Rename and move matchingKeys to cliMatchPubkeys

Make it part of the cli API. Use an rpmts as a main argument to hide the rpmKeyring from the user Move userdata to the end of the signature Add a check for arguments being valid hex now that we have access to rpmIsValidHex.
rpm-software-management · Oct 14, 2024 · 9291345 · 9291345
1 parent dc07253
commit 9291345
Show file tree

Hide file tree

Showing 3 changed files with 70 additions and 60 deletions.
diff --git a/include/rpm/rpmcli.h b/include/rpm/rpmcli.h
@@ -419,6 +419,15 @@ int rpmcliImportPubkeys(rpmts ts, ARGV_const_t argv);
  */
 int rpmcliVerifySignatures(rpmts ts, ARGV_const_t argv);
 
+/** \ingroup rpmcli
+ * @param ts		transaction set
+ * @param args		array of package key fingerprint arguments (NULL terminated)
+ * @param callback	function to be call for every matching public key
+ * @param userdata	pointer to be passed to the callback
+ * @return		0 if all were found 1 otherwise
+ */
+int cliMatchPubkeys(rpmts ts, ARGV_const_t args, int callback(rpmPubkey, void*), void * userdata);
+
 #ifdef __cplusplus
 }
 #endif

diff --git a/lib/rpmchecksig.cc b/lib/rpmchecksig.cc
@@ -21,6 +21,7 @@
 #include "rpmlead.hh"
 #include "header_internal.hh"
 #include "rpmvs.hh"
+#include "misc.hh"
 
 #include "debug.h"
 
@@ -290,3 +291,61 @@ int rpmcliVerifySignatures(rpmts ts, ARGV_const_t argv)
     rpmKeyringFree(keyring);
     return res;
 }
+
+int cliMatchPubkeys(rpmts ts, ARGV_const_t args, int callback(rpmPubkey, void*), void * userdata)
+{
+    int ec = EXIT_SUCCESS;
+    rpmKeyring keyring = rpmtsGetKeyring(ts, 1);
+    if (args) {
+	for (char * const * arg = args; *arg; arg++) {
+	    int found = false;
+	    size_t klen = strlen(*arg);
+
+	    /* Allow short keyid while we're transitioning */
+	    if ((klen != 40 && klen != 16 && klen != 8) ||
+		!rpmIsValidHex(*arg, klen)) {
+		rpmlog(RPMLOG_ERR, ("invalid key id: %s\n"), *arg);
+		ec = EXIT_FAILURE;
+		continue;
+	    }
+
+	    auto iter = rpmKeyringInitIterator(keyring, 0);
+	    rpmPubkey key = NULL;
+	    while ((key = rpmKeyringIteratorNext(iter))) {
+		char * fp = rpmPubkeyFingerprintAsHex(key);
+		char * keyid = rpmPubkeyKeyIDAsHex(key);
+		if (!strcmp(*arg, fp) || !strcmp(*arg, keyid) ||
+		    !strcmp(*arg, keyid+8)) {
+		    found = true;
+		}
+		free(fp);
+		free(keyid);
+		if (found)
+		    break;
+	    }
+	    rpmKeyringIteratorFree(iter);
+	    if (found) {
+		callback(key, userdata);
+	    } else {
+		rpmlog(RPMLOG_ERR, ("key not found: %s\n"), *arg);
+		ec = EXIT_FAILURE;
+	    }
+	}
+    } else {
+	int found = false;
+	auto iter = rpmKeyringInitIterator(keyring, 0);
+	rpmPubkey key = NULL;
+	while ((key = rpmKeyringIteratorNext(iter))) {
+	    found = true;
+	    callback(key, userdata);
+	}
+	rpmKeyringIteratorFree(iter);
+	if (!found) {
+	    rpmlog(RPMLOG_NOTICE, "No keys installed\n");
+	    ec = EXIT_FAILURE;
+	}
+    }
+
+    rpmKeyringFree(keyring);
+    return ec;
+}
diff --git a/tools/rpmkeys.cc b/tools/rpmkeys.cc
@@ -3,7 +3,6 @@
 #include <popt.h>
 #include <rpm/rpmcli.h>
 #include <rpm/rpmstring.h>
-#include <rpm/rpmkeyring.h>
 #include <rpm/rpmlog.h>
 
 #include "cliutils.hh"
@@ -44,60 +43,6 @@ static struct poptOption optionsTable[] = {
     POPT_TABLEEND
 };
 
-static int matchingKeys(rpmKeyring keyring, ARGV_const_t args, void * userdata, int callback(rpmPubkey, void*))
-{
-    int ec = EXIT_SUCCESS;
-    if (args) {
-	for (char * const * arg = args; *arg; arg++) {
-	    int found = false;
-	    size_t klen = strlen(*arg);
-
-	    /* Allow short keyid while we're transitioning */
-	    if (klen != 40 && klen != 16 && klen != 8) {
-		rpmlog(RPMLOG_ERR, ("invalid key id: %s\n"), *arg);
-		ec = EXIT_FAILURE;
-		continue;
-	    }
-
-	    auto iter = rpmKeyringInitIterator(keyring, 0);
-	    rpmPubkey key = NULL;
-	    while ((key = rpmKeyringIteratorNext(iter))) {
-		char * fp = rpmPubkeyFingerprintAsHex(key);
-		char * keyid = rpmPubkeyKeyIDAsHex(key);
-		if (!strcmp(*arg, fp) || !strcmp(*arg, keyid) ||
-		    !strcmp(*arg, keyid+8)) {
-		    found = true;
-		}
-		free(fp);
-		free(keyid);
-		if (found)
-		    break;
-	    }
-	    rpmKeyringIteratorFree(iter);
-	    if (found) {
-		callback(key, userdata);
-	    } else {
-		rpmlog(RPMLOG_ERR, ("key not found: %s\n"), *arg);
-		ec = EXIT_FAILURE;
-	    }
-	}
-    } else {
-	int found = false;
-	auto iter = rpmKeyringInitIterator(keyring, 0);
-	rpmPubkey key = NULL;
-	while ((key = rpmKeyringIteratorNext(iter))) {
-	    found = true;
-	    callback(key, userdata);
-	}
-	rpmKeyringIteratorFree(iter);
-	if (!found) {
-	    rpmlog(RPMLOG_NOTICE, "No keys installed\n");
-	    ec = EXIT_FAILURE;
-	}
-    }
-    return ec;
-}
-
 static int printKey(rpmPubkey key, void * data)
 {
     char * fp = rpmPubkeyFingerprintAsHex(key);
@@ -120,7 +65,6 @@ int main(int argc, char *argv[])
     poptContext optCon = NULL;
     rpmts ts = NULL;
     ARGV_const_t args = NULL;
-    rpmKeyring keyring = NULL;
 
     optCon = rpmcliInit(argc, argv, optionsTable);
 
@@ -136,7 +80,6 @@ int main(int argc, char *argv[])
 
     ts = rpmtsCreate();
     rpmtsSetRootDir(ts, rpmcliRootDir);
-    keyring = rpmtsGetKeyring(ts, 1);
 
     switch (mode) {
     case MODE_CHECKSIG:
@@ -151,22 +94,21 @@ int main(int argc, char *argv[])
     {
 	rpmtxn txn = rpmtxnBegin(ts, RPMTXN_WRITE);
 	if (txn) {
-	    ec = matchingKeys(keyring, args, txn, deleteKey);
+	    ec = cliMatchPubkeys(ts, args, deleteKey, txn);
 	    rpmtxnEnd(txn);
 	}
 	break;
     }
     case MODE_LISTKEY:
     {
-	ec = matchingKeys(keyring, args, NULL, printKey);
+	ec = cliMatchPubkeys(ts, args, printKey, NULL);
 	break;
     }
     default:
 	argerror(_("only one major mode may be specified"));
     }
 
 exit:
-    rpmKeyringFree(keyring);
     rpmtsFree(ts);
     rpmcliFini(optCon);
     fflush(stderr);