|
Packit Service |
ff689b |
#include <stdio.h>
|
|
Packit Service |
ff689b |
#include <stdlib.h>
|
|
Packit Service |
ff689b |
#include <unistd.h>
|
|
Packit Service |
ff689b |
#include <fcntl.h>
|
|
Packit Service |
ff689b |
|
|
Packit Service |
ff689b |
#include "pool.h"
|
|
Packit Service |
ff689b |
#include "repo.h"
|
|
Packit Service |
ff689b |
#ifdef ENABLE_PUBKEY
|
|
Packit Service |
ff689b |
#include "repo_pubkey.h"
|
|
Packit Service |
ff689b |
#endif
|
|
Packit Service |
ff689b |
|
|
Packit Service |
ff689b |
#include "checksig.h"
|
|
Packit Service |
ff689b |
|
|
Packit Service |
ff689b |
#ifndef DEBIAN
|
|
Packit Service |
ff689b |
|
|
Packit Service |
ff689b |
static void
|
|
Packit Service |
ff689b |
cleanupgpg(char *gpgdir)
|
|
Packit Service |
ff689b |
{
|
|
Packit Service |
ff689b |
char cmd[256];
|
|
Packit Service |
ff689b |
snprintf(cmd, sizeof(cmd), "%s/pubring.gpg", gpgdir);
|
|
Packit Service |
ff689b |
unlink(cmd);
|
|
Packit Service |
ff689b |
snprintf(cmd, sizeof(cmd), "%s/pubring.gpg~", gpgdir);
|
|
Packit Service |
ff689b |
unlink(cmd);
|
|
Packit Service |
ff689b |
snprintf(cmd, sizeof(cmd), "%s/secring.gpg", gpgdir);
|
|
Packit Service |
ff689b |
unlink(cmd);
|
|
Packit Service |
ff689b |
snprintf(cmd, sizeof(cmd), "%s/trustdb.gpg", gpgdir);
|
|
Packit Service |
ff689b |
unlink(cmd);
|
|
Packit Service |
ff689b |
snprintf(cmd, sizeof(cmd), "%s/keys", gpgdir);
|
|
Packit Service |
ff689b |
unlink(cmd);
|
|
Packit Service |
ff689b |
snprintf(cmd, sizeof(cmd), "%s/pubring.kbx", gpgdir);
|
|
Packit Service |
ff689b |
unlink(cmd);
|
|
Packit Service |
ff689b |
snprintf(cmd, sizeof(cmd), "%s/pubring.kbx~", gpgdir);
|
|
Packit Service |
ff689b |
unlink(cmd);
|
|
Packit Service |
ff689b |
snprintf(cmd, sizeof(cmd), "%s/private-keys-v1.d", gpgdir);
|
|
Packit Service |
ff689b |
rmdir(cmd);
|
|
Packit Service |
ff689b |
rmdir(gpgdir);
|
|
Packit Service |
ff689b |
}
|
|
Packit Service |
ff689b |
|
|
Packit Service |
ff689b |
int
|
|
Packit Service |
ff689b |
checksig(Pool *sigpool, FILE *fp, FILE *sigfp)
|
|
Packit Service |
ff689b |
{
|
|
Packit Service |
ff689b |
char *gpgdir;
|
|
Packit Service |
ff689b |
char *keysfile;
|
|
Packit Service |
ff689b |
const char *pubkey, *pubring;
|
|
Packit Service |
ff689b |
char cmd[256];
|
|
Packit Service |
ff689b |
FILE *kfp;
|
|
Packit Service |
ff689b |
Solvable *s;
|
|
Packit Service |
ff689b |
Id p;
|
|
Packit Service |
ff689b |
off_t posfp, possigfp;
|
|
Packit Service |
ff689b |
int r, nkeys;
|
|
Packit Service |
ff689b |
|
|
Packit Service |
ff689b |
gpgdir = mkdtemp(pool_tmpjoin(sigpool, "/var/tmp/solvgpg.XXXXXX", 0, 0));
|
|
Packit Service |
ff689b |
if (!gpgdir)
|
|
Packit Service |
ff689b |
return 0;
|
|
Packit Service |
ff689b |
keysfile = pool_tmpjoin(sigpool, gpgdir, "/keys", 0);
|
|
Packit Service |
ff689b |
if (!(kfp = fopen(keysfile, "w")) )
|
|
Packit Service |
ff689b |
{
|
|
Packit Service |
ff689b |
cleanupgpg(gpgdir);
|
|
Packit Service |
ff689b |
return 0;
|
|
Packit Service |
ff689b |
}
|
|
Packit Service |
ff689b |
nkeys = 0;
|
|
Packit Service |
ff689b |
for (p = 1, s = sigpool->solvables + p; p < sigpool->nsolvables; p++, s++)
|
|
Packit Service |
ff689b |
{
|
|
Packit Service |
ff689b |
if (!s->repo)
|
|
Packit Service |
ff689b |
continue;
|
|
Packit Service |
ff689b |
pubkey = solvable_lookup_str(s, SOLVABLE_DESCRIPTION);
|
|
Packit Service |
ff689b |
if (!pubkey || !*pubkey)
|
|
Packit Service |
ff689b |
continue;
|
|
Packit Service |
ff689b |
if (fwrite(pubkey, strlen(pubkey), 1, kfp) != 1)
|
|
Packit Service |
ff689b |
break;
|
|
Packit Service |
ff689b |
if (fputc('\n', kfp) == EOF) /* Just in case... */
|
|
Packit Service |
ff689b |
break;
|
|
Packit Service |
ff689b |
nkeys++;
|
|
Packit Service |
ff689b |
}
|
|
Packit Service |
ff689b |
if (fclose(kfp) || !nkeys || p < sigpool->nsolvables)
|
|
Packit Service |
ff689b |
{
|
|
Packit Service |
ff689b |
cleanupgpg(gpgdir);
|
|
Packit Service |
ff689b |
return 0;
|
|
Packit Service |
ff689b |
}
|
|
Packit Service |
ff689b |
snprintf(cmd, sizeof(cmd), "gpg2 -q --homedir %s --import %s", gpgdir, keysfile);
|
|
Packit Service |
ff689b |
if (system(cmd))
|
|
Packit Service |
ff689b |
{
|
|
Packit Service |
ff689b |
fprintf(stderr, "key import error\n");
|
|
Packit Service |
ff689b |
cleanupgpg(gpgdir);
|
|
Packit Service |
ff689b |
return 0;
|
|
Packit Service |
ff689b |
}
|
|
Packit Service |
ff689b |
unlink(keysfile);
|
|
Packit Service |
ff689b |
posfp = lseek(fileno(fp), 0, SEEK_CUR);
|
|
Packit Service |
ff689b |
lseek(fileno(fp), 0, SEEK_SET);
|
|
Packit Service |
ff689b |
possigfp = lseek(fileno(sigfp), 0, SEEK_CUR);
|
|
Packit Service |
ff689b |
lseek(fileno(sigfp), 0, SEEK_SET);
|
|
Packit Service |
ff689b |
snprintf(cmd, sizeof(cmd), "%s/pubring.kbx", gpgdir);
|
|
Packit Service |
ff689b |
pubring = access(cmd, R_OK) == 0 ? "pubring.kbx" : "pubring.gpg";
|
|
Packit Service |
ff689b |
snprintf(cmd, sizeof(cmd), "gpgv -q --homedir %s --keyring %s/%s /dev/fd/%d /dev/fd/%d >/dev/null 2>&1", gpgdir, gpgdir, pubring, fileno(sigfp), fileno(fp));
|
|
Packit Service |
ff689b |
fcntl(fileno(fp), F_SETFD, 0); /* clear CLOEXEC */
|
|
Packit Service |
ff689b |
fcntl(fileno(sigfp), F_SETFD, 0); /* clear CLOEXEC */
|
|
Packit Service |
ff689b |
r = system(cmd);
|
|
Packit Service |
ff689b |
lseek(fileno(sigfp), possigfp, SEEK_SET);
|
|
Packit Service |
ff689b |
lseek(fileno(fp), posfp, SEEK_SET);
|
|
Packit Service |
ff689b |
fcntl(fileno(fp), F_SETFD, FD_CLOEXEC);
|
|
Packit Service |
ff689b |
fcntl(fileno(sigfp), F_SETFD, FD_CLOEXEC);
|
|
Packit Service |
ff689b |
cleanupgpg(gpgdir);
|
|
Packit Service |
ff689b |
return r == 0 ? 1 : 0;
|
|
Packit Service |
ff689b |
}
|
|
Packit Service |
ff689b |
|
|
Packit Service |
ff689b |
#else
|
|
Packit Service |
ff689b |
|
|
Packit Service |
ff689b |
int
|
|
Packit Service |
ff689b |
checksig(Pool *sigpool, FILE *fp, FILE *sigfp)
|
|
Packit Service |
ff689b |
{
|
|
Packit Service |
ff689b |
char cmd[256];
|
|
Packit Service |
ff689b |
int r;
|
|
Packit Service |
ff689b |
|
|
Packit Service |
ff689b |
snprintf(cmd, sizeof(cmd), "gpgv -q --keyring /etc/apt/trusted.gpg /dev/fd/%d /dev/fd/%d >/dev/null 2>&1", fileno(sigfp), fileno(fp));
|
|
Packit Service |
ff689b |
fcntl(fileno(fp), F_SETFD, 0); /* clear CLOEXEC */
|
|
Packit Service |
ff689b |
fcntl(fileno(sigfp), F_SETFD, 0); /* clear CLOEXEC */
|
|
Packit Service |
ff689b |
r = system(cmd);
|
|
Packit Service |
ff689b |
fcntl(fileno(fp), F_SETFD, FD_CLOEXEC);
|
|
Packit Service |
ff689b |
fcntl(fileno(sigfp), F_SETFD, FD_CLOEXEC);
|
|
Packit Service |
ff689b |
return r == 0 ? 1 : 0;
|
|
Packit Service |
ff689b |
}
|
|
Packit Service |
ff689b |
|
|
Packit Service |
ff689b |
#endif
|
|
Packit Service |
ff689b |
|
|
Packit Service |
ff689b |
Pool *
|
|
Packit Service |
ff689b |
read_sigs()
|
|
Packit Service |
ff689b |
{
|
|
Packit Service |
ff689b |
Pool *sigpool = pool_create();
|
|
Packit Service |
ff689b |
#if defined(ENABLE_PUBKEY) && defined(ENABLE_RPMDB)
|
|
Packit Service |
ff689b |
Repo *repo = repo_create(sigpool, "pubkeys");
|
|
Packit Service |
ff689b |
repo_add_rpmdb_pubkeys(repo, 0);
|
|
Packit Service |
ff689b |
#endif
|
|
Packit Service |
ff689b |
return sigpool;
|
|
Packit Service |
ff689b |
}
|