rpmRC rpmReadPackageFile(rpmts ts, FD_t fd, const char * fn, Header * hdrp)
{
rpmRC rc;
rpmVSFlags vsflags = rpmtsVSFlags(ts);
rpmKeyring keyring = rpmtsGetKeyring(ts, 1);
rc = rpmpkgRead(keyring, vsflags, fd, fn, hdrp);
rpmKeyringFree(keyring);
return rc;
}
static int rpmpkgVerifySigs(rpmKeyring keyring, rpmVSFlags flags,
FD_t fd, const char *fn)
{
int rc;
if (rpmIsVerbose()) {
rpmlog(RPMLOG_NOTICE, "%s:\n", fn);
rc = rpmpkgRead(keyring, flags, fd, formatVerbose, NULL, NULL);
} else {
struct vfydata_s vd = { 0, 0 };
rpmlog(RPMLOG_NOTICE, "%s:", fn);
rc = rpmpkgRead(keyring, flags, fd, formatDefault, &vd, NULL);
if (vd.seen & RPMSIG_DIGEST_TYPE) {
rpmlog(RPMLOG_NOTICE, " %s", (vd.bad & RPMSIG_DIGEST_TYPE) ?
_("DIGESTS") : _("digests"));
}
if (vd.seen & RPMSIG_SIGNATURE_TYPE) {
rpmlog(RPMLOG_NOTICE, " %s", (vd.bad & RPMSIG_SIGNATURE_TYPE) ?
_("SIGNATURES") : _("signatures"));
}
rpmlog(RPMLOG_NOTICE, " %s\n", rc ? _("NOT OK") : _("OK"));
}
return rc;
}
rpmRC rpmReadPackageFile(rpmts ts, FD_t fd, const char * fn, Header * hdrp)
{
rpmRC rc;
rpmVSFlags vsflags = rpmtsVSFlags(ts);
rpmKeyring keyring = 0;
if ((vsflags & _RPMVSF_NOSIGNATURES) != _RPMVSF_NOSIGNATURES)
keyring = rpmtsGetKeyring(ts, 1);
rc = rpmpkgRead(keyring, vsflags, fd, fn, hdrp);
if (keyring)
rpmKeyringFree(keyring);
return rc;
}
rpmRC rpmReadPackageFile(rpmts ts, FD_t fd, const char * fn, Header * hdrp)
{
rpmRC rc;
rpmVSFlags vsflags = rpmtsVSFlags(ts);
rpmKeyring keyring = rpmtsGetKeyring(ts, 1);
unsigned int keyid = 0;
char *msg = NULL;
if (fn == NULL)
fn = Fdescr(fd);
rc = rpmpkgRead(keyring, vsflags, fd, hdrp, &keyid, &msg);
switch (rc) {
case RPMRC_OK: /* Signature is OK. */
rpmlog(RPMLOG_DEBUG, "%s: %s\n", fn, msg);
break;
case RPMRC_NOTTRUSTED: /* Signature is OK, but key is not trusted. */
case RPMRC_NOKEY: /* Public key is unavailable. */
/* XXX Print NOKEY/NOTTRUSTED warning only once. */
{ int lvl = (stashKeyid(keyid) ? RPMLOG_DEBUG : RPMLOG_WARNING);
rpmlog(lvl, "%s: %s\n", fn, msg);
} break;
case RPMRC_NOTFOUND: /* Signature is unknown type or manifest. */
/* msg == NULL is probably a manifest */
if (msg)
rpmlog(RPMLOG_WARNING, "%s: %s\n", fn, msg);
break;
default:
case RPMRC_FAIL: /* Signature does not verify. */
rpmlog(RPMLOG_ERR, "%s: %s\n", fn, msg);
break;
}
rpmKeyringFree(keyring);
free(msg);
return rc;
}
/*@-mods@*/
rpmRC rpmReadPackageFile(rpmts ts, FD_t fd, const char * fn, Header * hdrp)
{
HE_t he = (HE_t) memset(alloca(sizeof(*he)), 0, sizeof(*he));
HE_t she = (HE_t) memset(alloca(sizeof(*she)), 0, sizeof(*she));
pgpDig dig = rpmtsDig(ts);
char buf[8*BUFSIZ];
ssize_t count;
Header sigh = NULL;
rpmtsOpX opx;
rpmop op = NULL;
size_t nb;
unsigned ix;
Header h = NULL;
const char * msg = NULL;
rpmVSFlags vsflags;
rpmRC rc = RPMRC_FAIL; /* assume failure */
rpmop opsave = (rpmop) memset(alloca(sizeof(*opsave)), 0, sizeof(*opsave));
int xx;
pgpPkt pp = (pgpPkt) alloca(sizeof(*pp));
if (hdrp) *hdrp = NULL;
assert(dig != NULL);
(void) fdSetDig(fd, dig);
/* Snapshot current I/O counters (cached persistent I/O reuses counters) */
(void) rpmswAdd(opsave, fdstat_op(fd, FDSTAT_READ));
{ const char item[] = "Lead";
msg = NULL;
rc = rpmpkgRead(item, fd, NULL, &msg);
switch (rc) {
default:
rpmlog(RPMLOG_ERR, "%s: %s: %s\n", fn, item, msg);
/*@fallthrough@*/
case RPMRC_NOTFOUND:
msg = _free(msg);
goto exit;
/*@notreached@*/ break;
case RPMRC_OK:
break;
}
msg = _free(msg);
}
{ const char item[] = "Signature";
msg = NULL;
rc = rpmpkgRead(item, fd, &sigh, &msg);
switch (rc) {
default:
rpmlog(RPMLOG_ERR, "%s: %s: %s", fn, item,
(msg && *msg ? msg : _("read failed\n")));
msg = _free(msg);
goto exit;
/*@notreached@*/ break;
case RPMRC_OK:
if (sigh == NULL) {
rpmlog(RPMLOG_ERR, _("%s: No signature available\n"), fn);
rc = RPMRC_FAIL;
goto exit;
}
break;
}
msg = _free(msg);
}
#define _chk(_mask) (she->tag == 0 && !(vsflags & (_mask)))
/*
* Figger the most effective available signature.
* Prefer signatures over digests, then header-only over header+payload.
* DSA will be preferred over RSA if both exist because tested first.
* Note that NEEDPAYLOAD prevents header+payload signatures and digests.
*/
she->tag = (rpmTag)0;
opx = (rpmtsOpX)0;
vsflags = pgpDigVSFlags;
if (_chk(RPMVSF_NOECDSAHEADER) && headerIsEntry(sigh, (rpmTag)RPMSIGTAG_ECDSA)) {
she->tag = (rpmTag)RPMSIGTAG_ECDSA;
} else
if (_chk(RPMVSF_NODSAHEADER) && headerIsEntry(sigh, (rpmTag)RPMSIGTAG_DSA)) {
she->tag = (rpmTag)RPMSIGTAG_DSA;
} else
if (_chk(RPMVSF_NORSAHEADER) && headerIsEntry(sigh, (rpmTag)RPMSIGTAG_RSA)) {
she->tag = (rpmTag)RPMSIGTAG_RSA;
} else
if (_chk(RPMVSF_NOSHA1HEADER) && headerIsEntry(sigh, (rpmTag)RPMSIGTAG_SHA1)) {
she->tag = (rpmTag)RPMSIGTAG_SHA1;
} else
if (_chk(RPMVSF_NOMD5|RPMVSF_NEEDPAYLOAD) &&
headerIsEntry(sigh, (rpmTag)RPMSIGTAG_MD5))
{
she->tag = (rpmTag)RPMSIGTAG_MD5;
fdInitDigest(fd, PGPHASHALGO_MD5, 0);
opx = RPMTS_OP_DIGEST;
}
/* Read the metadata, computing digest(s) on the fly. */
h = NULL;
msg = NULL;
/* XXX stats will include header i/o and setup overhead. */
/* XXX repackaged packages have appended tags, legacy dig/sig check fails */
if (opx > 0) {
op = (rpmop) pgpStatsAccumulator(dig, opx);
(void) rpmswEnter(op, 0);
}
/*@-type@*/ /* XXX arrow access of non-pointer (FDSTAT_t) */
nb = fd->stats->ops[FDSTAT_READ].bytes;
{ const char item[] = "Header";
msg = NULL;
rc = rpmpkgRead(item, fd, &h, &msg);
if (rc != RPMRC_OK) {
rpmlog(RPMLOG_ERR, "%s: %s: %s\n", fn, item, msg);
msg = _free(msg);
goto exit;
}
msg = _free(msg);
}
nb = fd->stats->ops[FDSTAT_READ].bytes - nb;
/*@=type@*/
if (opx > 0 && op != NULL) {
(void) rpmswExit(op, nb);
op = NULL;
}
/* Any digests or signatures to check? */
if (she->tag == 0) {
rc = RPMRC_OK;
goto exit;
}
dig->nbytes = 0;
/* Fish out the autosign pubkey (if present). */
he->tag = RPMTAG_PUBKEYS;
xx = headerGet(h, he, 0);
if (xx && he->p.argv != NULL && he->c > 0)
switch (he->t) {
default:
break;
case RPM_STRING_ARRAY_TYPE:
ix = he->c - 1; /* XXX FIXME: assumes last pubkey */
dig->pub = _free(dig->pub);
dig->publen = 0;
{ rpmiob iob = rpmiobNew(0);
iob = rpmiobAppend(iob, he->p.argv[ix], 0);
xx = pgpArmorUnwrap(iob, (rpmuint8_t **)&dig->pub, &dig->publen);
iob = rpmiobFree(iob);
}
if (xx != PGPARMOR_PUBKEY) {
dig->pub = _free(dig->pub);
dig->publen = 0;
}
break;
}
he->p.ptr = _free(he->p.ptr);
/* Retrieve the tag parameters from the signature header. */
xx = headerGet(sigh, she, 0);
if (she->p.ptr == NULL) {
rc = RPMRC_FAIL;
goto exit;
}
/*@-ownedtrans -noeffect@*/
xx = pgpSetSig(dig, she->tag, she->t, she->p.ptr, she->c);
/*@=ownedtrans =noeffect@*/
switch ((rpmSigTag)she->tag) {
default: /* XXX keep gcc quiet. */
assert(0);
/*@notreached@*/ break;
case RPMSIGTAG_RSA:
/* Parse the parameters from the OpenPGP packets that will be needed. */
xx = pgpPktLen(she->p.ui8p, she->c, pp);
xx = rpmhkpLoadSignature(NULL, dig, pp);
if (dig->signature.version != 3 && dig->signature.version != 4) {
rpmlog(RPMLOG_ERR,
_("skipping package %s with unverifiable V%u signature\n"),
fn, dig->signature.version);
rc = RPMRC_FAIL;
goto exit;
}
xx = hBlobDigest(h, dig, dig->signature.hash_algo, &dig->hrsa);
break;
case RPMSIGTAG_DSA:
/* Parse the parameters from the OpenPGP packets that will be needed. */
xx = pgpPktLen(she->p.ui8p, she->c, pp);
xx = rpmhkpLoadSignature(NULL, dig, pp);
if (dig->signature.version != 3 && dig->signature.version != 4) {
rpmlog(RPMLOG_ERR,
_("skipping package %s with unverifiable V%u signature\n"),
fn, dig->signature.version);
rc = RPMRC_FAIL;
goto exit;
}
xx = hBlobDigest(h, dig, dig->signature.hash_algo, &dig->hdsa);
break;
case RPMSIGTAG_ECDSA:
/* Parse the parameters from the OpenPGP packets that will be needed. */
xx = pgpPktLen(she->p.ui8p, she->c, pp);
xx = rpmhkpLoadSignature(NULL, dig, pp);
if (dig->signature.version != 3 && dig->signature.version != 4) {
rpmlog(RPMLOG_ERR,
_("skipping package %s with unverifiable V%u signature\n"),
fn, dig->signature.version);
rc = RPMRC_FAIL;
goto exit;
}
xx = hBlobDigest(h, dig, dig->signature.hash_algo, &dig->hecdsa);
break;
case RPMSIGTAG_SHA1:
/* XXX dig->hsha? */
xx = hBlobDigest(h, dig, PGPHASHALGO_SHA1, &dig->hdsa);
break;
case RPMSIGTAG_MD5:
/* Legacy signatures need the compressed payload in the digest too. */
op = (rpmop) pgpStatsAccumulator(dig, 10); /* RPMTS_OP_DIGEST */
(void) rpmswEnter(op, 0);
while ((count = Fread(buf, sizeof(buf[0]), sizeof(buf), fd)) > 0)
dig->nbytes += count;
(void) rpmswExit(op, dig->nbytes);
op->count--; /* XXX one too many */
dig->nbytes += nb; /* XXX include size of header blob. */
if (count < 0) {
rpmlog(RPMLOG_ERR, _("%s: Fread failed: %s\n"),
fn, Fstrerror(fd));
rc = RPMRC_FAIL;
goto exit;
}
/* XXX Steal the digest-in-progress from the file handle. */
fdStealDigest(fd, dig);
break;
}
/** @todo Implement disable/enable/warn/error/anal policy. */
buf[0] = '\0';
rc = rpmVerifySignature(dig, buf);
switch (rc) {
case RPMRC_OK: /* Signature is OK. */
rpmlog(RPMLOG_DEBUG, "%s: %s\n", fn, buf);
break;
case RPMRC_NOTTRUSTED: /* Signature is OK, but key is not trusted. */
case RPMRC_NOKEY: /* Public key is unavailable. */
#ifndef DYING
/* XXX Print NOKEY/NOTTRUSTED warning only once. */
{ int lvl = (pgpStashKeyid(dig) ? RPMLOG_DEBUG : RPMLOG_WARNING);
rpmlog(lvl, "%s: %s\n", fn, buf);
} break;
case RPMRC_NOTFOUND: /* Signature is unknown type. */
rpmlog(RPMLOG_WARNING, "%s: %s\n", fn, buf);
break;
#else
case RPMRC_NOTFOUND: /* Signature is unknown type. */
case RPMRC_NOSIG: /* Signature is unavailable. */
#endif
default:
case RPMRC_FAIL: /* Signature does not verify. */
rpmlog(RPMLOG_ERR, "%s: %s\n", fn, buf);
break;
}
exit:
if (rc != RPMRC_FAIL && h != NULL && hdrp != NULL) {
/* Append (and remap) signature tags to the metadata. */
headerMergeLegacySigs(h, sigh);
/* Bump reference count for return. */
*hdrp = headerLink(h);
}
(void)headerFree(h);
h = NULL;
/* Accumulate time reading package header. */
(void) rpmswAdd(rpmtsOp(ts, RPMTS_OP_READHDR),
fdstat_op(fd, FDSTAT_READ));
(void) rpmswSub(rpmtsOp(ts, RPMTS_OP_READHDR),
opsave);
#ifdef NOTYET
/* Return RPMRC_NOSIG for MANDATORY signature verification. */
{ rpmSigTag sigtag = pgpGetSigtag(dig);
switch (sigtag) {
default:
rc = RPMRC_NOSIG;
/*@fallthrough@*/
case RPMSIGTAG_RSA:
case RPMSIGTAG_DSA:
case RPMSIGTAG_ECDSA:
break;
}
}
#endif
rpmtsCleanDig(ts);
(void)headerFree(sigh);
sigh = NULL;
return rc;
}
rpmRC rpmgiNext(/*@null@*/ rpmgi gi)
{
char hnum[32];
rpmRC rpmrc = RPMRC_NOTFOUND;
int xx;
if (gi == NULL)
return rpmrc;
if (_rpmgi_debug)
fprintf(stderr, "--> %s(%p) tag %s\n", __FUNCTION__, gi, tagName(gi->tag));
/* Free header from previous iteration. */
(void)headerFree(gi->h);
gi->h = NULL;
gi->hdrPath = _free(gi->hdrPath);
hnum[0] = '\0';
if (++gi->i >= 0)
switch (gi->tag) {
default:
if (!gi->active) {
nextkey:
rpmrc = rpmgiLoadNextKey(gi);
if (rpmrc != RPMRC_OK)
goto enditer;
rpmrc = rpmgiInitFilter(gi);
if (rpmrc != RPMRC_OK || gi->mi == NULL) {
gi->mi = rpmmiFree(gi->mi); /* XXX unnecessary */
gi->i++;
goto nextkey;
}
rpmrc = RPMRC_NOTFOUND; /* XXX hack */
gi->active = 1;
}
if (gi->mi != NULL) { /* XXX unnecessary */
Header h = rpmmiNext(gi->mi);
if (h != NULL) {
if (!(gi->flags & RPMGI_NOHEADER))
gi->h = headerLink(h);
/* XXX use h->origin instead. */
sprintf(hnum, "%u", (unsigned)rpmmiInstance(gi->mi));
gi->hdrPath = rpmExpand("rpmdb h# ", hnum, NULL);
rpmrc = RPMRC_OK;
/* XXX header reference held by iterator, so no headerFree */
}
}
if (rpmrc != RPMRC_OK) {
gi->mi = rpmmiFree(gi->mi);
goto nextkey;
}
break;
case RPMDBI_PACKAGES:
if (!gi->active) {
rpmrc = rpmgiInitFilter(gi);
if (rpmrc != RPMRC_OK) {
gi->mi = rpmmiFree(gi->mi); /* XXX unnecessary */
goto enditer;
}
rpmrc = RPMRC_NOTFOUND; /* XXX hack */
gi->active = 1;
}
if (gi->mi != NULL) { /* XXX unnecessary */
Header h = rpmmiNext(gi->mi);
if (h != NULL) {
if (!(gi->flags & RPMGI_NOHEADER))
gi->h = headerLink(h);
/* XXX use h->origin instead. */
sprintf(hnum, "%u", (unsigned)rpmmiInstance(gi->mi));
gi->hdrPath = rpmExpand("rpmdb h# ", hnum, NULL);
rpmrc = RPMRC_OK;
/* XXX header reference held by iterator, so no headerFree */
}
}
if (rpmrc != RPMRC_OK) {
gi->mi = rpmmiFree(gi->mi);
goto enditer;
}
break;
case RPMDBI_REMOVED:
case RPMDBI_ADDED:
{ rpmte p;
int teType = 0;
const char * teTypeString = NULL;
if (!gi->active) {
gi->tsi = rpmtsiInit(gi->ts);
gi->active = 1;
}
if ((p = rpmtsiNext(gi->tsi, teType)) != NULL) {
Header h = rpmteHeader(p);
if (h != NULL)
if (!(gi->flags & RPMGI_NOHEADER)) {
gi->h = headerLink(h);
switch(rpmteType(p)) {
case TR_ADDED: teTypeString = "+++"; /*@switchbreak@*/break;
case TR_REMOVED: teTypeString = "---"; /*@switchbreak@*/break;
}
sprintf(hnum, "%u", (unsigned)gi->i);
gi->hdrPath = rpmExpand("%s h# ", teTypeString, hnum, NULL);
rpmrc = RPMRC_OK;
(void)headerFree(h);
h = NULL;
}
}
if (rpmrc != RPMRC_OK) {
gi->tsi = rpmtsiFree(gi->tsi);
goto enditer;
}
} break;
case RPMDBI_HDLIST:
if (!gi->active) {
const char * path = rpmExpand("%{?_query_hdlist_path}", NULL);
if (path == NULL || *path == '\0') {
path = _free(path);
path = rpmExpand(_query_hdlist_path, NULL);
}
gi->fd = rpmgiOpen(path, "rm%{?_rpmgio}");
gi->active = 1;
path = _free(path);
}
if (gi->fd != NULL) {
Header h = NULL;
const char item[] = "Header";
const char * msg = NULL;
/*@+voidabstract@*/
rpmrc = rpmpkgRead(item, gi->fd, &h, &msg);
/*@=voidabstract@*/
switch(rpmrc) {
default:
rpmlog(RPMLOG_ERR, "%s: %s: %s\n", "rpmpkgRead", item, msg);
case RPMRC_NOTFOUND:
h = NULL;
case RPMRC_OK:
break;
}
msg = _free(msg);
if (h != NULL) {
if (!(gi->flags & RPMGI_NOHEADER))
gi->h = headerLink(h);
sprintf(hnum, "%u", (unsigned)gi->i);
gi->hdrPath = rpmExpand("hdlist h# ", hnum, NULL);
rpmrc = RPMRC_OK;
(void)headerFree(h);
h = NULL;
}
}
if (rpmrc != RPMRC_OK) {
if (gi->fd != NULL) (void) Fclose(gi->fd);
gi->fd = NULL;
goto enditer;
}
break;
case RPMDBI_ARGLIST:
/* XXX gi->active initialize? */
if (_rpmgi_debug < 0)
fprintf(stderr, "*** gi %p\t%p[%d]: %s\n", gi, gi->argv, gi->i, gi->argv[gi->i]);
/* Read next header, lazily expanding manifests as found. */
rpmrc = rpmgiLoadReadHeader(gi);
if (rpmrc != RPMRC_OK) /* XXX check this */
goto enditer;
gi->hdrPath = xstrdup(gi->argv[gi->i]);
break;
case RPMDBI_FTSWALK:
if (gi->argv == NULL || gi->argv[0] == NULL) /* HACK */
goto enditer;
if (!gi->active) {
gi->ftsp = Fts_open((char *const *)gi->argv, gi->ftsOpts, NULL);
/* XXX NULL with open(2)/malloc(3) errno set */
gi->active = 1;
}
/* Read next header, lazily walking file tree. */
rpmrc = rpmgiWalkReadHeader(gi);
if (rpmrc != RPMRC_OK) {
xx = Fts_close(gi->ftsp);
gi->ftsp = NULL;
goto enditer;
}
if (gi->fts != NULL)
gi->hdrPath = xstrdup(gi->fts->fts_path);
break;
}
if ((gi->flags & RPMGI_TSADD) && gi->h != NULL) {
/* XXX rpmgi hack: Save header in transaction element. */
if (gi->flags & RPMGI_ERASING) {
uint32_t hdrNum = headerGetInstance(gi->h);
xx = rpmtsAddEraseElement(gi->ts, gi->h, hdrNum);
} else
xx = rpmtsAddInstallElement(gi->ts, gi->h, (fnpyKey)gi->hdrPath, 2, NULL);
}
goto exit;
enditer:
if (gi->flags & RPMGI_TSORDER) {
rpmts ts = gi->ts;
/* Block access to indices used for depsolving. */
if (!(gi->flags & RPMGI_ERASING)) {
(void) rpmtsSetGoal(ts, TSM_INSTALL);
xx = rpmdbBlockDBI(rpmtsGetRdb(ts), -RPMDBI_DEPCACHE);
xx = rpmdbBlockDBI(rpmtsGetRdb(ts), -RPMTAG_BASENAMES);
xx = rpmdbBlockDBI(rpmtsGetRdb(ts), -RPMTAG_PROVIDENAME);
} else {
(void) rpmtsSetGoal(ts, TSM_ERASE);
}
/* XXX query/verify will need the glop added to a buffer instead. */
xx = rpmcliInstallCheck(ts);
xx = rpmcliInstallSuggests(ts);
/* Permit access to indices used for depsolving. */
if (!(gi->flags & RPMGI_ERASING)) {
xx = rpmdbBlockDBI(rpmtsGetRdb(ts), RPMTAG_PROVIDENAME);
xx = rpmdbBlockDBI(rpmtsGetRdb(ts), RPMTAG_BASENAMES);
xx = rpmdbBlockDBI(rpmtsGetRdb(ts), RPMDBI_DEPCACHE);
}
/* XXX Display dependency loops with rpm -qvT. */
if (rpmIsVerbose())
(void) rpmtsSetDFlags(ts, (rpmtsDFlags(ts) | RPMDEPS_FLAG_DEPLOOPS));
xx = (*gi->tsOrder) (ts);
/* XXX hackery alert! */
gi->tag = (!(gi->flags & RPMGI_ERASING) ? RPMDBI_ADDED : RPMDBI_REMOVED);
gi->flags &= ~(RPMGI_TSADD|RPMGI_TSORDER);
}
(void)headerFree(gi->h);
gi->h = NULL;
gi->hdrPath = _free(gi->hdrPath);
gi->i = -1;
gi->active = 0;
exit:
if (_rpmgi_debug)
fprintf(stderr, "<-- %s(%p) rc %d\n", __FUNCTION__, gi, rpmrc);
return rpmrc;
}
