12 #define _RPMHKP_INTERNAL
17 #define _RPMEVR_INTERNAL
19 #define _RPMDB_INTERNAL
26 #define _RPMTS_INTERNAL
65 if (*fdp && (fnp ==
NULL || *fnp ==
NULL)) {
73 fd =
Fopen(*fnp, ((flags & O_WRONLY) ?
"w.fdio" :
"r.fdio"));
93 *fdp =
fdLink(fd,
"manageFile return");
94 fd =
fdFree(fd,
"manageFile return");
111 FD_t *tfdp,
const char **tfnp)
117 unsigned char buf[BUFSIZ];
123 if (
manageFile(tfdp, tfnp, O_WRONLY|O_CREAT|O_TRUNC, 0))
126 while ((count =
Fread(buf,
sizeof(buf[0]),
sizeof(buf), *sfdp)) > 0)
128 if (
Fwrite(buf,
sizeof(buf[0]), count, *tfdp) != (
size_t)count) {
175 if (!rpmhkpLoadSignature(
NULL, dig, pp)) {
176 memcpy(signid, dig->signature.signid,
sizeof(dig->signature.signid));
206 const char *sigtarget =
NULL;
242 {
const char item[] =
"Lead";
253 {
const char item[] =
"Signature";
259 (msg && *msg ? msg :
""));
276 if (
copyFile(&fd, &fn, &ofd, &sigtarget))
331 size_t nsigs =
sizeof(sigs) /
sizeof(sigs[0]);
332 for (i = 0; i < (
int)nsigs; i++) {
346 size_t nsigs =
sizeof(sigs) /
sizeof(sigs[0]);
347 for (i = 0; i < (
int)nsigs; i++) {
357 unsigned char oldsignid[8], newsignid[8];
360 memset(oldsignid, 0,
sizeof(oldsignid));
394 memset(newsignid, 0,
sizeof(newsignid));
395 if (memcmp(oldsignid, newsignid,
sizeof(oldsignid))) {
401 if (!memcmp(oldsignid, newsignid,
sizeof(oldsignid))) {
404 _(
"%s: was already signed by key ID %s, skipping\n"),
405 fn,
pgpHexStr(newsignid+4,
sizeof(newsignid)-4));
409 sigtarget =
_free(sigtarget);
425 #if defined(HAVE_MKSTEMP)
427 (
void) close(mkstemp(tmprpm));
430 (
void) mktemp(tmprpm);
434 if (
manageFile(&ofd, &tfn, O_WRONLY|O_CREAT|O_TRUNC, 0))
437 {
const char item[] =
"Lead";
448 {
const char item[] =
"Signature";
463 if (
copyFile(&fd, &sigtarget, &ofd, &tfn))
475 sigtarget =
_free(sigtarget);
499 sigtarget =
_free(sigtarget);
501 if (tmprpm[0] !=
'\0') {
512 static unsigned char zeros[] =
513 { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
514 const char * afmt =
"%{pubkeys:armor}";
515 const char * group =
"Public Keys";
516 const char * license =
"pubkey";
517 const char * buildhost =
"localhost";
522 const char * d =
NULL;
523 const char * enc =
NULL;
524 const char *
n =
NULL;
525 const char *
u =
NULL;
526 const char * v =
NULL;
527 const char * r =
NULL;
528 const char * evr =
NULL;
540 ts->hkp = rpmhkpNew(
NULL, 0);
541 hkp = rpmhkpLink(ts->hkp);
545 if (pkt ==
NULL || pktlen <= 0)
551 if ((enc = b64encode(pkt, pktlen)) ==
NULL)
558 xx =
pgpGrabPkts(hkp->pkt, hkp->pktlen, &hkp->pkts, &hkp->npkts);
561 memcpy(pubp->signid, hkp->keyid,
sizeof(pubp->signid));
563 xx =
pgpPktLen(hkp->pkt, hkp->pktlen, pp);
565 xx = rpmhkpLoadKey(hkp, dig, 0, 0);
587 if (pubp->userid ==
NULL) {
588 if (hkp->uidx >= 0 && hkp->uidx < hkp->npkts) {
589 size_t nb =
pgpPktLen(hkp->pkts[hkp->uidx], hkp->pktlen, pp);
592 t = (
char *) memcpy(
xmalloc(nb + 1), pp->u.u->userid,
nb);
600 _rpmhkpDumpDig(__FUNCTION__, dig);
604 if (!memcmp(pubp->signid, zeros,
sizeof(pubp->signid))
605 || !memcmp(pubp->time, zeros,
sizeof(pubp->time))
606 || pubp->userid ==
NULL)
609 v = t = (
char *)
xmalloc(16+1);
615 n = t = (
char *)
xmalloc(
sizeof(
"gpg()")+8);
618 {
const char * userid =
619 (pubp->userid ? pubp->userid :
pgpHexStr(pubp->signid+4, 4));
620 u = t = (
char *)
xmalloc(
sizeof(
"gpg()")+strlen(userid));
624 evr = t = (
char *)
xmalloc(
sizeof(
"4X:-")+strlen(v)+strlen(r));
625 t =
stpcpy(t, (pubp->version == 4 ?
"4:" :
"3:"));
664 #if defined(SUPPORT_I18NSTRING_TYPE)
665 xx = headerAddI18NString(h, he->
tag, he->
p.
str,
"C");
673 #if defined(SUPPORT_I18NSTRING_TYPE)
674 xx = headerAddI18NString(h, he->
tag, he->
p.
str,
"C");
682 #if defined(SUPPORT_I18NSTRING_TYPE)
683 xx = headerAddI18NString(h, he->
tag, he->
p.
str,
"C");
692 he->
p.
str =
"pubkey";
695 he->
p.
str =
"pubkey";
797 unsigned char * hmagic =
NULL;
802 if (hmagic && nmagic > 0)
841 hkp->pkts =
_free(hkp->pkts);
843 (
void) rpmhkpFree(hkp);
885 while ((fn = *argv++) !=
NULL) {
892 if (fn[0] ==
'0' && fn[1] ==
'x') {
895 for (i = 0, s = fn+2; *s && isxdigit(*s); s++, i++)
897 if (i == 8 || i == 16) {
941 unsigned char buf[4*BUFSIZ];
951 const char item[] =
"Header";
972 dig->pub =
_free(dig->pub);
980 dig->pub =
_free(dig->pub);
988 unsigned char * hmagic =
NULL;
997 _(
"failed to retrieve original header\n"));
1003 if (hmagic && nmagic > 0)
1007 if (hmagic && nmagic > 0)
1017 const char item[] =
"Payload";
1020 _(
"XAR file not found (or no XAR support)"));
1027 while ((count =
Fread(buf,
sizeof(buf[0]),
sizeof(buf), fd)) > 0)
1028 dig->nbytes +=
count;
1029 if (count < 0 ||
Ferror(fd)) {
1052 char buf[8192], *
b;
1053 char missingKeys[7164], *
m;
1054 char untrustedKeys[7164], *
u;
1068 {
const char item[] =
"Lead";
1084 {
const char item[] =
"Signature";
1090 (msg && *msg ? msg :
""));
1108 if (she->
tag == 0 && !nosignatures) {
1114 if (she->
tag == 0 && !nodigests) {
1132 xx = rpmhkpLoadSignature(
NULL, dig, pp);
1153 m = missingKeys; *m =
'\0';
1154 u = untrustedKeys; *u =
'\0';
1180 xx = rpmhkpLoadSignature(
NULL, dig, pp);
1181 if (sigp->version != 3 && sigp->version != 4) {
1183 _(
"skipping package %s with unverifiable V%u signature\n"),
1226 b =
stpcpy(b,
"(SHA1) DSA ");
1229 b =
stpcpy(b,
"?UnknownSignatureType? ");
1250 b =
stpcpy(b,
"(sha1) dsa ");
1272 (missingKeys[0] !=
'\0') ?
_(
" (MISSING KEYS:") :
"",
1274 (missingKeys[0] !=
'\0') ?
_(
") ") :
"",
1275 (untrustedKeys[0] !=
'\0') ?
_(
" (UNTRUSTED KEYS:") :
"",
1277 (untrustedKeys[0] !=
'\0') ?
_(
")") :
"");
1286 (missingKeys[0] !=
'\0') ?
_(
" (MISSING KEYS:") :
"",
1288 (missingKeys[0] !=
'\0') ?
_(
") ") :
"",
1289 (untrustedKeys[0] !=
'\0') ?
_(
" (UNTRUSTED KEYS:") :
"",
1291 (untrustedKeys[0] !=
'\0') ?
_(
")") :
"");
1348 fd =
Fopen(fn,
"r.fdio");
Structure(s)and methods for a XAR archive wrapper format.
static void fdInitDigest(FD_t fd, pgpHashAlgo hashalgo, int _flags)
Attach digest to fd.
int rpmgiRc(rpmgi gi)
Return current iteration item(s) exit code.
int pgpGrabPkts(const rpmuint8_t *pkts, size_t pktlen, rpmuint8_t ***pppkts, int *pnpkts)
Return array of packet pointers.
rpmlog(RPMLOG_ERR,"%s\n", buf)
int pgpPktLen(const rpmuint8_t *pkt, size_t pleft, pgpPkt pp)
rpmRC rpmpkgWrite(const char *fn, FD_t fd, void *ptr, const char **msg)
Write item onto file descriptor.
size_t Fwrite(const void *buf, size_t size, size_t nmemb, FD_t fd)
fwrite(3) clone.
char * xstrdup(const char *str)
FD_t Fopen(const char *path, const char *_fmode)
fopen(3) clone.
rpmgi rpmgiFree(rpmgi gi)
Destroy a generalized iterator.
static int rpmcliImportPubkeys(const rpmts ts, QVA_t qva, const char **argv)
Import public key(s).
static char *size_t nb
fgets(3) analogue that reads \ continuations.
int pgpPubkeyFingerprint(const rpmuint8_t *pkt, size_t pktlen, rpmuint8_t *keyid)
Print/parse an OpenPGP subtype packet.
struct rpmts_s * rpmts
The RPM Transaction Set.
rpmdb rpmtsGetRdb(rpmts ts)
Get transaction set database handle.
int rpmxarNext(rpmxar xar)
Iterate a xar archive instance.
FD_t fdLink(void *cookie, const char *msg)
static rpmRC readFile(FD_t fd, const char *fn)
pgpDig rpmtsDig(rpmts ts)
Get OpenPGP packet parameters, i.e.
int Fflush(FD_t fd)
fflush(3) clone.
rpmiob rpmiobFree(rpmiob iob)
Destroy a I/O buffer instance.
void pgpDigClean(pgpDig dig)
Release (malloc'd) data from container.
rpmRC rpmcliImportPubkey(const rpmts ts, const unsigned char *pkt, ssize_t pktlen)
Import public key packet(s).
int rpmdbAdd(rpmdb db, int iid, Header h, rpmts ts)
Add package header to rpm database and indices.
rpmiob rpmiobAppend(rpmiob iob, const char *s, size_t nl)
Append string to I/O buffer.
rpmuint32_t rpmtsGetTid(rpmts ts)
Get transaction id, i.e.
static int copyFile(FD_t *sfdp, const char **sfnp, FD_t *tfdp, const char **tfnp)
Copy header+payload, calculating digest(s) on the fly.
Command line option information.
unsigned char rpmuint8_t
Private int typedefs to avoid C99 portability issues.
static PyObject *char * mode
sprintf(t," (%u)",(unsigned) dig->nbytes)
pgpArmor pgpReadPkts(const char *fn, rpmuint8_t **pkt, size_t *pktlen)
Parse armored OpenPGP packets from a file.
static int getSignid(Header sigh, rpmSigTag sigtag, unsigned char *signid)
Retrieve signer fingerprint from an OpenPGP signature tag.
pgpDig pgpDigNew(pgpVSFlags vsflags, pgpPubkeyAlgo pubkey_algo)
Create a container for parsed OpenPGP packates.
enum rpmRC_e rpmRC
RPM return codes.
memset(_r, 0, sizeof(*_r))
const char * Fstrerror(FD_t fd)
strerror(3) clone.
assert(key->size==sizeof(hdrNum))
rpmgi rpmgiNew(rpmts ts, int tag, const void *keyp, size_t keylen)
Return a generalized iterator.
int rpmAddSignature(Header sigh, const char *file, rpmSigTag sigTag, const char *passPhrase)
Generate signature(s) from a header+payload file, save in signature header.
static char * pgpHexStr(const rpmuint8_t *p, size_t plen)
Return hex formatted representation of bytes.
int rpmxarPull(rpmxar xar, const char *fn)
fprintf(stderr,"--> %s(%p,%p,%p) sig %p sigp %p\n", __FUNCTION__, dig, t, rsactx, sig, sigp)
FD_t fdFree(FD_t fd, const char *msg)
static rpmxar fdGetXAR(FD_t fd)
int Rename(const char *oldpath, const char *newpath)
rename(2) clone.
enum rpmgiFlags_e rpmgiFlags
enum pgpHashAlgo_e pgpHashAlgo
9.4.
int rpmTempFile(const char *prefix, const char **fnptr, void *fdptr)
Return file handle for a temporaray file.
int rpmDigestUpdate(DIGEST_CTX ctx, const void *data, size_t len)
Update context with next plain text buffer.
pgpDigParams pgpGetSignature(pgpDig dig)
Return OpenPGP signature parameters.
rpmRC rpmgiSetArgs(rpmgi gi, ARGV_t argv, int ftsOpts, rpmgiFlags flags)
Load iterator args.
The FD_t File Handle data structure.
pgpDig pgpDigFree(pgpDig dig)
Destroy a container for parsed OpenPGP packates.
Generate and verify rpm package signatures.
DIGEST_CTX rpmDigestInit(pgpHashAlgo hashalgo, rpmDigestFlags flags)
Initialize digest.
char * rpmExpand(const char *arg,...)
Return (malloc'ed) concatenated macro expansion(s).
static void fdSetDig(FD_t fd, pgpDig dig)
int rpmtsOpenDB(rpmts ts, int dbmode)
Open the database used by the transaction.
size_t Fread(void *buf, size_t size, size_t nmemb, FD_t fd)
fread(3) clone.
int Fclose(FD_t fd)
fclose(3) clone.
rpmiob rpmiobNew(size_t len)
Create an I/O buffer.
int Ferror(FD_t fd)
ferror(3) clone.
void rpmtsClean(rpmts ts)
Free memory needed only for dependency checks and ordering.
Methods to handle package elements.
static void fdStealDigest(FD_t fd, pgpDig dig)
char * stpcpy(char *dest, const char *src)
Structures and prototypes used for an "rpmts" transaction set.
struct pgpDigParams_s * pgpDigParams
rpmRC rpmgiNext(rpmgi gi)
Perform next iteration step.
int rpmcliSign(rpmts ts, QVA_t qva, const char **argv)
Create/Modify/Check elements from signature header.
static void
Print copy of spec file, filling in Group/Description/Summary from specspo.
int pgpSetSig(pgpDig dig, rpmuint32_t sigtag, rpmuint32_t sigtype, const void *sig, rpmuint32_t siglen)
Set signature tag info, i.e.
char * buf
Parse (and execute) macro undefinition.
static int rpmReSign(rpmts ts, QVA_t qva, const char **argv)
Create/modify elements in signature header.
static PyObject *unsigned char * pkt
const char * rpmgiHdrPath(rpmgi gi)
Return current header path.
int
Save source and expand field into target.
void rpmDigestFinal(rpmDigestDup(md5ctx),&md5sum,&md5len, 0)
rpmRC rpmpkgRead(const char *fn, FD_t fd, void *ptr, const char **msg)
Read item from file descriptor.
Access RPM indices using Berkeley DB interface(s).
static int manageFile(FD_t *fdp, const char **fnp, int flags, int rc)
static void * _free(const void *p)
Wrapper to free(3), hides const compilation noise, permit NULL, return NULL.
pgpArmor pgpArmorUnwrap(rpmiob iob, rpmuint8_t **pkt, size_t *pktlen)
Parse armored OpenPGP packets from an iob.
static pgpDig fdGetDig(FD_t fd)
rpmRC rpmVerifySignature(void *_dig, char *result)
Verify a signature from a package.
struct rpmgi_s * rpmgi
Generalized iterator.
pgpDigParams pgpGetPubkey(pgpDig dig)
Return OpenPGP pubkey parameters.
int rpmVerifySignatures(QVA_t qva, rpmts ts, void *_fd, const char *fn)
Check package and header signatures.
int Unlink(const char *path)
unlink(2) clone.
void rpmtsCleanDig(rpmts ts)
Free signature verification data.