uint32_t
VerifyRpmSig(
rpmKeyring pKeyring,
const char* pszPkgFile
)
{
uint32_t dwError = 0;
FD_t pFD_t = NULL;
rpmts pTS = NULL;
rpmtd pTD = NULL;
Header pPkgHeader = NULL;
pgpDig pDigest = NULL;
if(!pKeyring || IsNullOrEmptyString(pszPkgFile))
{
dwError = ERROR_TDNF_INVALID_PARAMETER;
BAIL_ON_TDNF_ERROR(dwError);
}
pFD_t = Fopen(pszPkgFile, "r.fdio");
if(!pFD_t)
{
dwError = errno;
BAIL_ON_TDNF_SYSTEM_ERROR(dwError);
}
pTS = rpmtsCreate();
if(!pTS)
{
dwError = ERROR_TDNF_RPMTS_CREATE_FAILED;
BAIL_ON_TDNF_RPM_ERROR(dwError);
}
rpmtsSetVSFlags (pTS, _RPMVSF_NOSIGNATURES);
pTD = rpmtdNew();
if(!pTD)
{
dwError = ERROR_TDNF_RPMTD_CREATE_FAILED;
BAIL_ON_TDNF_RPM_ERROR(dwError);
}
dwError = rpmReadPackageFile(pTS, pFD_t, pszPkgFile, &pPkgHeader);
BAIL_ON_TDNF_RPM_ERROR(dwError);
if(!headerConvert(pPkgHeader, HEADERCONV_RETROFIT_V3))
{
dwError = ERROR_TDNF_RPM_HEADER_CONVERT_FAILED;
BAIL_ON_TDNF_RPM_ERROR(dwError);
}
if(!headerGet(pPkgHeader, RPMTAG_RSAHEADER, pTD, HEADERGET_MINMEM))
{
dwError = ERROR_TDNF_RPM_GET_RSAHEADER_FAILED;
BAIL_ON_TDNF_ERROR(dwError);
}
pDigest = pgpNewDig();
if(pgpPrtPkts(pTD->data, pTD->count, pDigest, 0))
{
dwError = ERROR_TDNF_RPM_GPG_PARSE_FAILED;
BAIL_ON_TDNF_ERROR(dwError);
}
if(rpmKeyringLookup(pKeyring, pDigest) != RPMRC_OK)
{
dwError = ERROR_TDNF_RPM_GPG_NO_MATCH;
BAIL_ON_TDNF_ERROR(dwError);
}
cleanup:
if(pFD_t)
{
Fclose(pFD_t);
}
if(pDigest)
{
pgpFreeDig(pDigest);
}
if(pPkgHeader)
{
headerFree(pPkgHeader);
}
if(pTD)
{
rpmtdFree(pTD);
}
if(pTS)
{
rpmtsFree(pTS);
}
return dwError;
error:
goto cleanup;
}
uint32_t
TDNFTransAddInstallPkg(
PTDNFRPMTS pTS,
PTDNF pTdnf,
HyPackage hPkg,
int nUpgrade
)
{
uint32_t dwError = 0;
int nGPGCheck = 0;
char* pszRpmCacheDir = NULL;
char* pszFilePath = NULL;
const char* pszRepoName = NULL;
char* pszHyName = NULL;
Header rpmHeader = NULL;
FD_t fp = NULL;
char* pszDownloadCacheDir = NULL;
char* pszUrlGPGKey = NULL;
pszRepoName = hy_package_get_reponame(hPkg);
pszHyName = hy_package_get_location(hPkg);
pszRpmCacheDir = g_build_filename(
G_DIR_SEPARATOR_S,
pTdnf->pConf->pszCacheDir,
pszRepoName,
"rpms",
G_DIR_SEPARATOR_S,
NULL);
pszFilePath = g_build_filename(pszRpmCacheDir, pszHyName, NULL);
if(pTS->pCachedRpmsArray)
{
if(!g_array_append_val(pTS->pCachedRpmsArray, pszFilePath))
{
dwError = ERROR_TDNF_OUT_OF_MEMORY;
BAIL_ON_TDNF_ERROR(dwError);
}
}
pszDownloadCacheDir = g_path_get_dirname(pszFilePath);
if(!pszDownloadCacheDir)
{
dwError = ENOENT;
BAIL_ON_TDNF_SYSTEM_ERROR(dwError);
}
if(access(pszDownloadCacheDir, F_OK))
{
if(errno != ENOENT)
{
dwError = errno;
}
BAIL_ON_TDNF_SYSTEM_ERROR(dwError);
dwError = TDNFUtilsMakeDirs(pszDownloadCacheDir);
BAIL_ON_TDNF_ERROR(dwError);
}
if(access(pszFilePath, F_OK))
{
if(errno != ENOENT)
{
dwError = errno;
BAIL_ON_TDNF_SYSTEM_ERROR(dwError);
}
dwError = TDNFDownloadPackage(pTdnf, hPkg, pszDownloadCacheDir);
BAIL_ON_TDNF_ERROR(dwError);
}
//A download could have been triggered.
//So check access and bail if not available
if(access(pszFilePath, F_OK))
{
dwError = errno;
BAIL_ON_TDNF_SYSTEM_ERROR(dwError);
}
//Check override, then repo config and launch
//gpg check if needed
dwError = TDNFGetGPGCheck(pTdnf, pszRepoName, &nGPGCheck, &pszUrlGPGKey);
BAIL_ON_TDNF_ERROR(dwError);
if(nGPGCheck)
{
dwError = TDNFGPGCheck(pTS->pKeyring, pszUrlGPGKey, pszFilePath);
BAIL_ON_TDNF_ERROR(dwError);
}
fp = Fopen (pszFilePath, "r.ufdio");
if(!fp)
{
dwError = errno;
BAIL_ON_TDNF_SYSTEM_ERROR(dwError);
}
dwError = rpmReadPackageFile(
pTS->pTS,
fp,
pszFilePath,
&rpmHeader);
//If not checking gpg sigs, ignore signature errors
if(!nGPGCheck && (dwError == RPMRC_NOTTRUSTED || dwError == RPMRC_NOKEY))
{
dwError = 0;
}
BAIL_ON_TDNF_RPM_ERROR(dwError);
dwError = rpmtsAddInstallElement(
pTS->pTS,
rpmHeader,
(fnpyKey)pszFilePath,
nUpgrade,
NULL);
BAIL_ON_TDNF_RPM_ERROR(dwError);
cleanup:
TDNF_SAFE_FREE_MEMORY(pszUrlGPGKey);
if(pszHyName)
{
hy_free(pszHyName);
}
if(pszDownloadCacheDir)
{
g_free(pszDownloadCacheDir);
}
if(pszRpmCacheDir)
{
g_free(pszRpmCacheDir);
}
if(fp)
{
Fclose(fp);
}
if(rpmHeader)
{
headerFree(rpmHeader);
}
return dwError;
error:
goto cleanup;
}
