From 9291345c0a70aba1c96283799f4660cea537759c Mon Sep 17 00:00:00 2001 From: Florian Festi Date: Mon, 14 Oct 2024 12:57:08 +0200 Subject: [PATCH] Rename and move matchingKeys to cliMatchPubkeys Make it part of the cli API. Use an rpmts as a main argument to hide the rpmKeyring from the user Move userdata to the end of the signature Add a check for arguments being valid hex now that we have access to rpmIsValidHex. --- include/rpm/rpmcli.h | 9 +++++++ lib/rpmchecksig.cc | 59 +++++++++++++++++++++++++++++++++++++++++ tools/rpmkeys.cc | 62 ++------------------------------------------ 3 files changed, 70 insertions(+), 60 deletions(-) diff --git a/include/rpm/rpmcli.h b/include/rpm/rpmcli.h index d9bb78af01..c5f2eea4d4 100644 --- a/include/rpm/rpmcli.h +++ b/include/rpm/rpmcli.h @@ -419,6 +419,15 @@ int rpmcliImportPubkeys(rpmts ts, ARGV_const_t argv); */ int rpmcliVerifySignatures(rpmts ts, ARGV_const_t argv); +/** \ingroup rpmcli + * @param ts transaction set + * @param args array of package key fingerprint arguments (NULL terminated) + * @param callback function to be call for every matching public key + * @param userdata pointer to be passed to the callback + * @return 0 if all were found 1 otherwise + */ +int cliMatchPubkeys(rpmts ts, ARGV_const_t args, int callback(rpmPubkey, void*), void * userdata); + #ifdef __cplusplus } #endif diff --git a/lib/rpmchecksig.cc b/lib/rpmchecksig.cc index c85a12e621..400ab5de48 100644 --- a/lib/rpmchecksig.cc +++ b/lib/rpmchecksig.cc @@ -21,6 +21,7 @@ #include "rpmlead.hh" #include "header_internal.hh" #include "rpmvs.hh" +#include "misc.hh" #include "debug.h" @@ -290,3 +291,61 @@ int rpmcliVerifySignatures(rpmts ts, ARGV_const_t argv) rpmKeyringFree(keyring); return res; } + +int cliMatchPubkeys(rpmts ts, ARGV_const_t args, int callback(rpmPubkey, void*), void * userdata) +{ + int ec = EXIT_SUCCESS; + rpmKeyring keyring = rpmtsGetKeyring(ts, 1); + if (args) { + for (char * const * arg = args; *arg; arg++) { + int found = false; + size_t klen = strlen(*arg); + + /* Allow short keyid while we're transitioning */ + if ((klen != 40 && klen != 16 && klen != 8) || + !rpmIsValidHex(*arg, klen)) { + rpmlog(RPMLOG_ERR, ("invalid key id: %s\n"), *arg); + ec = EXIT_FAILURE; + continue; + } + + auto iter = rpmKeyringInitIterator(keyring, 0); + rpmPubkey key = NULL; + while ((key = rpmKeyringIteratorNext(iter))) { + char * fp = rpmPubkeyFingerprintAsHex(key); + char * keyid = rpmPubkeyKeyIDAsHex(key); + if (!strcmp(*arg, fp) || !strcmp(*arg, keyid) || + !strcmp(*arg, keyid+8)) { + found = true; + } + free(fp); + free(keyid); + if (found) + break; + } + rpmKeyringIteratorFree(iter); + if (found) { + callback(key, userdata); + } else { + rpmlog(RPMLOG_ERR, ("key not found: %s\n"), *arg); + ec = EXIT_FAILURE; + } + } + } else { + int found = false; + auto iter = rpmKeyringInitIterator(keyring, 0); + rpmPubkey key = NULL; + while ((key = rpmKeyringIteratorNext(iter))) { + found = true; + callback(key, userdata); + } + rpmKeyringIteratorFree(iter); + if (!found) { + rpmlog(RPMLOG_NOTICE, "No keys installed\n"); + ec = EXIT_FAILURE; + } + } + + rpmKeyringFree(keyring); + return ec; +} diff --git a/tools/rpmkeys.cc b/tools/rpmkeys.cc index 488f5ca545..00d1424dce 100644 --- a/tools/rpmkeys.cc +++ b/tools/rpmkeys.cc @@ -3,7 +3,6 @@ #include #include #include -#include #include #include "cliutils.hh" @@ -44,60 +43,6 @@ static struct poptOption optionsTable[] = { POPT_TABLEEND }; -static int matchingKeys(rpmKeyring keyring, ARGV_const_t args, void * userdata, int callback(rpmPubkey, void*)) -{ - int ec = EXIT_SUCCESS; - if (args) { - for (char * const * arg = args; *arg; arg++) { - int found = false; - size_t klen = strlen(*arg); - - /* Allow short keyid while we're transitioning */ - if (klen != 40 && klen != 16 && klen != 8) { - rpmlog(RPMLOG_ERR, ("invalid key id: %s\n"), *arg); - ec = EXIT_FAILURE; - continue; - } - - auto iter = rpmKeyringInitIterator(keyring, 0); - rpmPubkey key = NULL; - while ((key = rpmKeyringIteratorNext(iter))) { - char * fp = rpmPubkeyFingerprintAsHex(key); - char * keyid = rpmPubkeyKeyIDAsHex(key); - if (!strcmp(*arg, fp) || !strcmp(*arg, keyid) || - !strcmp(*arg, keyid+8)) { - found = true; - } - free(fp); - free(keyid); - if (found) - break; - } - rpmKeyringIteratorFree(iter); - if (found) { - callback(key, userdata); - } else { - rpmlog(RPMLOG_ERR, ("key not found: %s\n"), *arg); - ec = EXIT_FAILURE; - } - } - } else { - int found = false; - auto iter = rpmKeyringInitIterator(keyring, 0); - rpmPubkey key = NULL; - while ((key = rpmKeyringIteratorNext(iter))) { - found = true; - callback(key, userdata); - } - rpmKeyringIteratorFree(iter); - if (!found) { - rpmlog(RPMLOG_NOTICE, "No keys installed\n"); - ec = EXIT_FAILURE; - } - } - return ec; -} - static int printKey(rpmPubkey key, void * data) { char * fp = rpmPubkeyFingerprintAsHex(key); @@ -120,7 +65,6 @@ int main(int argc, char *argv[]) poptContext optCon = NULL; rpmts ts = NULL; ARGV_const_t args = NULL; - rpmKeyring keyring = NULL; optCon = rpmcliInit(argc, argv, optionsTable); @@ -136,7 +80,6 @@ int main(int argc, char *argv[]) ts = rpmtsCreate(); rpmtsSetRootDir(ts, rpmcliRootDir); - keyring = rpmtsGetKeyring(ts, 1); switch (mode) { case MODE_CHECKSIG: @@ -151,14 +94,14 @@ int main(int argc, char *argv[]) { rpmtxn txn = rpmtxnBegin(ts, RPMTXN_WRITE); if (txn) { - ec = matchingKeys(keyring, args, txn, deleteKey); + ec = cliMatchPubkeys(ts, args, deleteKey, txn); rpmtxnEnd(txn); } break; } case MODE_LISTKEY: { - ec = matchingKeys(keyring, args, NULL, printKey); + ec = cliMatchPubkeys(ts, args, printKey, NULL); break; } default: @@ -166,7 +109,6 @@ int main(int argc, char *argv[]) } exit: - rpmKeyringFree(keyring); rpmtsFree(ts); rpmcliFini(optCon); fflush(stderr);