12 #define _RPMHKP_INTERNAL
17 #define _RPMEVR_INTERNAL
19 #define _RPMDB_INTERNAL
26 #define _RPMTS_INTERNAL
65 if (*fdp && (fnp == NULL || *fnp == NULL)) {
72 if (*fdp == NULL && fnp != NULL && *fnp != NULL) {
73 fd =
Fopen(*fnp, ((flags & O_WRONLY) ?
"w.fdio" :
"r.fdio"));
74 if (fd == NULL ||
Ferror(fd)) {
84 if (*fdp == NULL && (fnp == NULL || *fnp == NULL)) {
93 *fdp =
fdLink(fd,
"manageFile return");
94 fd =
fdFree(fd,
"manageFile return");
100 if (*fdp != NULL && fnp != NULL && *fnp != NULL)
111 FD_t *tfdp,
const char **tfnp)
117 unsigned char buf[BUFSIZ];
123 if (
manageFile(tfdp, tfnp, O_WRONLY|O_CREAT|O_TRUNC, 0))
126 while ((count =
Fread(buf,
sizeof(buf[0]),
sizeof(buf), *sfdp)) > 0)
128 if (
Fwrite(buf,
sizeof(buf[0]), count, *tfdp) != (
size_t)count) {
147 if (*sfdp) (void)
manageFile(sfdp, NULL, 0, rc);
148 if (*tfdp) (void)
manageFile(tfdp, NULL, 0, rc);
169 if (xx && he->
p.
ptr != NULL) {
176 memcpy(signid, dig->signature.signid,
sizeof(dig->signature.signid));
194 QVA_t qva,
const char ** argv)
206 const char *sigtarget = NULL;
235 fprintf(stdout,
"%s:\n", fn);
242 {
const char item[] =
"Lead";
243 const char * msg = NULL;
253 {
const char item[] =
"Signature";
254 const char * msg = NULL;
259 (msg && *msg ? msg :
""));
276 if (
copyFile(&fd, &fn, &ofd, &sigtarget))
331 size_t nsigs =
sizeof(sigs) /
sizeof(sigs[0]);
332 for (i = 0; i < (int)nsigs; i++) {
346 size_t nsigs =
sizeof(sigs) /
sizeof(sigs[0]);
347 for (i = 0; i < (int)nsigs; i++) {
357 unsigned char oldsignid[8], newsignid[8];
360 memset(oldsignid, 0,
sizeof(oldsignid));
400 memset(newsignid, 0,
sizeof(newsignid));
401 if (memcmp(oldsignid, newsignid,
sizeof(oldsignid))) {
407 if (!memcmp(oldsignid, newsignid,
sizeof(oldsignid))) {
410 _(
"%s: was already signed by key ID %s, skipping\n"),
411 fn,
pgpHexStr(newsignid+4,
sizeof(newsignid)-4));
415 sigtarget =
_free(sigtarget);
431 #if defined(HAVE_MKSTEMP)
433 (void) close(mkstemp(tmprpm));
436 (void) mktemp(tmprpm);
440 if (
manageFile(&ofd, &tfn, O_WRONLY|O_CREAT|O_TRUNC, 0))
443 {
const char item[] =
"Lead";
444 const char * msg = NULL;
454 {
const char item[] =
"Signature";
455 const char * msg = NULL;
469 if (
copyFile(&fd, &sigtarget, &ofd, &tfn))
481 sigtarget =
_free(sigtarget);
497 if (ofd) (void)
manageFile(&ofd, NULL, 0, res);
505 sigtarget =
_free(sigtarget);
507 if (tmprpm[0] !=
'\0') {
518 static unsigned char zeros[] =
519 { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
520 const char * afmt =
"%{pubkeys:armor}";
521 const char * group =
"Public Keys";
522 const char * license =
"pubkey";
523 const char * buildhost =
"localhost";
528 const char *
d = NULL;
529 const char * enc = NULL;
530 const char * n = NULL;
531 const char * u = NULL;
532 const char *
v = NULL;
533 const char * r = NULL;
534 const char * evr = NULL;
549 hkp->pktlen = pktlen;
551 if (pkt == NULL || pktlen <= 0)
557 if ((enc = b64encode(pkt, pktlen)) == NULL)
564 xx =
pgpGrabPkts(hkp->pkt, hkp->pktlen, &hkp->pkts, &hkp->npkts);
567 memcpy(pubp->signid, hkp->keyid,
sizeof(pubp->signid));
569 xx =
pgpPktLen(hkp->pkt, hkp->pktlen, pp);
593 if (pubp->userid == NULL) {
594 if (hkp->uidx >= 0 && hkp->uidx < hkp->npkts) {
595 size_t nb =
pgpPktLen(hkp->pkts[hkp->uidx], hkp->pktlen, pp);
598 t = (
char *) memcpy(
xmalloc(nb + 1), pp->u.u->userid, nb);
610 if (!memcmp(pubp->signid, zeros,
sizeof(pubp->signid))
611 || !memcmp(pubp->time, zeros,
sizeof(pubp->time))
612 || pubp->userid == NULL)
615 v = t = (
char *)
xmalloc(16+1);
621 n = t = (
char *)
xmalloc(
sizeof(
"gpg()")+8);
624 {
const char * userid =
625 (pubp->userid ? pubp->userid :
pgpHexStr(pubp->signid+4, 4));
626 u = t = (
char *)
xmalloc(
sizeof(
"gpg()")+strlen(userid));
630 evr = t = (
char *)
xmalloc(
sizeof(
"4X:-")+strlen(v)+strlen(r));
631 t =
stpcpy(t, (pubp->version == 4 ?
"4:" :
"3:"));
670 #if defined(SUPPORT_I18NSTRING_TYPE)
671 xx = headerAddI18NString(h, he->
tag, he->
p.
str,
"C");
679 #if defined(SUPPORT_I18NSTRING_TYPE)
680 xx = headerAddI18NString(h, he->
tag, he->
p.
str,
"C");
688 #if defined(SUPPORT_I18NSTRING_TYPE)
689 xx = headerAddI18NString(h, he->
tag, he->
p.
str,
"C");
698 he->
p.
str =
"pubkey";
701 he->
p.
str =
"pubkey";
803 unsigned char * hmagic = NULL;
805 const char * SHA1 = NULL;
808 if (hmagic && nmagic > 0)
847 hkp->pkts =
_free(hkp->pkts);
889 if (argv == NULL)
return res;
891 while ((fn = *argv++) != NULL) {
898 if (fn[0] ==
'0' && fn[1] ==
'x') {
901 for (i = 0, s = fn+2; *s && isxdigit(*s); s++, i++)
903 if (i == 8 || i == 16) {
904 t =
rpmExpand(
"%{_hkp_keyserver_query}", fn, NULL);
947 unsigned char buf[4*BUFSIZ];
957 const char item[] =
"Header";
958 const char * msg = NULL;
972 if (xx && he->
p.
argv != NULL && he->
c > 0)
978 dig->pub =
_free(dig->pub);
986 dig->pub =
_free(dig->pub);
994 unsigned char * hmagic = NULL;
999 if (!xx || he->
p.
ptr == NULL) {
1003 _(
"failed to retrieve original header\n"));
1010 if (hmagic && nmagic > 0)
1014 if (hmagic && nmagic > 0)
1024 const char item[] =
"Payload";
1027 _(
"XAR file not found (or no XAR support)"));
1034 while ((count =
Fread(buf,
sizeof(buf[0]),
sizeof(buf), fd)) > 0)
1035 dig->nbytes += count;
1036 if (count < 0 ||
Ferror(fd)) {
1059 char buf[8192], *
b;
1060 char missingKeys[7164], * m;
1061 char untrustedKeys[7164], * u;
1075 {
const char item[] =
"Lead";
1076 const char * msg = NULL;
1091 {
const char item[] =
"Signature";
1092 const char * msg = NULL;
1097 (msg && *msg ? msg :
""));
1115 if (she->
tag == 0 && !nosignatures) {
1123 if (she->
tag == 0 && !nodigests) {
1152 if (dig == NULL || sigp == NULL
1162 m = missingKeys; *m =
'\0';
1163 u = untrustedKeys; *u =
'\0';
1164 sprintf(b,
"%s:%c", fn, (
rpmIsVerbose() ?
'\n' :
' ') );
1173 assert(she->
p.
ptr != NULL);
1191 if (sigp->version != 3 && sigp->version != 4) {
1193 _(
"skipping package %s with unverifiable V%u signature\n"),
1236 b =
stpcpy(b,
"(SHA1) DSA ");
1242 b =
stpcpy(b,
"?UnknownSignatureType? ");
1263 b =
stpcpy(b,
"(sha1) dsa ");
1288 (missingKeys[0] !=
'\0') ?
_(
" (MISSING KEYS:") :
"",
1290 (missingKeys[0] !=
'\0') ?
_(
") ") :
"",
1291 (untrustedKeys[0] !=
'\0') ?
_(
" (UNTRUSTED KEYS:") :
"",
1293 (untrustedKeys[0] !=
'\0') ?
_(
")") :
"");
1302 (missingKeys[0] !=
'\0') ?
_(
" (MISSING KEYS:") :
"",
1304 (missingKeys[0] !=
'\0') ?
_(
") ") :
"",
1305 (untrustedKeys[0] !=
'\0') ?
_(
" (UNTRUSTED KEYS:") :
"",
1307 (untrustedKeys[0] !=
'\0') ?
_(
")") :
"");
1327 if (argv == NULL)
return res;
1364 fd =
Fopen(fn,
"r.fdio");
1365 if (fd == NULL ||
Ferror(fd)) {
Structure(s)and methods for a XAR archive wrapper format.
const char const double d
void _rpmhkpDumpDig(const char *msg, pgpDig dig, FILE *fp)
pgpDigParams pgpGetPubkey(pgpDig dig)
Return OpenPGP pubkey parameters.
int rpmgiRc(rpmgi gi)
Return current iteration item(s) exit code.
int rpmtxnBegin(rpmdb rpmdb, rpmtxn parent, rpmtxn *txnp)
int rpmAddSignature(Header sigh, const char *file, rpmSigTag sigTag, const char *passPhrase)
Generate signature(s) from a header+payload file, save in signature header.
rpmRC rpmhkpValidate(rpmhkp hkp, const char *keyname)
Retrieve/Validate binding and certification signatures on a pubkey.
int rpmtxnCheckpoint(rpmdb rpmdb)
pgpDig pgpDigFree(pgpDig dig)
Destroy a container for parsed OpenPGP packates.
const char bson_timestamp_t * ts
rpmRC rpmcliImportPubkey(const rpmts ts, const unsigned char *pkt, ssize_t pktlen)
Import public key packet(s).
int pgpPktLen(const rpmuint8_t *pkt, size_t pleft, pgpPkt pp)
rpmRC rpmpkgWrite(const char *fn, FD_t fd, void *ptr, const char **msg)
Write item onto file descriptor.
int rpmtxnCommit(rpmtxn txn)
enum rpmSigTag_e rpmSigTag
size_t Fwrite(const void *buf, size_t size, size_t nmemb, FD_t fd)
fwrite(3) clone.
char * xstrdup(const char *str)
FD_t Fopen(const char *path, const char *_fmode)
fopen(3) clone.
rpmgi rpmgiFree(rpmgi gi)
Destroy a generalized iterator.
struct pgpDigParams_s * pgpDigParams
DIGEST_CTX rpmDigestInit(pgpHashAlgo hashalgo, rpmDigestFlags flags)
Initialize digest context.
enum pgpHashAlgo_e pgpHashAlgo
9.4.
rpmhkp rpmhkpNew(const rpmuint8_t *keyid, uint32_t flags)
Create a new hkp handle.
static pgpDig fdGetDig(FD_t fd)
int rpmxarNext(rpmxar xar)
Iterate a xar archive instance.
FD_t fdLink(void *cookie, const char *msg)
static rpmRC readFile(FD_t fd, const char *fn)
int Fflush(FD_t fd)
fflush(3) clone.
int pgpSetSig(pgpDig dig, rpmuint32_t sigtag, rpmuint32_t sigtype, const void *sig, rpmuint32_t siglen)
Set signature tag info, i.e.
rpmiob rpmiobFree(rpmiob iob)
Destroy a I/O buffer instance.
static void rpmlog(int code, const char *fmt,...)
rpmiob rpmiobAppend(rpmiob iob, const char *s, size_t nl)
Append string to I/O buffer.
rpmhkp rpmhkpFree(rpmhkp hkp)
Destroy a hkp handle.
static void fdInitDigest(FD_t fd, pgpHashAlgo hashalgo, int _flags)
Attach digest to fd.
static int copyFile(FD_t *sfdp, const char **sfnp, FD_t *tfdp, const char **tfnp)
Copy header+payload, calculating digest(s) on the fly.
pgpArmor pgpArmorUnwrap(rpmiob iob, rpmuint8_t **pkt, size_t *pktlen)
Parse armored OpenPGP packets from an iob.
Command line option information.
char * headerSprintf(Header h, const char *fmt, headerTagTableEntry tags, headerSprintfExtension exts, errmsg_t *errmsg)
Return formatted output string from header tags.
static int getSignid(Header sigh, rpmSigTag sigtag, unsigned char *signid)
Retrieve signer fingerprint from an OpenPGP signature tag.
pgpArmor pgpReadPkts(const char *fn, rpmuint8_t **pkt, size_t *pktlen)
Parse armored OpenPGP packets from a file.
void rpmtsCleanDig(rpmts ts)
Free signature verification data.
const char * Fstrerror(FD_t fd)
strerror(3) clone.
const char const bson_bool_t v
int rpmDigestUpdate(DIGEST_CTX ctx, const void *data, size_t len)
Update context with next plain text buffer.
rpmgi rpmgiNew(rpmts ts, int tag, const void *keyp, size_t keylen)
Return a generalized iterator.
static void fdSetDig(FD_t fd, pgpDig dig)
int rpmxarPull(rpmxar xar, const char *fn)
FD_t fdFree(FD_t fd, const char *msg)
unsigned char rpmuint8_t
Private int typedefs to avoid C99 portability issues.
int Rename(const char *oldpath, const char *newpath)
rename(2) clone.
enum rpmgiFlags_e rpmgiFlags
int rpmTempFile(const char *prefix, const char **fnptr, void *fdptr)
Return file handle for a temporaray file.
pgpDigParams pgpGetSignature(pgpDig dig)
Return OpenPGP signature parameters.
rpmRC rpmgiSetArgs(rpmgi gi, ARGV_t argv, int ftsOpts, rpmgiFlags flags)
Load iterator args.
The FD_t File Handle data structure.
Generate and verify rpm package signatures.
Header headerFree(Header h)
Dereference a header instance.
rpmRC rpmVerifySignature(void *_dig, char *result)
Verify a signature from a package.
char * rpmExpand(const char *arg,...)
Return (malloc'ed) concatenated macro expansion(s).
void pgpDigClean(pgpDig dig)
Release (malloc'd) data from container.
size_t Fread(void *buf, size_t size, size_t nmemb, FD_t fd)
fread(3) clone.
int Fclose(FD_t fd)
fclose(3) clone.
rpmiob rpmiobNew(size_t len)
Create an I/O buffer.
const char const bson int mongo_write_concern int flags
Header headerLink(Header h)
Reference a header instance.
int pgpGrabPkts(const rpmuint8_t *pkts, size_t pktlen, rpmuint8_t ***pppkts, int *pnpkts)
Return array of packet pointers.
rpmdb rpmtsGetRdb(rpmts ts)
Get transaction set database handle.
struct rpmgi_s * rpmgi
Generalized iterator.
enum rpmRC_e rpmRC
RPM return codes.
pgpDig pgpDigNew(pgpVSFlags vsflags, pgpPubkeyAlgo pubkey_algo)
Create a container for parsed OpenPGP packates.
rpmhkp rpmhkpLink(rpmhkp hkp)
Reference a hkp handle instance.
int Ferror(FD_t fd)
ferror(3) clone.
Methods to handle package elements.
int pgpPubkeyFingerprint(const rpmuint8_t *pkt, size_t pktlen, rpmuint8_t *keyid)
Print/parse an OpenPGP subtype packet.
char * stpcpy(char *dest, const char *src)
struct rpmts_s * rpmts
The RPM Transaction Set.
static void * _free(const void *p)
Wrapper to free(3), hides const compilation noise, permit NULL, return NULL.
Structures and prototypes used for an "rpmts" transaction set.
static rpmxar fdGetXAR(FD_t fd)
Structure(s) and routine(s) used for EVR parsing and comparison.
int rpmcliSign(rpmts ts, QVA_t qva, const char **argv)
Create/Modify/Check elements from signature header.
int rpmtsOpenDB(rpmts ts, int dbmode)
Open the database used by the transaction.
int rpmhkpLoadKey(rpmhkp hkp, pgpDig dig, int keyx, rpmuint8_t pubkey_algo)
rpmRC rpmgiNext(rpmgi gi)
Perform next iteration step.
int rpmDigestFinal(DIGEST_CTX ctx, void *datap, size_t *lenp, int asAscii)
Return digest and destroy context.
int rpmdbAdd(rpmdb db, int iid, Header h, rpmts ts)
Add package header to rpm database and indices.
const char * rpmgiHdrPath(rpmgi gi)
Return current header path.
static int rpmReSign(rpmts ts, QVA_t qva, const char **argv)
Create/modify elements in signature header.
rpmRC rpmpkgRead(const char *fn, FD_t fd, void *ptr, const char **msg)
Read item from file descriptor.
Database transaction wrappers.
rpmuint32_t rpmtsGetTid(rpmts ts)
Get transaction id, i.e.
Access RPM indices using Berkeley DB interface(s).
static void fdStealDigest(FD_t fd, pgpDig dig)
static int rpmcliImportPubkeys(const rpmts ts, QVA_t qva, const char **argv)
Import public key(s).
static int manageFile(FD_t *fdp, const char **fnp, int flags, int rc)
static char * pgpHexStr(const rpmuint8_t *p, size_t plen)
Return hex formatted representation of bytes.
pgpDig rpmtsDig(rpmts ts)
Get OpenPGP packet parameters, i.e.
int rpmtxnAbort(rpmtxn txn)
int rpmhkpLoadSignature(rpmhkp hkp, pgpDig dig, pgpPkt pp)
int rpmVerifySignatures(QVA_t qva, rpmts ts, void *_fd, const char *fn)
Check package and header signatures.
void rpmtsClean(rpmts ts)
Free memory needed only for dependency checks and ordering.
int Unlink(const char *path)
unlink(2) clone.