pgpDig rpmPubkeyDig(rpmPubkey key)
{
pgpDig dig = NULL;
static unsigned char zeros[] =
{ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
int rc;
if (key == NULL)
return NULL;
dig = pgpNewDig();
rc = pgpPrtPkts(key->pkt, key->pktlen, dig, 0);
if (rc == 0) {
pgpDigParams pubp = pgpDigGetParams(dig, PGPTAG_PUBLIC_KEY);
if (!pubp || !memcmp(pubp->signid, zeros, sizeof(pubp->signid)) ||
!memcmp(pubp->time, zeros, sizeof(pubp->time)) ||
pubp->userid == NULL) {
rc = -1;
}
}
if (rc)
dig = pgpFreeDig(dig);
return dig;
}
pgpDig rpmPubkeyDig(rpmPubkey key)
{
pgpDig dig = NULL;
static unsigned char zeros[] =
{ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
if (key == NULL)
return NULL;
dig = pgpNewDig();
if (pgpPrtPkts(key->pkt, key->pktlen, dig, 0) == 0) {
pgpDigParams pubp = &dig->pubkey;
if (!memcmp(pubp->signid, zeros, sizeof(pubp->signid)) ||
!memcmp(pubp->time, zeros, sizeof(pubp->time)) ||
pubp->userid == NULL) {
dig = pgpFreeDig(dig);
}
}
return dig;
}
uint32_t
VerifyRpmSig(
rpmKeyring pKeyring,
const char* pszPkgFile
)
{
uint32_t dwError = 0;
FD_t pFD_t = NULL;
rpmts pTS = NULL;
rpmtd pTD = NULL;
Header pPkgHeader = NULL;
pgpDig pDigest = NULL;
if(!pKeyring || IsNullOrEmptyString(pszPkgFile))
{
dwError = ERROR_TDNF_INVALID_PARAMETER;
BAIL_ON_TDNF_ERROR(dwError);
}
pFD_t = Fopen(pszPkgFile, "r.fdio");
if(!pFD_t)
{
dwError = errno;
BAIL_ON_TDNF_SYSTEM_ERROR(dwError);
}
pTS = rpmtsCreate();
if(!pTS)
{
dwError = ERROR_TDNF_RPMTS_CREATE_FAILED;
BAIL_ON_TDNF_RPM_ERROR(dwError);
}
rpmtsSetVSFlags (pTS, _RPMVSF_NOSIGNATURES);
pTD = rpmtdNew();
if(!pTD)
{
dwError = ERROR_TDNF_RPMTD_CREATE_FAILED;
BAIL_ON_TDNF_RPM_ERROR(dwError);
}
dwError = rpmReadPackageFile(pTS, pFD_t, pszPkgFile, &pPkgHeader);
BAIL_ON_TDNF_RPM_ERROR(dwError);
if(!headerConvert(pPkgHeader, HEADERCONV_RETROFIT_V3))
{
dwError = ERROR_TDNF_RPM_HEADER_CONVERT_FAILED;
BAIL_ON_TDNF_RPM_ERROR(dwError);
}
if(!headerGet(pPkgHeader, RPMTAG_RSAHEADER, pTD, HEADERGET_MINMEM))
{
dwError = ERROR_TDNF_RPM_GET_RSAHEADER_FAILED;
BAIL_ON_TDNF_ERROR(dwError);
}
pDigest = pgpNewDig();
if(pgpPrtPkts(pTD->data, pTD->count, pDigest, 0))
{
dwError = ERROR_TDNF_RPM_GPG_PARSE_FAILED;
BAIL_ON_TDNF_ERROR(dwError);
}
if(rpmKeyringLookup(pKeyring, pDigest) != RPMRC_OK)
{
dwError = ERROR_TDNF_RPM_GPG_NO_MATCH;
BAIL_ON_TDNF_ERROR(dwError);
}
cleanup:
if(pFD_t)
{
Fclose(pFD_t);
}
if(pDigest)
{
pgpFreeDig(pDigest);
}
if(pPkgHeader)
{
headerFree(pPkgHeader);
}
if(pTD)
{
rpmtdFree(pTD);
}
if(pTS)
{
rpmtsFree(pTS);
}
return dwError;
error:
goto cleanup;
}
static rpmRC rpmpkgRead(rpmKeyring keyring, rpmVSFlags vsflags,
FD_t fd, const char * fn, Header * hdrp)
{
pgpDig dig = NULL;
char buf[8*BUFSIZ];
ssize_t count;
rpmlead l = NULL;
Header sigh = NULL;
rpmSigTag sigtag;
struct rpmtd_s sigtd;
Header h = NULL;
char * msg;
rpmRC rc = RPMRC_FAIL; /* assume failure */
int leadtype = -1;
headerGetFlags hgeflags = HEADERGET_DEFAULT;
DIGEST_CTX ctx = NULL;
if (hdrp) *hdrp = NULL;
rpmtdReset(&sigtd);
l = rpmLeadNew();
if ((rc = rpmLeadRead(fd, l)) == RPMRC_OK) {
const char * err = NULL;
if ((rc = rpmLeadCheck(l, &err)) == RPMRC_FAIL) {
rpmlog(RPMLOG_ERR, "%s: %s\n", fn, err);
}
leadtype = rpmLeadType(l);
}
l = rpmLeadFree(l);
if (rc != RPMRC_OK)
goto exit;
/* Read the signature header. */
msg = NULL;
rc = rpmReadSignature(fd, &sigh, RPMSIGTYPE_HEADERSIG, &msg);
switch (rc) {
default:
rpmlog(RPMLOG_ERR, _("%s: rpmReadSignature failed: %s"), fn,
(msg && *msg ? msg : "\n"));
msg = _free(msg);
goto exit;
break;
case RPMRC_OK:
if (sigh == NULL) {
rpmlog(RPMLOG_ERR, _("%s: No signature available\n"), fn);
rc = RPMRC_FAIL;
goto exit;
}
break;
}
msg = _free(msg);
#define _chk(_mask, _tag) \
(sigtag == 0 && !(vsflags & (_mask)) && headerIsEntry(sigh, (_tag)))
/*
* Figger the most effective available signature.
* Prefer signatures over digests, then header-only over header+payload.
* DSA will be preferred over RSA if both exist because tested first.
* Note that NEEDPAYLOAD prevents header+payload signatures and digests.
*/
sigtag = 0;
if (_chk(RPMVSF_NODSAHEADER, RPMSIGTAG_DSA)) {
sigtag = RPMSIGTAG_DSA;
} else if (_chk(RPMVSF_NORSAHEADER, RPMSIGTAG_RSA)) {
sigtag = RPMSIGTAG_RSA;
} else if (_chk(RPMVSF_NODSA|RPMVSF_NEEDPAYLOAD, RPMSIGTAG_GPG)) {
sigtag = RPMSIGTAG_GPG;
fdInitDigest(fd, PGPHASHALGO_SHA1, 0);
} else if (_chk(RPMVSF_NORSA|RPMVSF_NEEDPAYLOAD, RPMSIGTAG_PGP)) {
sigtag = RPMSIGTAG_PGP;
fdInitDigest(fd, PGPHASHALGO_MD5, 0);
} else if (_chk(RPMVSF_NOSHA1HEADER, RPMSIGTAG_SHA1)) {
sigtag = RPMSIGTAG_SHA1;
} else if (_chk(RPMVSF_NOMD5|RPMVSF_NEEDPAYLOAD, RPMSIGTAG_MD5)) {
sigtag = RPMSIGTAG_MD5;
fdInitDigest(fd, PGPHASHALGO_MD5, 0);
}
/* Read the metadata, computing digest(s) on the fly. */
h = NULL;
msg = NULL;
rc = rpmpkgReadHeader(keyring, vsflags, fd, &h, &msg);
if (rc != RPMRC_OK || h == NULL) {
rpmlog(RPMLOG_ERR, _("%s: headerRead failed: %s"), fn,
(msg && *msg ? msg : "\n"));
msg = _free(msg);
goto exit;
}
msg = _free(msg);
/* Any digests or signatures to check? */
if (sigtag == 0) {
rc = RPMRC_OK;
goto exit;
}
dig = pgpNewDig();
if (dig == NULL) {
rc = RPMRC_FAIL;
goto exit;
}
/* Retrieve the tag parameters from the signature header. */
if (!headerGet(sigh, sigtag, &sigtd, hgeflags)) {
rc = RPMRC_FAIL;
goto exit;
}
switch (sigtag) {
case RPMSIGTAG_RSA:
case RPMSIGTAG_DSA:
if ((rc = parsePGP(&sigtd, "package", dig)) != RPMRC_OK) {
goto exit;
}
/* fallthrough */
case RPMSIGTAG_SHA1:
{ struct rpmtd_s utd;
pgpHashAlgo hashalgo = (sigtag == RPMSIGTAG_SHA1) ?
PGPHASHALGO_SHA1 : dig->signature.hash_algo;
if (!headerGet(h, RPMTAG_HEADERIMMUTABLE, &utd, hgeflags))
break;
ctx = rpmDigestInit(hashalgo, RPMDIGEST_NONE);
(void) rpmDigestUpdate(ctx, rpm_header_magic, sizeof(rpm_header_magic));
(void) rpmDigestUpdate(ctx, utd.data, utd.count);
rpmtdFreeData(&utd);
} break;
case RPMSIGTAG_GPG:
case RPMSIGTAG_PGP5: /* XXX legacy */
case RPMSIGTAG_PGP:
if ((rc = parsePGP(&sigtd, "package", dig)) != RPMRC_OK) {
goto exit;
}
/* fallthrough */
case RPMSIGTAG_MD5:
/* Legacy signatures need the compressed payload in the digest too. */
while ((count = Fread(buf, sizeof(buf[0]), sizeof(buf), fd)) > 0) {}
if (count < 0) {
rpmlog(RPMLOG_ERR, _("%s: Fread failed: %s\n"),
fn, Fstrerror(fd));
rc = RPMRC_FAIL;
goto exit;
}
ctx = rpmDigestBundleDupCtx(fdGetBundle(fd), (sigtag == RPMSIGTAG_MD5) ?
PGPHASHALGO_MD5 : dig->signature.hash_algo);
break;
default:
break;
}
/** @todo Implement disable/enable/warn/error/anal policy. */
rc = rpmVerifySignature(keyring, &sigtd, dig, ctx, &msg);
switch (rc) {
case RPMRC_OK: /* Signature is OK. */
rpmlog(RPMLOG_DEBUG, "%s: %s", fn, msg);
break;
case RPMRC_NOTTRUSTED: /* Signature is OK, but key is not trusted. */
case RPMRC_NOKEY: /* Public key is unavailable. */
/* XXX Print NOKEY/NOTTRUSTED warning only once. */
{ int lvl = (stashKeyid(dig) ? RPMLOG_DEBUG : RPMLOG_WARNING);
rpmlog(lvl, "%s: %s", fn, msg);
} break;
case RPMRC_NOTFOUND: /* Signature is unknown type. */
rpmlog(RPMLOG_WARNING, "%s: %s", fn, msg);
break;
default:
case RPMRC_FAIL: /* Signature does not verify. */
rpmlog(RPMLOG_ERR, "%s: %s", fn, msg);
break;
}
free(msg);
exit:
if (rc != RPMRC_FAIL && h != NULL && hdrp != NULL) {
/* Retrofit RPMTAG_SOURCEPACKAGE to srpms for compatibility */
if (leadtype == RPMLEAD_SOURCE && headerIsSource(h)) {
if (!headerIsEntry(h, RPMTAG_SOURCEPACKAGE)) {
uint32_t one = 1;
headerPutUint32(h, RPMTAG_SOURCEPACKAGE, &one, 1);
}
}
/*
* Try to make sure binary rpms have RPMTAG_SOURCERPM set as that's
* what we use for differentiating binary vs source elsewhere.
*/
if (!headerIsEntry(h, RPMTAG_SOURCEPACKAGE) && headerIsSource(h)) {
headerPutString(h, RPMTAG_SOURCERPM, "(none)");
}
/*
* Convert legacy headers on the fly. Not having "new" style compressed
* filenames is close enough estimate for legacy indication...
*/
if (!headerIsEntry(h, RPMTAG_DIRNAMES)) {
headerConvert(h, HEADERCONV_RETROFIT_V3);
}
/* Append (and remap) signature tags to the metadata. */
headerMergeLegacySigs(h, sigh);
/* Bump reference count for return. */
*hdrp = headerLink(h);
}
rpmtdFreeData(&sigtd);
rpmDigestFinal(ctx, NULL, NULL, 0);
h = headerFree(h);
pgpFreeDig(dig);
sigh = rpmFreeSignature(sigh);
return rc;
}
static rpmRC headerVerify(rpmKeyring keyring, rpmVSFlags vsflags,
const void * uh, size_t uc, char ** msg)
{
pgpDig dig = NULL;
char *buf = NULL;
int32_t * ei = (int32_t *) uh;
int32_t il = ntohl(ei[0]);
int32_t dl = ntohl(ei[1]);
entryInfo pe = (entryInfo) &ei[2];
int32_t ildl[2];
int32_t pvlen = sizeof(ildl) + (il * sizeof(*pe)) + dl;
unsigned char * dataStart = (unsigned char *) (pe + il);
struct indexEntry_s entry;
struct entryInfo_s info;
unsigned const char * b;
size_t siglen = 0;
size_t blen;
size_t nb;
int32_t ril = 0;
unsigned char * regionEnd = NULL;
rpmRC rc = RPMRC_FAIL; /* assume failure */
int xx;
int i;
struct rpmtd_s sigtd;
DIGEST_CTX ctx = NULL;
/* Is the blob the right size? */
if (uc > 0 && pvlen != uc) {
rasprintf(&buf, _("blob size(%d): BAD, 8 + 16 * il(%d) + dl(%d)\n"),
(int)uc, (int)il, (int)dl);
goto exit;
}
memset(&entry, 0, sizeof(entry));
memset(&info, 0, sizeof(info));
/* Check (and convert) the 1st tag element. */
xx = headerVerifyInfo(1, dl, pe, &entry.info, 0);
if (xx != -1) {
rasprintf(&buf, _("tag[%d]: BAD, tag %d type %d offset %d count %d\n"),
0, entry.info.tag, entry.info.type,
entry.info.offset, entry.info.count);
goto exit;
}
/* Is there an immutable header region tag? */
if (!(entry.info.tag == RPMTAG_HEADERIMMUTABLE
&& entry.info.type == RPM_BIN_TYPE
&& entry.info.count == REGION_TAG_COUNT))
{
rc = RPMRC_NOTFOUND;
goto exit;
}
/* Is the offset within the data area? */
if (entry.info.offset >= dl) {
rasprintf(&buf,
_("region offset: BAD, tag %d type %d offset %d count %d\n"),
entry.info.tag, entry.info.type,
entry.info.offset, entry.info.count);
goto exit;
}
/* Is there an immutable header region tag trailer? */
regionEnd = dataStart + entry.info.offset;
(void) memcpy(&info, regionEnd, REGION_TAG_COUNT);
regionEnd += REGION_TAG_COUNT;
xx = headerVerifyInfo(1, dl, &info, &entry.info, 1);
if (xx != -1 ||
!(entry.info.tag == RPMTAG_HEADERIMMUTABLE
&& entry.info.type == RPM_BIN_TYPE
&& entry.info.count == REGION_TAG_COUNT))
{
rasprintf(&buf,
_("region trailer: BAD, tag %d type %d offset %d count %d\n"),
entry.info.tag, entry.info.type,
entry.info.offset, entry.info.count);
goto exit;
}
memset(&info, 0, sizeof(info));
/* Is the no. of tags in the region less than the total no. of tags? */
ril = entry.info.offset/sizeof(*pe);
if ((entry.info.offset % sizeof(*pe)) || ril > il) {
rasprintf(&buf, _("region size: BAD, ril(%d) > il(%d)\n"), ril, il);
goto exit;
}
/* Find a header-only digest/signature tag. */
for (i = ril; i < il; i++) {
xx = headerVerifyInfo(1, dl, pe+i, &entry.info, 0);
if (xx != -1) {
rasprintf(&buf,
_("tag[%d]: BAD, tag %d type %d offset %d count %d\n"),
i, entry.info.tag, entry.info.type,
entry.info.offset, entry.info.count);
goto exit;
}
switch (entry.info.tag) {
case RPMTAG_SHA1HEADER:
if (vsflags & RPMVSF_NOSHA1HEADER)
break;
blen = 0;
for (b = dataStart + entry.info.offset; *b != '\0'; b++) {
if (strchr("0123456789abcdefABCDEF", *b) == NULL)
break;
blen++;
}
if (entry.info.type != RPM_STRING_TYPE || *b != '\0' || blen != 40)
{
rasprintf(&buf, _("hdr SHA1: BAD, not hex\n"));
goto exit;
}
if (info.tag == 0) {
info = entry.info; /* structure assignment */
siglen = blen + 1;
}
break;
case RPMTAG_RSAHEADER:
if (vsflags & RPMVSF_NORSAHEADER)
break;
if (entry.info.type != RPM_BIN_TYPE) {
rasprintf(&buf, _("hdr RSA: BAD, not binary\n"));
goto exit;
}
info = entry.info; /* structure assignment */
siglen = info.count;
break;
case RPMTAG_DSAHEADER:
if (vsflags & RPMVSF_NODSAHEADER)
break;
if (entry.info.type != RPM_BIN_TYPE) {
rasprintf(&buf, _("hdr DSA: BAD, not binary\n"));
goto exit;
}
info = entry.info; /* structure assignment */
siglen = info.count;
break;
default:
break;
}
}
rc = RPMRC_NOTFOUND;
exit:
/* Return determined RPMRC_OK/RPMRC_FAIL conditions. */
if (rc != RPMRC_NOTFOUND) {
if (msg)
*msg = buf;
else
free(buf);
return rc;
}
/* If no header-only digest/signature, then do simple sanity check. */
if (info.tag == 0) {
verifyinfo_exit:
xx = headerVerifyInfo(ril-1, dl, pe+1, &entry.info, 0);
if (xx != -1) {
rasprintf(&buf,
_("tag[%d]: BAD, tag %d type %d offset %d count %d\n"),
xx+1, entry.info.tag, entry.info.type,
entry.info.offset, entry.info.count);
rc = RPMRC_FAIL;
} else {
rasprintf(&buf, "Header sanity check: OK\n");
rc = RPMRC_OK;
}
if (msg)
*msg = buf;
else
free(buf);
return rc;
}
/* Verify header-only digest/signature. */
dig = pgpNewDig();
if (dig == NULL)
goto verifyinfo_exit;
sigtd.tag = info.tag;
sigtd.type = info.type;
sigtd.count = info.count;
sigtd.data = memcpy(xmalloc(siglen), dataStart + info.offset, siglen);
sigtd.flags = RPMTD_ALLOCED;
switch (info.tag) {
case RPMTAG_RSAHEADER:
case RPMTAG_DSAHEADER:
if ((rc = parsePGP(&sigtd, "header", dig)) != RPMRC_OK) {
pgpFreeDig(dig);
goto exit;
}
/* fallthrough */
case RPMTAG_SHA1HEADER: {
pgpHashAlgo hashalgo = (info.tag == RPMTAG_SHA1HEADER) ?
PGPHASHALGO_SHA1 : dig->signature.hash_algo;
ildl[0] = htonl(ril);
ildl[1] = (regionEnd - dataStart);
ildl[1] = htonl(ildl[1]);
ctx = rpmDigestInit(hashalgo, RPMDIGEST_NONE);
b = (unsigned char *) rpm_header_magic;
nb = sizeof(rpm_header_magic);
(void) rpmDigestUpdate(ctx, b, nb);
b = (unsigned char *) ildl;
nb = sizeof(ildl);
(void) rpmDigestUpdate(ctx, b, nb);
b = (unsigned char *) pe;
nb = (htonl(ildl[0]) * sizeof(*pe));
(void) rpmDigestUpdate(ctx, b, nb);
b = (unsigned char *) dataStart;
nb = htonl(ildl[1]);
(void) rpmDigestUpdate(ctx, b, nb);
} break;
default:
sigtd.data = _free(sigtd.data); /* Hmm...? */
break;
}
rc = rpmVerifySignature(keyring, &sigtd, dig, ctx, &buf);
if (msg)
*msg = buf;
else
free(buf);
rpmtdFreeData(&sigtd);
pgpFreeDig(dig);
rpmDigestFinal(ctx, NULL, NULL, 0);
return rc;
}
/**
* dnf_keyring_add_public_key:
* @keyring: a #rpmKeyring instance.
* @filename: The public key filename.
* @error: a #GError or %NULL.
*
* Adds a specific public key to the keyring.
*
* Returns: %TRUE for success, %FALSE otherwise
*
* Since: 0.1.0
**/
gboolean
dnf_keyring_add_public_key(rpmKeyring keyring,
const gchar *filename,
GError **error)
{
gboolean ret = TRUE;
gint rc;
gsize len;
pgpArmor armor;
pgpDig dig = NULL;
rpmPubkey pubkey = NULL;
uint8_t *pkt = NULL;
g_autofree gchar *data = NULL;
/* ignore symlinks and directories */
if (!g_file_test(filename, G_FILE_TEST_IS_REGULAR))
goto out;
if (g_file_test(filename, G_FILE_TEST_IS_SYMLINK))
goto out;
/* get data */
ret = g_file_get_contents(filename, &data, &len, error);
if (!ret)
goto out;
/* rip off the ASCII armor and parse it */
armor = pgpParsePkts(data, &pkt, &len);
if (armor < 0) {
ret = FALSE;
g_set_error(error,
DNF_ERROR,
DNF_ERROR_GPG_SIGNATURE_INVALID,
"failed to parse PKI file %s",
filename);
goto out;
}
/* make sure it's something we can add to rpm */
if (armor != PGPARMOR_PUBKEY) {
ret = FALSE;
g_set_error(error,
DNF_ERROR,
DNF_ERROR_GPG_SIGNATURE_INVALID,
"PKI file %s is not a public key",
filename);
goto out;
}
/* test each one */
pubkey = rpmPubkeyNew(pkt, len);
if (pubkey == NULL) {
ret = FALSE;
g_set_error(error,
DNF_ERROR,
DNF_ERROR_GPG_SIGNATURE_INVALID,
"failed to parse public key for %s",
filename);
goto out;
}
/* does the key exist in the keyring */
dig = rpmPubkeyDig(pubkey);
rc = rpmKeyringLookup(keyring, dig);
if (rc == RPMRC_OK) {
ret = TRUE;
g_debug("%s is already present", filename);
goto out;
}
/* add to rpmdb automatically, without a prompt */
rc = rpmKeyringAddKey(keyring, pubkey);
if (rc == 1) {
ret = TRUE;
g_debug("%s is already added", filename);
goto out;
} else if (rc < 0) {
ret = FALSE;
g_set_error(error,
DNF_ERROR,
DNF_ERROR_GPG_SIGNATURE_INVALID,
"failed to add public key %s to rpmdb",
filename);
goto out;
}
/* success */
g_debug("added missing public key %s to rpmdb", filename);
ret = TRUE;
out:
if (pkt != NULL)
free(pkt); /* yes, free() */
if (pubkey != NULL)
rpmPubkeyFree(pubkey);
if (dig != NULL)
pgpFreeDig(dig);
return ret;
}
/**
* dnf_keyring_check_untrusted_file:
*/
gboolean
dnf_keyring_check_untrusted_file(rpmKeyring keyring,
const gchar *filename,
GError **error)
{
FD_t fd = NULL;
gboolean ret = FALSE;
Header hdr = NULL;
pgpDig dig = NULL;
rpmRC rc;
rpmtd td = NULL;
rpmts ts = NULL;
/* open the file for reading */
fd = Fopen(filename, "r.fdio");
if (fd == NULL) {
g_set_error(error,
DNF_ERROR,
DNF_ERROR_FILE_INVALID,
"failed to open %s",
filename);
goto out;
}
if (Ferror(fd)) {
g_set_error(error,
DNF_ERROR,
DNF_ERROR_FILE_INVALID,
"failed to open %s: %s",
filename,
Fstrerror(fd));
goto out;
}
/* we don't want to abort on missing keys */
ts = rpmtsCreate();
rpmtsSetVSFlags(ts, _RPMVSF_NOSIGNATURES);
/* read in the file */
rc = rpmReadPackageFile(ts, fd, filename, &hdr);
if (rc != RPMRC_OK) {
/* we only return SHA1 and MD5 failures, as we're not
* checking signatures at this stage */
g_set_error(error,
DNF_ERROR,
DNF_ERROR_FILE_INVALID,
"%s could not be verified",
filename);
goto out;
}
/* convert and upscale */
headerConvert(hdr, HEADERCONV_RETROFIT_V3);
/* get RSA key */
td = rpmtdNew();
rc = headerGet(hdr,
RPMTAG_RSAHEADER,
td,
HEADERGET_MINMEM);
if (rc != 1) {
/* try to read DSA key as a fallback */
rc = headerGet(hdr,
RPMTAG_DSAHEADER,
td,
HEADERGET_MINMEM);
}
/* the package has no signing key */
if (rc != 1) {
g_autofree char *package_filename = g_path_get_basename(filename);
ret = FALSE;
g_set_error(error,
DNF_ERROR,
DNF_ERROR_GPG_SIGNATURE_INVALID,
"package not signed: %s", package_filename);
goto out;
}
/* make it into a digest */
dig = pgpNewDig();
rc = pgpPrtPkts(td->data, td->count, dig, 0);
if (rc != 0) {
g_set_error(error,
DNF_ERROR,
DNF_ERROR_FILE_INVALID,
"failed to parse digest header for %s",
filename);
goto out;
}
/* does the key exist in the keyring */
rc = rpmKeyringLookup(keyring, dig);
if (rc != RPMRC_OK) {
g_set_error(error,
DNF_ERROR,
DNF_ERROR_GPG_SIGNATURE_INVALID,
"failed to lookup digest in keyring for %s",
filename);
goto out;
}
/* the package is signed by a key we trust */
g_debug("%s has been verified as trusted", filename);
ret = TRUE;
out:
if (dig != NULL)
pgpFreeDig(dig);
if (td != NULL) {
rpmtdFreeData(td);
rpmtdFree(td);
}
if (ts != NULL)
rpmtsFree(ts);
if (hdr != NULL)
headerFree(hdr);
if (fd != NULL)
Fclose(fd);
return ret;
}
/* Build pubkey header. */
static int makePubkeyHeader(rpmts ts, rpmPubkey key, Header * hdrp)
{
Header h = headerNew();
const char * afmt = "%{pubkeys:armor}";
const char * group = "Public Keys";
const char * license = "pubkey";
const char * buildhost = "localhost";
const char * userid;
rpmsenseFlags pflags = (RPMSENSE_KEYRING|RPMSENSE_EQUAL);
uint32_t zero = 0;
uint32_t keytime = 0;
pgpDig dig = NULL;
pgpDigParams pubp = NULL;
char * d = NULL;
char * enc = NULL;
char * n = NULL;
char * u = NULL;
char * v = NULL;
char * r = NULL;
char * evr = NULL;
int rc = -1;
if ((enc = rpmPubkeyBase64(key)) == NULL)
goto exit;
if ((dig = rpmPubkeyDig(key)) == NULL)
goto exit;
if ((pubp = pgpDigGetParams(dig, PGPTAG_PUBLIC_KEY)) == NULL)
goto exit;
/* Build header elements. */
v = pgpHexStr(pubp->signid, sizeof(pubp->signid));
r = pgpHexStr(pubp->time, sizeof(pubp->time));
userid = pubp->userid ? pubp->userid : "none";
keytime = pgpGrab(pubp->time, sizeof(pubp->time));
rasprintf(&n, "gpg(%s)", v+8);
rasprintf(&u, "gpg(%s)", userid);
rasprintf(&evr, "%d:%s-%s", pubp->version, v, r);
headerPutString(h, RPMTAG_PUBKEYS, enc);
if ((d = headerFormat(h, afmt, NULL)) == NULL)
goto exit;
headerPutString(h, RPMTAG_NAME, "gpg-pubkey");
headerPutString(h, RPMTAG_VERSION, v+8);
headerPutString(h, RPMTAG_RELEASE, r);
headerPutString(h, RPMTAG_DESCRIPTION, d);
headerPutString(h, RPMTAG_GROUP, group);
headerPutString(h, RPMTAG_LICENSE, license);
headerPutString(h, RPMTAG_SUMMARY, u);
headerPutString(h, RPMTAG_PACKAGER, userid);
headerPutUint32(h, RPMTAG_SIZE, &zero, 1);
headerPutString(h, RPMTAG_PROVIDENAME, u);
headerPutString(h, RPMTAG_PROVIDEVERSION, evr);
headerPutUint32(h, RPMTAG_PROVIDEFLAGS, &pflags, 1);
headerPutString(h, RPMTAG_PROVIDENAME, n);
headerPutString(h, RPMTAG_PROVIDEVERSION, evr);
headerPutUint32(h, RPMTAG_PROVIDEFLAGS, &pflags, 1);
headerPutString(h, RPMTAG_RPMVERSION, RPMVERSION);
headerPutString(h, RPMTAG_BUILDHOST, buildhost);
headerPutUint32(h, RPMTAG_BUILDTIME, &keytime, 1);
headerPutString(h, RPMTAG_SOURCERPM, "(none)");
/* Reload the lot to immutable region and stomp sha1 digest on it */
h = headerReload(h, RPMTAG_HEADERIMMUTABLE);
if (h != NULL) {
char *sha1 = NULL;
unsigned int blen = 0;
const void *blob = headerExport(h, &blen);
/* XXX FIXME: bah, this code is repeated in way too many places */
DIGEST_CTX ctx = rpmDigestInit(PGPHASHALGO_SHA1, RPMDIGEST_NONE);
rpmDigestUpdate(ctx, rpm_header_magic, sizeof(rpm_header_magic));
rpmDigestUpdate(ctx, blob, blen);
rpmDigestFinal(ctx, (void **)&sha1, NULL, 1);
if (sha1) {
headerPutString(h, RPMTAG_SHA1HEADER, sha1);
*hdrp = headerLink(h);
rc = 0;
}
free(sha1);
}
exit:
headerFree(h);
pgpFreeDig(dig);
free(n);
free(u);
free(v);
free(r);
free(evr);
free(enc);
free(d);
return rc;
}
