12 #define _RPMHKP_INTERNAL 17 #define _RPMEVR_INTERNAL 19 #define _RPMDB_INTERNAL 26 #define _RPMTS_INTERNAL 65 if (*fdp && (fnp == NULL || *fnp == NULL)) {
72 if (*fdp == NULL && fnp != NULL && *fnp != NULL) {
73 fd =
Fopen(*fnp, ((flags & O_WRONLY) ?
"w.fdio" :
"r.fdio"));
74 if (fd == NULL ||
Ferror(fd)) {
84 if (*fdp == NULL && (fnp == NULL || *fnp == NULL)) {
93 *fdp =
fdLink(fd,
"manageFile return");
94 fd =
fdFree(fd,
"manageFile return");
100 if (*fdp != NULL && fnp != NULL && *fnp != NULL)
111 FD_t *tfdp,
const char **tfnp)
117 unsigned char buf[BUFSIZ];
123 if (
manageFile(tfdp, tfnp, O_WRONLY|O_CREAT|O_TRUNC, 0))
126 while ((count =
Fread(buf,
sizeof(buf[0]),
sizeof(buf), *sfdp)) > 0)
128 if (
Fwrite(buf,
sizeof(buf[0]), count, *tfdp) != (
size_t)count) {
147 if (*sfdp) (void)
manageFile(sfdp, NULL, 0, rc);
148 if (*tfdp) (void)
manageFile(tfdp, NULL, 0, rc);
169 if (xx && he->
p.
ptr != NULL) {
175 if (!rpmhkpLoadSignature(NULL, dig, pp)) {
176 memcpy(signid, dig->signature.signid,
sizeof(dig->signature.signid));
194 QVA_t qva,
const char ** argv)
206 const char *sigtarget = NULL;
235 fprintf(stdout,
"%s:\n", fn);
242 {
const char item[] =
"Lead";
243 const char * msg = NULL;
253 {
const char item[] =
"Signature";
254 const char * msg = NULL;
259 (msg && *msg ? msg :
""));
276 if (
copyFile(&fd, &fn, &ofd, &sigtarget))
331 size_t nsigs =
sizeof(sigs) /
sizeof(sigs[0]);
332 for (i = 0; i < (int)nsigs; i++) {
346 size_t nsigs =
sizeof(sigs) /
sizeof(sigs[0]);
347 for (i = 0; i < (int)nsigs; i++) {
357 unsigned char oldsignid[8], newsignid[8];
360 memset(oldsignid, 0,
sizeof(oldsignid));
394 memset(newsignid, 0,
sizeof(newsignid));
395 if (memcmp(oldsignid, newsignid,
sizeof(oldsignid))) {
401 if (!memcmp(oldsignid, newsignid,
sizeof(oldsignid))) {
404 _(
"%s: was already signed by key ID %s, skipping\n"),
405 fn,
pgpHexStr(newsignid+4,
sizeof(newsignid)-4));
409 sigtarget =
_free(sigtarget);
425 #if defined(HAVE_MKSTEMP) 427 (void) close(mkstemp(tmprpm));
430 (void) mktemp(tmprpm);
434 if (
manageFile(&ofd, &tfn, O_WRONLY|O_CREAT|O_TRUNC, 0))
437 {
const char item[] =
"Lead";
438 const char * msg = NULL;
448 {
const char item[] =
"Signature";
449 const char * msg = NULL;
463 if (
copyFile(&fd, &sigtarget, &ofd, &tfn))
475 sigtarget =
_free(sigtarget);
491 if (ofd) (void)
manageFile(&ofd, NULL, 0, res);
499 sigtarget =
_free(sigtarget);
501 if (tmprpm[0] !=
'\0') {
512 static unsigned char zeros[] =
513 { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
514 const char * afmt =
"%{pubkeys:armor}";
515 const char * group =
"Public Keys";
516 const char * license =
"pubkey";
517 const char * buildhost =
"localhost";
522 const char * d = NULL;
523 const char * enc = NULL;
524 const char * n = NULL;
525 const char * u = NULL;
526 const char * v = NULL;
527 const char * r = NULL;
528 const char * evr = NULL;
537 if (pkt == NULL || pktlen <= 0)
543 if ((enc = b64encode(pkt, pktlen)) == NULL)
552 ts->hkp = rpmhkpNew(NULL, 0);
553 hkp = rpmhkpLink(ts->hkp);
555 hkp->pktlen = pktlen;
557 xx =
pgpGrabPkts(hkp->pkt, hkp->pktlen, &hkp->pkts, &hkp->npkts);
560 memcpy(pubp->signid, hkp->keyid,
sizeof(pubp->signid));
562 xx =
pgpPktLen(hkp->pkt, hkp->pktlen, pp);
564 xx = rpmhkpLoadKey(hkp, dig, 0, 0);
568 rpmRC yy = rpmhkpValidate(hkp, NULL);
586 if (pubp->userid == NULL) {
587 if (hkp->uidx >= 0 && hkp->uidx < hkp->npkts) {
588 size_t nb =
pgpPktLen(hkp->pkts[hkp->uidx], hkp->pktlen, pp);
591 t = (
char *) memcpy(
xmalloc(nb + 1), pp->u.u->userid, nb);
599 _rpmhkpDumpDig(__FUNCTION__, dig);
603 if (!memcmp(pubp->signid, zeros,
sizeof(pubp->signid))
604 || !memcmp(pubp->time, zeros,
sizeof(pubp->time))
605 || pubp->userid == NULL)
608 v = t = (
char *)
xmalloc(16+1);
614 n = t = (
char *)
xmalloc(
sizeof(
"gpg()")+8);
617 {
const char * userid =
618 (pubp->userid ? pubp->userid :
pgpHexStr(pubp->signid+4, 4));
619 u = t = (
char *)
xmalloc(
sizeof(
"gpg()")+strlen(userid));
623 evr = t = (
char *)
xmalloc(
sizeof(
"4X:-")+strlen(v)+strlen(r));
624 t =
stpcpy(t, (pubp->version == 4 ?
"4:" :
"3:"));
663 #if defined(SUPPORT_I18NSTRING_TYPE) 664 xx = headerAddI18NString(h, he->
tag, he->
p.
str,
"C");
672 #if defined(SUPPORT_I18NSTRING_TYPE) 673 xx = headerAddI18NString(h, he->
tag, he->
p.
str,
"C");
681 #if defined(SUPPORT_I18NSTRING_TYPE) 682 xx = headerAddI18NString(h, he->
tag, he->
p.
str,
"C");
691 he->
p.
str =
"pubkey";
694 he->
p.
str =
"pubkey";
796 unsigned char * hmagic = NULL;
798 const char * SHA1 = NULL;
801 if (hmagic && nmagic > 0)
840 hkp->pkts =
_free(hkp->pkts);
842 (void) rpmhkpFree(hkp);
882 if (argv == NULL)
return res;
884 while ((fn = *argv++) != NULL) {
891 if (fn[0] ==
'0' && fn[1] ==
'x') {
894 for (i = 0, s = fn+2; *s && isxdigit(*s); s++, i++)
896 if (i == 8 || i == 16) {
897 t =
rpmExpand(
"%{_hkp_keyserver_query}", fn, NULL);
940 unsigned char buf[4*BUFSIZ];
950 const char item[] =
"Header";
951 const char * msg = NULL;
965 if (xx && he->
p.
argv != NULL && he->
c > 0)
971 dig->pub =
_free(dig->pub);
979 dig->pub =
_free(dig->pub);
987 unsigned char * hmagic = NULL;
992 if (!xx || he->
p.
ptr == NULL) {
996 _(
"failed to retrieve original header\n"));
1002 if (hmagic && nmagic > 0)
1006 if (hmagic && nmagic > 0)
1016 const char item[] =
"Payload";
1019 _(
"XAR file not found (or no XAR support)"));
1026 while ((count =
Fread(buf,
sizeof(buf[0]),
sizeof(buf), fd)) > 0)
1027 dig->nbytes += count;
1028 if (count < 0 ||
Ferror(fd)) {
1051 char buf[8192], * b;
1052 char missingKeys[7164], * m;
1053 char untrustedKeys[7164], * u;
1067 {
const char item[] =
"Lead";
1068 const char * msg = NULL;
1083 {
const char item[] =
"Signature";
1084 const char * msg = NULL;
1089 (msg && *msg ? msg :
""));
1107 if (she->
tag == 0 && !nosignatures) {
1113 if (she->
tag == 0 && !nodigests) {
1131 xx = rpmhkpLoadSignature(NULL, dig, pp);
1142 if (dig == NULL || sigp == NULL
1152 m = missingKeys; *m =
'\0';
1153 u = untrustedKeys; *u =
'\0';
1154 sprintf(b,
"%s:%c", fn, (
rpmIsVerbose() ?
'\n' :
' ') );
1163 assert(she->
p.
ptr != NULL);
1179 xx = rpmhkpLoadSignature(NULL, dig, pp);
1180 if (sigp->version != 3 && sigp->version != 4) {
1182 _(
"skipping package %s with unverifiable V%u signature\n"),
1225 b =
stpcpy(b,
"(SHA1) DSA ");
1228 b =
stpcpy(b,
"?UnknownSignatureType? ");
1249 b =
stpcpy(b,
"(sha1) dsa ");
1271 (missingKeys[0] !=
'\0') ?
_(
" (MISSING KEYS:") :
"",
1273 (missingKeys[0] !=
'\0') ?
_(
") ") :
"",
1274 (untrustedKeys[0] !=
'\0') ?
_(
" (UNTRUSTED KEYS:") :
"",
1276 (untrustedKeys[0] !=
'\0') ?
_(
")") :
"");
1285 (missingKeys[0] !=
'\0') ?
_(
" (MISSING KEYS:") :
"",
1287 (missingKeys[0] !=
'\0') ?
_(
") ") :
"",
1288 (untrustedKeys[0] !=
'\0') ?
_(
" (UNTRUSTED KEYS:") :
"",
1290 (untrustedKeys[0] !=
'\0') ?
_(
")") :
"");
1310 if (argv == NULL)
return res;
1347 fd =
Fopen(fn,
"r.fdio");
1348 if (fd == NULL ||
Ferror(fd)) {
Structure(s)and methods for a XAR archive wrapper format.
pgpDigParams pgpGetPubkey(pgpDig dig)
Return OpenPGP pubkey parameters.
int rpmgiRc(rpmgi gi)
Return current iteration item(s) exit code.
int rpmAddSignature(Header sigh, const char *file, rpmSigTag sigTag, const char *passPhrase)
Generate signature(s) from a header+payload file, save in signature header.
pgpDig pgpDigFree(pgpDig dig)
Destroy a container for parsed OpenPGP packates.
rpmRC rpmcliImportPubkey(const rpmts ts, const unsigned char *pkt, ssize_t pktlen)
Import public key packet(s).
int pgpPktLen(const rpmuint8_t *pkt, size_t pleft, pgpPkt pp)
rpmRC rpmpkgWrite(const char *fn, FD_t fd, void *ptr, const char **msg)
Write item onto file descriptor.
enum rpmSigTag_e rpmSigTag
size_t Fwrite(const void *buf, size_t size, size_t nmemb, FD_t fd)
fwrite(3) clone.
char * xstrdup(const char *str)
FD_t Fopen(const char *path, const char *_fmode)
fopen(3) clone.
rpmgi rpmgiFree(rpmgi gi)
Destroy a generalized iterator.
struct pgpDigParams_s * pgpDigParams
DIGEST_CTX rpmDigestInit(pgpHashAlgo hashalgo, rpmDigestFlags flags)
Initialize digest.
enum pgpHashAlgo_e pgpHashAlgo
9.4.
static pgpDig fdGetDig(FD_t fd)
int rpmxarNext(rpmxar xar)
Iterate a xar archive instance.
FD_t fdLink(void *cookie, const char *msg)
static rpmRC readFile(FD_t fd, const char *fn)
int Fflush(FD_t fd)
fflush(3) clone.
int pgpSetSig(pgpDig dig, rpmuint32_t sigtag, rpmuint32_t sigtype, const void *sig, rpmuint32_t siglen)
Set signature tag info, i.e.
rpmiob rpmiobFree(rpmiob iob)
Destroy a I/O buffer instance.
static void rpmlog(int code, const char *fmt,...)
rpmiob rpmiobAppend(rpmiob iob, const char *s, size_t nl)
Append string to I/O buffer.
static void fdInitDigest(FD_t fd, pgpHashAlgo hashalgo, int _flags)
Attach digest to fd.
static int copyFile(FD_t *sfdp, const char **sfnp, FD_t *tfdp, const char **tfnp)
Copy header+payload, calculating digest(s) on the fly.
pgpArmor pgpArmorUnwrap(rpmiob iob, rpmuint8_t **pkt, size_t *pktlen)
Parse armored OpenPGP packets from an iob.
Command line option information.
char * headerSprintf(Header h, const char *fmt, headerTagTableEntry tags, headerSprintfExtension exts, errmsg_t *errmsg)
Return formatted output string from header tags.
static int getSignid(Header sigh, rpmSigTag sigtag, unsigned char *signid)
Retrieve signer fingerprint from an OpenPGP signature tag.
pgpArmor pgpReadPkts(const char *fn, rpmuint8_t **pkt, size_t *pktlen)
Parse armored OpenPGP packets from a file.
void rpmtsCleanDig(rpmts ts)
Free signature verification data.
const char * Fstrerror(FD_t fd)
strerror(3) clone.
int rpmDigestUpdate(DIGEST_CTX ctx, const void *data, size_t len)
Update context with next plain text buffer.
rpmgi rpmgiNew(rpmts ts, int tag, const void *keyp, size_t keylen)
Return a generalized iterator.
static void fdSetDig(FD_t fd, pgpDig dig)
int rpmxarPull(rpmxar xar, const char *fn)
FD_t fdFree(FD_t fd, const char *msg)
unsigned char rpmuint8_t
Private int typedefs to avoid C99 portability issues.
int Rename(const char *oldpath, const char *newpath)
rename(2) clone.
enum rpmgiFlags_e rpmgiFlags
int rpmTempFile(const char *prefix, const char **fnptr, void *fdptr)
Return file handle for a temporaray file.
pgpDigParams pgpGetSignature(pgpDig dig)
Return OpenPGP signature parameters.
rpmRC rpmgiSetArgs(rpmgi gi, ARGV_t argv, int ftsOpts, rpmgiFlags flags)
Load iterator args.
The FD_t File Handle data structure.
Generate and verify rpm package signatures.
Header headerFree(Header h)
Dereference a header instance.
rpmRC rpmVerifySignature(void *_dig, char *result)
Verify a signature from a package.
char * rpmExpand(const char *arg,...)
Return (malloc'ed) concatenated macro expansion(s).
void pgpDigClean(pgpDig dig)
Release (malloc'd) data from container.
size_t Fread(void *buf, size_t size, size_t nmemb, FD_t fd)
fread(3) clone.
int Fclose(FD_t fd)
fclose(3) clone.
rpmiob rpmiobNew(size_t len)
Create an I/O buffer.
Header headerLink(Header h)
Reference a header instance.
int pgpGrabPkts(const rpmuint8_t *pkts, size_t pktlen, rpmuint8_t ***pppkts, int *pnpkts)
Return array of packet pointers.
rpmdb rpmtsGetRdb(rpmts ts)
Get transaction set database handle.
struct rpmgi_s * rpmgi
Generalized iterator.
enum rpmRC_e rpmRC
RPM return codes.
pgpDig pgpDigNew(pgpVSFlags vsflags, pgpPubkeyAlgo pubkey_algo)
Create a container for parsed OpenPGP packates.
int Ferror(FD_t fd)
ferror(3) clone.
Methods to handle package elements.
int pgpPubkeyFingerprint(const rpmuint8_t *pkt, size_t pktlen, rpmuint8_t *keyid)
Print/parse an OpenPGP subtype packet.
char * stpcpy(char *dest, const char *src)
struct rpmts_s * rpmts
The RPM Transaction Set.
static void * _free(const void *p)
Wrapper to free(3), hides const compilation noise, permit NULL, return NULL.
Structures and prototypes used for an "rpmts" transaction set.
static rpmxar fdGetXAR(FD_t fd)
int rpmcliSign(rpmts ts, QVA_t qva, const char **argv)
Create/Modify/Check elements from signature header.
int rpmtsOpenDB(rpmts ts, int dbmode)
Open the database used by the transaction.
rpmRC rpmgiNext(rpmgi gi)
Perform next iteration step.
int rpmDigestFinal(DIGEST_CTX ctx, void *datap, size_t *lenp, int asAscii)
Return digest and destroy context.
int rpmdbAdd(rpmdb db, int iid, Header h, rpmts ts)
Add package header to rpm database and indices.
const char * rpmgiHdrPath(rpmgi gi)
Return current header path.
static int rpmReSign(rpmts ts, QVA_t qva, const char **argv)
Create/modify elements in signature header.
rpmRC rpmpkgRead(const char *fn, FD_t fd, void *ptr, const char **msg)
Read item from file descriptor.
rpmuint32_t rpmtsGetTid(rpmts ts)
Get transaction id, i.e.
Access RPM indices using Berkeley DB interface(s).
static void fdStealDigest(FD_t fd, pgpDig dig)
static int rpmcliImportPubkeys(const rpmts ts, QVA_t qva, const char **argv)
Import public key(s).
static int manageFile(FD_t *fdp, const char **fnp, int flags, int rc)
static char * pgpHexStr(const rpmuint8_t *p, size_t plen)
Return hex formatted representation of bytes.
pgpDig rpmtsDig(rpmts ts)
Get OpenPGP packet parameters, i.e.
int rpmVerifySignatures(QVA_t qva, rpmts ts, void *_fd, const char *fn)
Check package and header signatures.
void rpmtsClean(rpmts ts)
Free memory needed only for dependency checks and ordering.
int Unlink(const char *path)
unlink(2) clone.