10 #define _RPMPGP_INTERNAL 32 const char * tpmacro =
"%{?_tmppath}%{!?_tmppath:/var/tmp/}";
33 const char * tempfn = NULL;
34 const char * tfn = NULL;
35 static int _initialized = 0;
40 if (!prefix) prefix =
"";
46 if (
rpmioMkpath(tempfn, 0755, (uid_t) -1, (gid_t) -1))
51 ran = (unsigned) time(NULL);
53 ran = rand() % 100000;
60 sprintf(tfnbuf,
"rpm-tmp.%u", ran++);
61 tempfn =
_free(tempfn);
64 strcpy(tfnbuf,
"rpm-tmp.XXXXXX");
65 tempfn =
_free(tempfn);
66 tempfn =
rpmGenPath(prefix, tpmacro, mktemp(tfnbuf));
70 if (*tfn ==
'\0')
goto errxit;
85 fd =
Fopen(tempfn,
"w+x.fdio");
87 }
while ((fd == NULL ||
Ferror(fd)) &&
errno == EEXIST);
89 if (fd == NULL ||
Ferror(fd)) {
97 {
struct stat sb, sb2;
98 if (!stat(tfn, &sb) &&
S_ISLNK(sb.st_mode)) {
103 if (sb.st_nlink != 1) {
108 if (fstat(
Fileno(fd), &sb2) == 0) {
109 if (sb2.st_ino != sb.st_ino || sb2.st_dev != sb.st_dev) {
122 tempfn =
_free(tempfn);
129 tempfn =
_free(tempfn);
133 if (fd != NULL) (void)
Fclose(fd);
150 const char * passPhrase)
156 char * sigfile = (
char *)
alloca(strlen(file)+
sizeof(
".sig"));
166 const char * pw = NULL;
171 addMacro(NULL,
"__plaintext_filename", NULL, file, -1);
172 addMacro(NULL,
"__signature_filename", NULL, sigfile, -1);
174 inpipe[0] = inpipe[1] = 0;
175 if (pipe(inpipe) < 0) {
180 if (!(pid = fork())) {
181 const char *gpg_path =
rpmExpand(
"%{?_gpg_path}", NULL);
183 (void) dup2(inpipe[0], 3);
184 (void) close(inpipe[1]);
186 if (gpg_path && *gpg_path !=
'\0')
187 (void)
setenv(
"GNUPGHOME", gpg_path, 1);
190 cmd =
rpmExpand(
"%{?__gpg_sign_cmd}", NULL);
191 rc = poptParseArgvString(cmd, NULL, (
const char ***)&av);
193 rc = execve(av[0], av+1,
environ);
200 delMacro(NULL,
"__plaintext_filename");
201 delMacro(NULL,
"__signature_filename");
210 fpipe = fdopen(inpipe[1],
"w");
211 (void) close(inpipe[0]);
213 fprintf(fpipe,
"%s\n", (pw ? pw :
""));
214 (void) fclose(fpipe);
218 (void) memset((
void *)pw, 0, strlen(pw));
223 (void) waitpid(pid, &status, 0);
225 if (!WIFEXITED(status) || WEXITSTATUS(status)) {
230 if (
Stat(sigfile, &st)) {
232 if (sigfile) (void)
Unlink(sigfile);
244 fd =
Fopen(sigfile,
"r.ufdio");
245 if (fd != NULL && !
Ferror(fd)) {
246 rc = (int)
Fread(*pktp,
sizeof((*pktp)[0]), *pktlenp, fd);
247 if (sigfile) (void)
Unlink(sigfile);
251 *pktp =
_free(*pktp);
300 const char * passPhrase)
309 const char * fn = NULL;
327 {
const char * SHA1 = NULL;
328 fd =
Fopen(file,
"r.fdio");
329 if (fd == NULL ||
Ferror(fd))
331 {
const char item[] =
"Header";
341 (void)
Fclose(fd); fd = NULL;
344 unsigned char * hmagic = NULL;
357 if (hmagic && nmagic > 0)
379 fd =
Fopen(file,
"r.fdio");
380 if (fd == NULL ||
Ferror(fd))
382 {
const char item[] =
"Header";
392 (void)
Fclose(fd); fd = NULL;
396 {
const char item[] =
"Header";
406 (void)
Fclose(fd); fd = NULL;
428 if (fd != NULL) (void)
Fclose(fd);
434 const char * passPhrase)
448 if (
Stat(file, &st) != 0)
498 if (!(passPhrase && passPhrase[0]))
504 if (!(pid = fork())) {
509 xx = close(STDIN_FILENO);
510 xx = close(STDOUT_FILENO);
513 xx = close(STDERR_FILENO);
514 if ((fdno = open(
"/dev/null", O_RDONLY)) != STDIN_FILENO) {
515 xx = dup2(fdno, STDIN_FILENO);
518 if ((fdno = open(
"/dev/null", O_WRONLY)) != STDOUT_FILENO) {
519 xx = dup2(fdno, STDOUT_FILENO);
525 {
const char *gpg_path =
rpmExpand(
"%{?_gpg_path}", NULL);
527 if (gpg_path && *gpg_path !=
'\0')
528 (void)
setenv(
"GNUPGHOME", gpg_path, 1);
530 cmd =
rpmExpand(
"%{?__gpg_check_password_cmd}", NULL);
531 rc = poptParseArgvString(cmd, NULL, (
const char ***)&av);
533 rc = execve(av[0], av+1,
environ);
548 xx = (int) write(p[1], pw, strlen(pw));
549 xx = (int) write(p[1],
"\n", 1);
553 (void) memset((
void *)pw, 0, strlen(pw));
558 (void) waitpid(pid, &status, 0);
561 return ((!WIFEXITED(status) || WEXITSTATUS(status)) ? 1 : 0);
588 t =
stpcpy(t,
_(
"Header+Payload size: "));
590 if (sig == NULL || dig == NULL || dig->nbytes == 0) {
596 memcpy(&size, sig,
sizeof(size));
601 sprintf(t,
" Expected(%u) != (%u)\n", (
unsigned)size, (
unsigned)dig->nbytes);
605 sprintf(t,
" (%u)", (
unsigned)dig->nbytes);
624 assert(md5ctx != NULL);
643 if (op != NULL) op->
count--;
646 if (md5len != siglen || memcmp(md5sum, sig, md5len)) {
649 t =
stpcpy(t,
" Expected(");
663 md5sum =
_free(md5sum);
684 const char * SHA1 = NULL;
687 assert(shactx != NULL);
710 || strlen(SHA1) != strlen((
char *)sig)
711 || strcmp(SHA1, (
char *)sig))
715 t =
stpcpy(t,
" Expected(");
716 t =
stpcpy(t, (
char *)sig);
753 fprintf(stderr,
"--> %s(%p,%p,%p) sig %p sigp %p\n", __FUNCTION__, dig, t, rsactx, sig, sigp);
756 assert(rsactx != NULL);
757 assert(sigp != NULL);
764 if (dig->hdrctx == rsactx)
769 switch (sigp->version) {
770 case 3: *t++ =
'3';
break;
771 case 4: *t++ =
'4';
break;
777 if (strcmp(hashname,
"UNKNOWN")) {
782 t =
stpcpy(t,
_(
" signature: "));
788 if (sigp->hash != NULL)
793 trailer[0] = sigp->version;
795 trailer[2] = (sigp->hashlen >> 24);
796 trailer[3] = (sigp->hashlen >> 16);
797 trailer[4] = (sigp->hashlen >> 8);
798 trailer[5] = (sigp->hashlen );
802 if (op != NULL) op->
count--;
827 t =
stpcpy(t,
", key ID ");
828 (void)
pgpHexCvt(t, sigp->signid+4,
sizeof(sigp->signid)-4);
855 fprintf(stderr,
"--> %s(%p,%p,%p) sig %p sigp %p\n", __FUNCTION__, dig, t, dsactx, sig, sigp);
858 assert(dsactx != NULL);
859 assert(sigp != NULL);
866 if (dig != NULL && dig->hdrsha1ctx == dsactx)
871 switch (sigp->version) {
872 case 3: *t++ =
'3';
break;
873 case 4: *t++ =
'4';
break;
879 if (strcmp(hashname,
"UNKNOWN") && strcmp(hashname,
"SHA1")) {
884 t =
stpcpy(t,
_(
" signature: "));
890 if (sigp->hash != NULL)
895 trailer[0] = sigp->version;
897 trailer[2] = (sigp->hashlen >> 24);
898 trailer[3] = (sigp->hashlen >> 16);
899 trailer[4] = (sigp->hashlen >> 8);
900 trailer[5] = (sigp->hashlen );
904 if (op != NULL) op->
count--;
929 t =
stpcpy(t,
", key ID ");
930 (void)
pgpHexCvt(t, sigp->signid+4,
sizeof(sigp->signid)-4);
935 fprintf(stderr,
"<-- %s(%p,%p,%p) res %d %s\n", __FUNCTION__, dig, t, dsactx, res, t);
950 fprintf(stderr,
"--> %s(%p,%p) sig %p[%u]\n", __FUNCTION__, _dig, result, sig, siglen);
952 if (dig == NULL || sig == NULL || siglen == 0) {
953 sprintf(result,
_(
"Verify signature: BAD PARAMETERS\n"));
963 res =
verifyMD5(dig, result, dig->md5ctx);
966 res =
verifySHA1(dig, result, dig->hdrsha1ctx);
969 res =
verifyRSA(dig, result, dig->hdrctx);
972 res =
verifyDSA(dig, result, dig->hdrsha1ctx);
975 sprintf(result,
_(
"Signature: UNKNOWN (%u)\n"), (
unsigned)sigtag);
982 fprintf(stderr,
"<-- %s(%p,%p) res %d %s\n", __FUNCTION__, _dig, result, res, result);
static int makeGPGSignature(const char *file, rpmSigTag *sigTagp, rpmuint8_t **pktp, rpmuint32_t *pktlenp, const char *passPhrase)
Generate GPG signature(s) for a header+payload file.
static rpmRC verifySHA1(pgpDig dig, char *t, DIGEST_CTX shactx)
Verify header immutable region SHA-1 digest.
int rpmAddSignature(Header sigh, const char *file, rpmSigTag sigTag, const char *passPhrase)
Generate signature(s) from a header+payload file, save in signature header.
rpmtime_t rpmswExit(rpmop op, ssize_t rc)
Exit timed operation.
pgpDig pgpDigFree(pgpDig dig)
Destroy a container for parsed OpenPGP packates.
rpmuint32_t pgpGetSiglen(pgpDig dig)
Get signature tag data length, i.e.
OpenPGP constants and structures from RFC-2440.
rpmRC rpmpkgWrite(const char *fn, FD_t fd, void *ptr, const char **msg)
Write item onto file descriptor.
const void * pgpGetSig(pgpDig dig)
Get signature tag data, i.e.
enum rpmSigTag_e rpmSigTag
int rpmCheckPassPhrase(const char *passPhrase)
Check for valid pass phrase by invoking a helper.
FD_t Fopen(const char *path, const char *_fmode)
fopen(3) clone.
struct pgpDigParams_s * pgpDigParams
DIGEST_CTX rpmDigestInit(pgpHashAlgo hashalgo, rpmDigestFlags flags)
Initialize digest.
int rpmioMkpath(const char *path, mode_t mode, uid_t uid, gid_t gid)
Insure that directories in path exist, creating as needed.
int setenv(const char *name, const char *value, int replace)
int Stat(const char *path, struct stat *st)
stat(2) clone.
void addMacro(MacroContext mc, const char *n, const char *o, const char *b, int level)
Add macro to context.
int dodigest(int dalgo, const char *fn, unsigned char *digest, unsigned dflags, size_t *fsizep)
Return digest and size of a file.
static void rpmlog(int code, const char *fmt,...)
static int pgpImplSetDSA(DIGEST_CTX ctx, pgpDig dig, pgpDigParams sigp)
void delMacro(MacroContext mc, const char *n)
Delete macro from context.
int rpmDigestUpdate(DIGEST_CTX ctx, const void *data, size_t len)
Update context with next plain text buffer.
int pgpFindPubkey(pgpDig dig)
Call find pubkey vector.
unsigned char rpmuint8_t
Private int typedefs to avoid C99 portability issues.
static int makeHDRSignature(Header sigh, const char *file, rpmSigTag sigTag, const char *passPhrase)
Generate header only signature(s) from a header+payload file.
int rpmTempFile(const char *prefix, const char **fnptr, void *fdptr)
Return file handle for a temporaray file.
pgpHashAlgo rpmDigestAlgo(DIGEST_CTX ctx)
Return digest algorithm identifier.
static char * pgpHexCvt(char *t, const rpmuint8_t *s, size_t nbytes)
Convert to hex.
pgpDigParams pgpGetSignature(pgpDig dig)
Return OpenPGP signature parameters.
rpmuint32_t pgpGetSigtag(pgpDig dig)
Get signature tag.
The FD_t File Handle data structure.
const char * rpmGenPath(const char *urlroot, const char *urlmdir, const char *urlfile)
Merge 3 args into path, any or all of which may be a url.
Generate and verify rpm package signatures.
Header headerFree(Header h)
Dereference a header instance.
rpmRC rpmVerifySignature(void *_dig, char *result)
Verify a signature from a package.
int rpmswEnter(rpmop op, ssize_t rc)
Enter timed operation.
char * rpmExpand(const char *arg,...)
Return (malloc'ed) concatenated macro expansion(s).
size_t Fread(void *buf, size_t size, size_t nmemb, FD_t fd)
fread(3) clone.
void unsetenv(const char *name)
static const char * rpmSigString(rpmRC res)
int Fclose(FD_t fd)
fclose(3) clone.
Cumulative statistics for an operation.
static rpmRC verifySize(const pgpDig dig, char *t)
static int pgpImplSetRSA(DIGEST_CTX ctx, pgpDig dig, pgpDigParams sigp)
enum pgpPubkeyAlgo_e pgpPubkeyAlgo
9.1.
enum rpmRC_e rpmRC
RPM return codes.
pgpDig pgpDigNew(pgpVSFlags vsflags, pgpPubkeyAlgo pubkey_algo)
Create a container for parsed OpenPGP packates.
int Ferror(FD_t fd)
ferror(3) clone.
urltype urlPath(const char *url, const char **pathp)
Return path component of URL.
static const char * prefix[]
Tables for prefixing and suffixing patterns, according to the -w, -x, and -F options.
static rpmRC verifyDSA(pgpDig dig, char *t, DIGEST_CTX dsactx)
Verify DSA signature.
Methods to handle package elements.
char * stpcpy(char *dest, const char *src)
static void * _free(const void *p)
Wrapper to free(3), hides const compilation noise, permit NULL, return NULL.
const char * rpmDigestName(DIGEST_CTX ctx)
Return digest name.
static int pgpImplVerify(pgpDig dig)
int pgpPrtPkts(const rpmuint8_t *pkts, size_t pktlen, pgpDig dig, int printing)
Print/parse a OpenPGP packet(s).
int Fileno(FD_t fd)
fileno(3) clone.
int rpmDigestFinal(DIGEST_CTX ctx, void *datap, size_t *lenp, int asAscii)
Return digest and destroy context.
static rpmRC verifyMD5(pgpDig dig, char *t, DIGEST_CTX md5ctx)
rpmRC rpmpkgRead(const char *fn, FD_t fd, void *ptr, const char **msg)
Read item from file descriptor.
Access RPM indices using Berkeley DB interface(s).
static rpmRC verifyRSA(pgpDig dig, char *t, DIGEST_CTX rsactx)
Verify RSA signature.
void * pgpStatsAccumulator(pgpDig dig, int opx)
Return pgpDig container accumulator structure.
const char * rpmkuPassPhrase(const char *passPhrase)
Return pass phrase from keyutils keyring.
DIGEST_CTX rpmDigestDup(DIGEST_CTX octx)
Duplicate a digest context.
int Unlink(const char *path)
unlink(2) clone.