc;
}
static PyObject *rpmts_getKeyring(rpmtsObject *s, PyObject *args, PyObject *kwds)
{
rpmKeyring keyring = NULL;
int autoload = 1;
char * kwlist[] = { "autoload", NULL };
if (!PyArg_ParseTupleAndKeywords(args, kwds, "|i:getKeyring",
kwlist, &autoload))
return NULL;
keyring = rpmtsGetKeyring(s->ts, autoload);
if (keyring) {
return rpmKeyring_Wrap(&rpmKeyring_Type, keyring);
} else {
Py_RETURN_NONE;
}
}
rpmRC headerCheck(rpmts ts, const void * uh, size_t uc, char ** msg)
{
rpmRC rc = RPMRC_FAIL;
rpmVSFlags vsflags = rpmtsVSFlags(ts);
rpmKeyring keyring = rpmtsGetKeyring(ts, 1);
struct hdrblob_s blob;
if (hdrblobInit(uh, uc, 0, 0, &blob, msg) == RPMRC_OK) {
rpmswEnter(rpmtsOp(ts, RPMTS_OP_DIGEST), 0);
rc = headerSigVerify(keyring, vsflags, &blob, msg);
rpmswExit(rpmtsOp(ts, RPMTS_OP_DIGEST), uc);
if (rc == RPMRC_NOTFOUND && msg != NULL && *msg == NULL)
rasprintf(msg, "Header sanity check: OK");
}
rpmKeyringFree(keyring);
return rc;
}
rpmRC rpmReadPackageFile(rpmts ts, FD_t fd, const char * fn, Header * hdrp)
{
rpmRC rc;
rpmVSFlags vsflags = rpmtsVSFlags(ts);
rpmKeyring keyring = rpmtsGetKeyring(ts, 1);
unsigned int keyid = 0;
char *msg = NULL;
if (fn == NULL)
fn = Fdescr(fd);
rc = rpmpkgRead(keyring, vsflags, fd, hdrp, &keyid, &msg);
switch (rc) {
case RPMRC_OK: /* Signature is OK. */
rpmlog(RPMLOG_DEBUG, "%s: %s\n", fn, msg);
break;
case RPMRC_NOTTRUSTED: /* Signature is OK, but key is not trusted. */
case RPMRC_NOKEY: /* Public key is unavailable. */
/* XXX Print NOKEY/NOTTRUSTED warning only once. */
{ int lvl = (stashKeyid(keyid) ? RPMLOG_DEBUG : RPMLOG_WARNING);
rpmlog(lvl, "%s: %s\n", fn, msg);
} break;
case RPMRC_NOTFOUND: /* Signature is unknown type or manifest. */
/* msg == NULL is probably a manifest */
if (msg)
rpmlog(RPMLOG_WARNING, "%s: %s\n", fn, msg);
break;
default:
case RPMRC_FAIL: /* Signature does not verify. */
rpmlog(RPMLOG_ERR, "%s: %s\n", fn, msg);
break;
}
rpmKeyringFree(keyring);
free(msg);
return rc;
}
