static int doImport(rpmts ts, const char *fn, char *buf, ssize_t blen) { char const * const pgpmark = "-----BEGIN PGP "; size_t marklen = strlen(pgpmark); int res = 0; int keyno = 1; char *start = strstr(buf, pgpmark); do { uint8_t *pkt = NULL; uint8_t *pkti = NULL; size_t pktlen = 0; size_t certlen; /* Read pgp packet. */ if (pgpParsePkts(start, &pkt, &pktlen) == PGPARMOR_PUBKEY) { pkti = pkt; /* Iterate over certificates in pkt */ while (pktlen > 0) { if (pgpPubKeyCertLen(pkti, pktlen, &certlen)) { rpmlog(RPMLOG_ERR, _("%s: key %d import failed.\n"), fn, keyno); res++; break; } /* Import pubkey certificate. */ if (rpmtsImportPubkey(ts, pkti, certlen) != RPMRC_OK) { rpmlog(RPMLOG_ERR, _("%s: key %d import failed.\n"), fn, keyno); res++; } pkti += certlen; pktlen -= certlen; } } else { rpmlog(RPMLOG_ERR, _("%s: key %d not an armored public key.\n"), fn, keyno); res++; } /* See if there are more keys in the buffer */ if (start && start + marklen < buf + blen) { start = strstr(start + marklen, pgpmark); } else { start = NULL; } keyno++; free(pkt); } while (start != NULL); return res; }
static int doImport(rpmts ts, const char *fn, char *buf, ssize_t blen) { char const * const pgpmark = "-----BEGIN PGP "; size_t marklen = strlen(pgpmark); int res = 0; int keyno = 1; char *start = strstr(buf, pgpmark); do { uint8_t *pkt = NULL; size_t pktlen = 0; /* Read pgp packet. */ if (pgpParsePkts(start, &pkt, &pktlen) == PGPARMOR_PUBKEY) { /* Import pubkey packet(s). */ if (rpmtsImportPubkey(ts, pkt, pktlen) != RPMRC_OK) { rpmlog(RPMLOG_ERR, _("%s: key %d import failed.\n"), fn, keyno); res++; } } else { rpmlog(RPMLOG_ERR, _("%s: key %d not an armored public key.\n"), fn, keyno); res++; } /* See if there are more keys in the buffer */ if (start && start + marklen < buf + blen) { start = strstr(start + marklen, pgpmark); } else { start = NULL; } keyno++; free(pkt); } while (start != NULL); return res; }
uint32_t AddKeyToKeyRing( const char* pszFile, rpmKeyring pKeyring ) { uint32_t dwError = 0; pgpArmor nArmor = PGPARMOR_NONE; pgpDig pDig = NULL; rpmPubkey pPubkey = NULL; uint8_t* pPkt = NULL; size_t nPktLen = 0; char* pszKeyData = NULL; if(IsNullOrEmptyString(pszFile) || !pKeyring) { dwError = ERROR_TDNF_INVALID_PARAMETER; BAIL_ON_TDNF_ERROR(dwError); } dwError = ReadGPGKey(pszFile, &pszKeyData); BAIL_ON_TDNF_ERROR(dwError); nArmor = pgpParsePkts(pszKeyData, &pPkt, &nPktLen); if(nArmor != PGPARMOR_PUBKEY) { dwError = ERROR_TDNF_INVALID_PUBKEY_FILE; BAIL_ON_TDNF_ERROR(dwError); } pPubkey = rpmPubkeyNew (pPkt, nPktLen); if(!pPubkey) { dwError = ERROR_TDNF_CREATE_PUBKEY_FAILED; BAIL_ON_TDNF_ERROR(dwError); } pDig = rpmPubkeyDig(pPubkey); if(!pDig) { dwError = ERROR_TDNF_CREATE_PUBKEY_FAILED; BAIL_ON_TDNF_ERROR(dwError); } dwError = rpmKeyringLookup(pKeyring, pDig); if(dwError == RPMRC_OK) { dwError = 0;//key exists } else { dwError = rpmKeyringAddKey(pKeyring, pPubkey); if(dwError == 1) { dwError = 0;//Already added. ignore } BAIL_ON_TDNF_ERROR(dwError); } cleanup: return dwError; error: TDNF_SAFE_FREE_MEMORY(pszKeyData); if(pPubkey) { rpmPubkeyFree(pPubkey); } goto cleanup; }
/** * dnf_keyring_add_public_key: * @keyring: a #rpmKeyring instance. * @filename: The public key filename. * @error: a #GError or %NULL. * * Adds a specific public key to the keyring. * * Returns: %TRUE for success, %FALSE otherwise * * Since: 0.1.0 **/ gboolean dnf_keyring_add_public_key(rpmKeyring keyring, const gchar *filename, GError **error) { gboolean ret = TRUE; gint rc; gsize len; pgpArmor armor; pgpDig dig = NULL; rpmPubkey pubkey = NULL; uint8_t *pkt = NULL; g_autofree gchar *data = NULL; /* ignore symlinks and directories */ if (!g_file_test(filename, G_FILE_TEST_IS_REGULAR)) goto out; if (g_file_test(filename, G_FILE_TEST_IS_SYMLINK)) goto out; /* get data */ ret = g_file_get_contents(filename, &data, &len, error); if (!ret) goto out; /* rip off the ASCII armor and parse it */ armor = pgpParsePkts(data, &pkt, &len); if (armor < 0) { ret = FALSE; g_set_error(error, DNF_ERROR, DNF_ERROR_GPG_SIGNATURE_INVALID, "failed to parse PKI file %s", filename); goto out; } /* make sure it's something we can add to rpm */ if (armor != PGPARMOR_PUBKEY) { ret = FALSE; g_set_error(error, DNF_ERROR, DNF_ERROR_GPG_SIGNATURE_INVALID, "PKI file %s is not a public key", filename); goto out; } /* test each one */ pubkey = rpmPubkeyNew(pkt, len); if (pubkey == NULL) { ret = FALSE; g_set_error(error, DNF_ERROR, DNF_ERROR_GPG_SIGNATURE_INVALID, "failed to parse public key for %s", filename); goto out; } /* does the key exist in the keyring */ dig = rpmPubkeyDig(pubkey); rc = rpmKeyringLookup(keyring, dig); if (rc == RPMRC_OK) { ret = TRUE; g_debug("%s is already present", filename); goto out; } /* add to rpmdb automatically, without a prompt */ rc = rpmKeyringAddKey(keyring, pubkey); if (rc == 1) { ret = TRUE; g_debug("%s is already added", filename); goto out; } else if (rc < 0) { ret = FALSE; g_set_error(error, DNF_ERROR, DNF_ERROR_GPG_SIGNATURE_INVALID, "failed to add public key %s to rpmdb", filename); goto out; } /* success */ g_debug("added missing public key %s to rpmdb", filename); ret = TRUE; out: if (pkt != NULL) free(pkt); /* yes, free() */ if (pubkey != NULL) rpmPubkeyFree(pubkey); if (dig != NULL) pgpFreeDig(dig); return ret; }