rpmRC rpmtsImportPubkey(const rpmts ts, const unsigned char * pkt, size_t pktlen) { Header h = NULL; rpmRC rc = RPMRC_FAIL; /* assume failure */ rpmPubkey pubkey = NULL; rpmVSFlags oflags = rpmtsVSFlags(ts); rpmKeyring keyring; rpmtxn txn = rpmtxnBegin(ts, RPMTXN_WRITE); int krc; if (txn == NULL) return rc; /* XXX keyring wont load if sigcheck disabled, force it temporarily */ rpmtsSetVSFlags(ts, (oflags & ~_RPMVSF_NOSIGNATURES)); keyring = rpmtsGetKeyring(ts, 1); rpmtsSetVSFlags(ts, oflags); if ((pubkey = rpmPubkeyNew(pkt, pktlen)) == NULL) goto exit; krc = rpmKeyringAddKey(keyring, pubkey); if (krc < 0) goto exit; /* If we dont already have the key, make a persistent record of it */ if (krc == 0) { rpm_tid_t tid = rpmtsGetTid(ts); if (makePubkeyHeader(ts, pubkey, &h) != 0) goto exit; headerPutUint32(h, RPMTAG_INSTALLTIME, &tid, 1); headerPutUint32(h, RPMTAG_INSTALLTID, &tid, 1); /* Add header to database. */ if (!(rpmtsFlags(ts) & RPMTRANS_FLAG_TEST)) { rc = rpmtsImportHeader(txn, h, 0); } } rc = RPMRC_OK; exit: /* Clean up. */ headerFree(h); rpmPubkeyFree(pubkey); rpmKeyringFree(keyring); rpmtxnEnd(txn); return rc; }
rpmPubkey rpmPubkeyRead(const char *filename) { uint8_t *pkt = NULL; size_t pktlen; rpmPubkey key = NULL; if (pgpReadPkts(filename, &pkt, &pktlen) <= 0) { goto exit; } key = rpmPubkeyNew(pkt, pktlen); free(pkt); exit: return key; }
rpmPubkey rpmPubkeyRead(const char *filename) { rpmuint8_t *pkt = NULL; size_t pktlen; rpmPubkey key = NULL; /*@-globs@*/ if (pgpReadPkts(filename, &pkt, &pktlen) <= 0) goto exit; /*@=globs@*/ key = rpmPubkeyNew(pkt, pktlen); pkt = _free(pkt); exit: return key; }
static int loadKeyringFromDB(rpmts ts) { Header h; rpmdbMatchIterator mi; int nkeys = 0; rpmlog(RPMLOG_DEBUG, "loading keyring from rpmdb\n"); mi = rpmtsInitIterator(ts, RPMDBI_NAME, "gpg-pubkey", 0); while ((h = rpmdbNextIterator(mi)) != NULL) { struct rpmtd_s pubkeys; const char *key; if (!headerGet(h, RPMTAG_PUBKEYS, &pubkeys, HEADERGET_MINMEM)) continue; while ((key = rpmtdNextString(&pubkeys))) { uint8_t *pkt; size_t pktlen; if (rpmBase64Decode(key, (void **) &pkt, &pktlen) == 0) { rpmPubkey key = rpmPubkeyNew(pkt, pktlen); if (rpmKeyringAddKey(ts->keyring, key) == 0) { char *nvr = headerGetAsString(h, RPMTAG_NVR); rpmlog(RPMLOG_DEBUG, "added key %s to keyring\n", nvr); free(nvr); nkeys++; } rpmPubkeyFree(key); free(pkt); } } rpmtdFreeData(&pubkeys); } rpmdbFreeIterator(mi); return nkeys; }
uint32_t AddKeyToKeyRing( const char* pszFile, rpmKeyring pKeyring ) { uint32_t dwError = 0; pgpArmor nArmor = PGPARMOR_NONE; pgpDig pDig = NULL; rpmPubkey pPubkey = NULL; uint8_t* pPkt = NULL; size_t nPktLen = 0; char* pszKeyData = NULL; if(IsNullOrEmptyString(pszFile) || !pKeyring) { dwError = ERROR_TDNF_INVALID_PARAMETER; BAIL_ON_TDNF_ERROR(dwError); } dwError = ReadGPGKey(pszFile, &pszKeyData); BAIL_ON_TDNF_ERROR(dwError); nArmor = pgpParsePkts(pszKeyData, &pPkt, &nPktLen); if(nArmor != PGPARMOR_PUBKEY) { dwError = ERROR_TDNF_INVALID_PUBKEY_FILE; BAIL_ON_TDNF_ERROR(dwError); } pPubkey = rpmPubkeyNew (pPkt, nPktLen); if(!pPubkey) { dwError = ERROR_TDNF_CREATE_PUBKEY_FAILED; BAIL_ON_TDNF_ERROR(dwError); } pDig = rpmPubkeyDig(pPubkey); if(!pDig) { dwError = ERROR_TDNF_CREATE_PUBKEY_FAILED; BAIL_ON_TDNF_ERROR(dwError); } dwError = rpmKeyringLookup(pKeyring, pDig); if(dwError == RPMRC_OK) { dwError = 0;//key exists } else { dwError = rpmKeyringAddKey(pKeyring, pPubkey); if(dwError == 1) { dwError = 0;//Already added. ignore } BAIL_ON_TDNF_ERROR(dwError); } cleanup: return dwError; error: TDNF_SAFE_FREE_MEMORY(pszKeyData); if(pPubkey) { rpmPubkeyFree(pPubkey); } goto cleanup; }
/** * dnf_keyring_add_public_key: * @keyring: a #rpmKeyring instance. * @filename: The public key filename. * @error: a #GError or %NULL. * * Adds a specific public key to the keyring. * * Returns: %TRUE for success, %FALSE otherwise * * Since: 0.1.0 **/ gboolean dnf_keyring_add_public_key(rpmKeyring keyring, const gchar *filename, GError **error) { gboolean ret = TRUE; gint rc; gsize len; pgpArmor armor; pgpDig dig = NULL; rpmPubkey pubkey = NULL; uint8_t *pkt = NULL; g_autofree gchar *data = NULL; /* ignore symlinks and directories */ if (!g_file_test(filename, G_FILE_TEST_IS_REGULAR)) goto out; if (g_file_test(filename, G_FILE_TEST_IS_SYMLINK)) goto out; /* get data */ ret = g_file_get_contents(filename, &data, &len, error); if (!ret) goto out; /* rip off the ASCII armor and parse it */ armor = pgpParsePkts(data, &pkt, &len); if (armor < 0) { ret = FALSE; g_set_error(error, DNF_ERROR, DNF_ERROR_GPG_SIGNATURE_INVALID, "failed to parse PKI file %s", filename); goto out; } /* make sure it's something we can add to rpm */ if (armor != PGPARMOR_PUBKEY) { ret = FALSE; g_set_error(error, DNF_ERROR, DNF_ERROR_GPG_SIGNATURE_INVALID, "PKI file %s is not a public key", filename); goto out; } /* test each one */ pubkey = rpmPubkeyNew(pkt, len); if (pubkey == NULL) { ret = FALSE; g_set_error(error, DNF_ERROR, DNF_ERROR_GPG_SIGNATURE_INVALID, "failed to parse public key for %s", filename); goto out; } /* does the key exist in the keyring */ dig = rpmPubkeyDig(pubkey); rc = rpmKeyringLookup(keyring, dig); if (rc == RPMRC_OK) { ret = TRUE; g_debug("%s is already present", filename); goto out; } /* add to rpmdb automatically, without a prompt */ rc = rpmKeyringAddKey(keyring, pubkey); if (rc == 1) { ret = TRUE; g_debug("%s is already added", filename); goto out; } else if (rc < 0) { ret = FALSE; g_set_error(error, DNF_ERROR, DNF_ERROR_GPG_SIGNATURE_INVALID, "failed to add public key %s to rpmdb", filename); goto out; } /* success */ g_debug("added missing public key %s to rpmdb", filename); ret = TRUE; out: if (pkt != NULL) free(pkt); /* yes, free() */ if (pubkey != NULL) rpmPubkeyFree(pubkey); if (dig != NULL) pgpFreeDig(dig); return ret; }