static int doImport(rpmts ts, const char *fn, char *buf, ssize_t blen)
{
char const * const pgpmark = "-----BEGIN PGP ";
size_t marklen = strlen(pgpmark);
int res = 0;
int keyno = 1;
char *start = strstr(buf, pgpmark);
do {
uint8_t *pkt = NULL;
uint8_t *pkti = NULL;
size_t pktlen = 0;
size_t certlen;
/* Read pgp packet. */
if (pgpParsePkts(start, &pkt, &pktlen) == PGPARMOR_PUBKEY) {
pkti = pkt;
/* Iterate over certificates in pkt */
while (pktlen > 0) {
if (pgpPubKeyCertLen(pkti, pktlen, &certlen)) {
rpmlog(RPMLOG_ERR, _("%s: key %d import failed.\n"), fn,
keyno);
res++;
break;
}
/* Import pubkey certificate. */
if (rpmtsImportPubkey(ts, pkti, certlen) != RPMRC_OK) {
rpmlog(RPMLOG_ERR, _("%s: key %d import failed.\n"), fn,
keyno);
res++;
}
pkti += certlen;
pktlen -= certlen;
}
} else {
rpmlog(RPMLOG_ERR, _("%s: key %d not an armored public key.\n"),
fn, keyno);
res++;
}
/* See if there are more keys in the buffer */
if (start && start + marklen < buf + blen) {
start = strstr(start + marklen, pgpmark);
} else {
start = NULL;
}
keyno++;
free(pkt);
} while (start != NULL);
return res;
}
static int doImport(rpmts ts, const char *fn, char *buf, ssize_t blen)
{
char const * const pgpmark = "-----BEGIN PGP ";
size_t marklen = strlen(pgpmark);
int res = 0;
int keyno = 1;
char *start = strstr(buf, pgpmark);
do {
uint8_t *pkt = NULL;
size_t pktlen = 0;
/* Read pgp packet. */
if (pgpParsePkts(start, &pkt, &pktlen) == PGPARMOR_PUBKEY) {
/* Import pubkey packet(s). */
if (rpmtsImportPubkey(ts, pkt, pktlen) != RPMRC_OK) {
rpmlog(RPMLOG_ERR, _("%s: key %d import failed.\n"), fn, keyno);
res++;
}
} else {
rpmlog(RPMLOG_ERR, _("%s: key %d not an armored public key.\n"),
fn, keyno);
res++;
}
/* See if there are more keys in the buffer */
if (start && start + marklen < buf + blen) {
start = strstr(start + marklen, pgpmark);
} else {
start = NULL;
}
keyno++;
free(pkt);
} while (start != NULL);
return res;
}
uint32_t
AddKeyToKeyRing(
const char* pszFile,
rpmKeyring pKeyring
)
{
uint32_t dwError = 0;
pgpArmor nArmor = PGPARMOR_NONE;
pgpDig pDig = NULL;
rpmPubkey pPubkey = NULL;
uint8_t* pPkt = NULL;
size_t nPktLen = 0;
char* pszKeyData = NULL;
if(IsNullOrEmptyString(pszFile) || !pKeyring)
{
dwError = ERROR_TDNF_INVALID_PARAMETER;
BAIL_ON_TDNF_ERROR(dwError);
}
dwError = ReadGPGKey(pszFile, &pszKeyData);
BAIL_ON_TDNF_ERROR(dwError);
nArmor = pgpParsePkts(pszKeyData, &pPkt, &nPktLen);
if(nArmor != PGPARMOR_PUBKEY)
{
dwError = ERROR_TDNF_INVALID_PUBKEY_FILE;
BAIL_ON_TDNF_ERROR(dwError);
}
pPubkey = rpmPubkeyNew (pPkt, nPktLen);
if(!pPubkey)
{
dwError = ERROR_TDNF_CREATE_PUBKEY_FAILED;
BAIL_ON_TDNF_ERROR(dwError);
}
pDig = rpmPubkeyDig(pPubkey);
if(!pDig)
{
dwError = ERROR_TDNF_CREATE_PUBKEY_FAILED;
BAIL_ON_TDNF_ERROR(dwError);
}
dwError = rpmKeyringLookup(pKeyring, pDig);
if(dwError == RPMRC_OK)
{
dwError = 0;//key exists
}
else
{
dwError = rpmKeyringAddKey(pKeyring, pPubkey);
if(dwError == 1)
{
dwError = 0;//Already added. ignore
}
BAIL_ON_TDNF_ERROR(dwError);
}
cleanup:
return dwError;
error:
TDNF_SAFE_FREE_MEMORY(pszKeyData);
if(pPubkey)
{
rpmPubkeyFree(pPubkey);
}
goto cleanup;
}
/**
* dnf_keyring_add_public_key:
* @keyring: a #rpmKeyring instance.
* @filename: The public key filename.
* @error: a #GError or %NULL.
*
* Adds a specific public key to the keyring.
*
* Returns: %TRUE for success, %FALSE otherwise
*
* Since: 0.1.0
**/
gboolean
dnf_keyring_add_public_key(rpmKeyring keyring,
const gchar *filename,
GError **error)
{
gboolean ret = TRUE;
gint rc;
gsize len;
pgpArmor armor;
pgpDig dig = NULL;
rpmPubkey pubkey = NULL;
uint8_t *pkt = NULL;
g_autofree gchar *data = NULL;
/* ignore symlinks and directories */
if (!g_file_test(filename, G_FILE_TEST_IS_REGULAR))
goto out;
if (g_file_test(filename, G_FILE_TEST_IS_SYMLINK))
goto out;
/* get data */
ret = g_file_get_contents(filename, &data, &len, error);
if (!ret)
goto out;
/* rip off the ASCII armor and parse it */
armor = pgpParsePkts(data, &pkt, &len);
if (armor < 0) {
ret = FALSE;
g_set_error(error,
DNF_ERROR,
DNF_ERROR_GPG_SIGNATURE_INVALID,
"failed to parse PKI file %s",
filename);
goto out;
}
/* make sure it's something we can add to rpm */
if (armor != PGPARMOR_PUBKEY) {
ret = FALSE;
g_set_error(error,
DNF_ERROR,
DNF_ERROR_GPG_SIGNATURE_INVALID,
"PKI file %s is not a public key",
filename);
goto out;
}
/* test each one */
pubkey = rpmPubkeyNew(pkt, len);
if (pubkey == NULL) {
ret = FALSE;
g_set_error(error,
DNF_ERROR,
DNF_ERROR_GPG_SIGNATURE_INVALID,
"failed to parse public key for %s",
filename);
goto out;
}
/* does the key exist in the keyring */
dig = rpmPubkeyDig(pubkey);
rc = rpmKeyringLookup(keyring, dig);
if (rc == RPMRC_OK) {
ret = TRUE;
g_debug("%s is already present", filename);
goto out;
}
/* add to rpmdb automatically, without a prompt */
rc = rpmKeyringAddKey(keyring, pubkey);
if (rc == 1) {
ret = TRUE;
g_debug("%s is already added", filename);
goto out;
} else if (rc < 0) {
ret = FALSE;
g_set_error(error,
DNF_ERROR,
DNF_ERROR_GPG_SIGNATURE_INVALID,
"failed to add public key %s to rpmdb",
filename);
goto out;
}
/* success */
g_debug("added missing public key %s to rpmdb", filename);
ret = TRUE;
out:
if (pkt != NULL)
free(pkt); /* yes, free() */
if (pubkey != NULL)
rpmPubkeyFree(pubkey);
if (dig != NULL)
pgpFreeDig(dig);
return ret;
}
