diff options
| author | jbj <devnull@localhost> | 1999-09-10 23:48:56 +0000 |
|---|---|---|
| committer | jbj <devnull@localhost> | 1999-09-10 23:48:56 +0000 |
| commit | 70a0eb1d9ba1e60e10a995604a3fa259945e06c2 (patch) | |
| tree | 05cad952222b5e7b980973c499fce90ceb096f78 | |
| parent | f293b8e06f1d721587c9a7f1de3184f8fc8fddf7 (diff) | |
| download | rpm-70a0eb1d9ba1e60e10a995604a3fa259945e06c2.tar.gz rpm-70a0eb1d9ba1e60e10a995604a3fa259945e06c2.tar.bz2 rpm-70a0eb1d9ba1e60e10a995604a3fa259945e06c2.zip | |
pgp and pgp5 have compatible RSA signature (#4780).
CVS patchset: 3276
CVS date: 1999/09/10 23:48:56
| -rw-r--r-- | CHANGES | 1 | ||||
| -rw-r--r-- | build/pack.c | 3 | ||||
| -rw-r--r-- | lib/depends.h | 6 | ||||
| -rw-r--r-- | lib/rpmchecksig.c | 412 | ||||
| -rw-r--r-- | lib/rpmlib.h | 23 | ||||
| -rw-r--r-- | lib/signature.c | 227 | ||||
| -rw-r--r-- | lib/signature.h | 7 | ||||
| -rw-r--r-- | po/rpm.pot | 207 | ||||
| -rwxr-xr-x | rpm.c | 43 |
9 files changed, 505 insertions, 424 deletions
@@ -45,6 +45,7 @@ - link libbz2.a statically to avoid rpm->bzip2 dependence for now. - Tru64: avoid find-requires variable size limit (Tim Mooney). - Solaris: use getpassphrase rather than getpass if available. + - pgp and pgp5 have compatible RSA signature (#4780). 3.0.1 -> 3.0.2 - eliminate armv4 entries from rpmrc (Andrew E. Mileski). diff --git a/build/pack.c b/build/pack.c index b305ae36c..80e926370 100644 --- a/build/pack.c +++ b/build/pack.c @@ -321,12 +321,11 @@ int writeRPM(Header h, const char *fileName, int type, } /* Generate the signature */ - sigtype = rpmLookupSignatureType(RPMLOOKUPSIG_QUERY); fflush(stdout); sig = rpmNewSignature(); rpmAddSignature(sig, sigtarget, RPMSIGTAG_SIZE, passPhrase); rpmAddSignature(sig, sigtarget, RPMSIGTAG_MD5, passPhrase); - if (sigtype > 0) { + if ((sigtype = rpmLookupSignatureType(RPMLOOKUPSIG_QUERY)) > 0) { rpmMessage(RPMMESS_NORMAL, _("Generating signature: %d\n"), sigtype); rpmAddSignature(sig, sigtarget, sigtype, passPhrase); } diff --git a/lib/depends.h b/lib/depends.h index 269d543c7..9f9cf303f 100644 --- a/lib/depends.h +++ b/lib/depends.h @@ -5,8 +5,10 @@ struct availablePackage { Header h; - char ** provides; - char ** files; + const char ** provides; + const char ** providesEVR; /* unused */ + int * providesFlags; /* unused */ + const char ** files; const char * name, * version, * release; int epoch, hasEpoch, providesCount, filesCount; const void * key; diff --git a/lib/rpmchecksig.c b/lib/rpmchecksig.c index ce1d8905f..fb3b99436 100644 --- a/lib/rpmchecksig.c +++ b/lib/rpmchecksig.c @@ -2,157 +2,226 @@ #include "system.h" -#ifdef DYING -#include "build/rpmbuild.h" -#endif #include <rpmlib.h> #include "rpmlead.h" #include "signature.h" #include "misc.h" /* XXX for makeTempFile() */ +static int manageFile(FD_t *fdp, const char **fnp, int flags, int rc) +{ + const char *fn; + FD_t fd; + + if (fdp == NULL) { /* programmer error */ + return 1; + } + + /* close and reset *fdp to NULL */ + if (*fdp && (fnp == NULL || *fnp == NULL)) { + fdClose(*fdp); + *fdp = NULL; + return 0; + } + + /* open a file and set *fdp */ + if (*fdp == NULL && fnp && *fnp) { + mode_t mode = (flags & O_CREAT) ? 0644 : 0; + if (fdFileno(fd = fdOpen(*fnp, flags, mode)) < 0) { + fprintf(stderr, _("%s: fdOpen failed: %s\n"), *fnp, + strerror(errno)); + return 1; + } + *fdp = fd; + return 0; + } + + /* open a temp file */ + if (*fdp == NULL && (fnp == NULL || *fnp == NULL)) { + if (makeTempFile(NULL, (fnp ? &fn : NULL), &fd)) { + fprintf(stderr, _("%s: makeTempFile failed\n")); + return 1; + } + if (fnp) + *fnp = fn; + *fdp = fd; + return 0; + } + + /* no operation */ + if (*fdp && fnp && *fnp) { + return 0; + } + + /* XXX never reached */ + return 1; +} + +static int copyFile(FD_t *sfdp, const char **sfnp, + FD_t *tfdp, const char **tfnp) +{ + unsigned char buffer[8192]; + ssize_t count; + int rc = 1; + + if (manageFile(sfdp, sfnp, O_RDONLY, 0)) + goto exit; + if (manageFile(tfdp, tfnp, O_WRONLY|O_CREAT|O_TRUNC, 0)) + goto exit; + + while ((count = fdRead(*sfdp, buffer, sizeof(buffer))) > 0) { + if (fdWrite(*tfdp, buffer, count) < 0) { + fprintf(stderr, _("%s: fdWrite failed: %s\n"), *tfnp, + strerror(errno)); + goto exit; + } + } + if (count < 0) { + fprintf(stderr, _("%s: fdRead failed: %s\n"), *sfnp, strerror(errno)); + goto exit; + } + + rc = 0; + +exit: + if (*sfdp) manageFile(sfdp, NULL, 0, rc); + if (*tfdp) manageFile(tfdp, NULL, 0, rc); + return rc; +} + int rpmReSign(int add, char *passPhrase, const char **argv) { - FD_t fd, ofd; - int count; + FD_t fd = NULL; + FD_t ofd = NULL; struct rpmlead lead; unsigned short sigtype; - const char *rpm; - const char *sigtarget; - char tmprpm[1024]; - unsigned char buffer[8192]; - Header sig; + const char *rpm, *trpm; + const char *sigtarget = NULL; + char tmprpm[1024+1]; + Header sig = NULL; + int rc = EXIT_FAILURE; - while (*argv) { - rpm = *argv++; + tmprpm[0] = '\0'; + while ((rpm = *argv++) != NULL) { + fprintf(stdout, "%s:\n", rpm); - if (fdFileno(fd = fdOpen(rpm, O_RDONLY, 0644)) < 0) { - fprintf(stderr, _("%s: Open failed\n"), rpm); - exit(EXIT_FAILURE); - } + + if (manageFile(&fd, &rpm, O_RDONLY, 0)) + goto exit; + if (readLead(fd, &lead)) { fprintf(stderr, _("%s: readLead failed\n"), rpm); - exit(EXIT_FAILURE); + goto exit; } - if (lead.major == 1) { + switch (lead.major) { + case 1: fprintf(stderr, _("%s: Can't sign v1.0 RPM\n"), rpm); - exit(EXIT_FAILURE); - } - if (lead.major == 2) { + goto exit; + break; + case 2: fprintf(stderr, _("%s: Can't re-sign v2.0 RPM\n"), rpm); - exit(EXIT_FAILURE); + goto exit; + break; + default: + break; } + if (rpmReadSignature(fd, &sig, lead.signature_type)) { fprintf(stderr, _("%s: rpmReadSignature failed\n"), rpm); - exit(EXIT_FAILURE); + goto exit; + } + if (sig == NULL) { + fprintf(stderr, _("%s: No signature available\n"), rpm); + goto exit; } + + /* Write the header and archive to a temp file */ + /* ASSERT: ofd == NULL && sigtarget == NULL */ + if (copyFile(&fd, &rpm, &ofd, &sigtarget)) + goto exit; + /* Both fd and ofd are now closed. sigtarget contains tempfile name. */ + /* ASSERT: fd == NULL && ofd == NULL */ + + /* Generate the new signatures */ if (add != ADD_SIGNATURE) { rpmFreeSignature(sig); + sig = rpmNewSignature(); + rpmAddSignature(sig, sigtarget, RPMSIGTAG_SIZE, passPhrase); + rpmAddSignature(sig, sigtarget, RPMSIGTAG_MD5, passPhrase); } - /* Write the rest to a temp file */ - if (makeTempFile(NULL, &sigtarget, &ofd)) - exit(EXIT_FAILURE); - - while ((count = fdRead(fd, buffer, sizeof(buffer))) > 0) { - if (count == -1) { - perror(_("Couldn't read the header/archive")); - fdClose(ofd); - unlink(sigtarget); - xfree(sigtarget); - exit(EXIT_FAILURE); - } - if (fdWrite(ofd, buffer, count) < 0) { - perror(_("Couldn't write header/archive to temp file")); - fdClose(ofd); - unlink(sigtarget); - xfree(sigtarget); - exit(EXIT_FAILURE); - } - } - fdClose(fd); - fdClose(ofd); + if ((sigtype = rpmLookupSignatureType(RPMLOOKUPSIG_QUERY)) > 0) + rpmAddSignature(sig, sigtarget, sigtype, passPhrase); - /* Start writing the new RPM */ + /* Write the lead/signature of the output rpm */ strcpy(tmprpm, rpm); strcat(tmprpm, ".XXXXXX"); mktemp(tmprpm); + trpm = tmprpm; + + if (manageFile(&ofd, &trpm, O_WRONLY|O_CREAT|O_TRUNC, 0)) + goto exit; - ofd = fdOpen(tmprpm, O_WRONLY|O_CREAT|O_TRUNC, 0644); lead.signature_type = RPMSIG_HEADERSIG; if (writeLead(ofd, &lead)) { - perror("writeLead()"); - fdClose(ofd); - unlink(sigtarget); - unlink(tmprpm); - xfree(sigtarget); - exit(EXIT_FAILURE); + fprintf(stderr, _("%s: writeLead failed: %s\n"), trpm, + strerror(errno)); + goto exit; } - /* Generate the signature */ - sigtype = rpmLookupSignatureType(RPMLOOKUPSIG_QUERY); - rpmMessage(RPMMESS_VERBOSE, _("Generating signature: %d\n"), sigtype); - if (add != ADD_SIGNATURE) { - sig = rpmNewSignature(); - rpmAddSignature(sig, sigtarget, RPMSIGTAG_SIZE, passPhrase); - rpmAddSignature(sig, sigtarget, RPMSIGTAG_MD5, passPhrase); - } - if (sigtype>0) { - rpmAddSignature(sig, sigtarget, sigtype, passPhrase); - } if (rpmWriteSignature(ofd, sig)) { - fdClose(ofd); - unlink(sigtarget); - unlink(tmprpm); - xfree(sigtarget); - rpmFreeSignature(sig); - exit(EXIT_FAILURE); + fprintf(stderr, _("%s: rpmWriteSignature failed\n"), trpm); + goto exit; } - rpmFreeSignature(sig); - /* Append the header and archive */ - fd = fdOpen(sigtarget, O_RDONLY, 0); - while ((count = fdRead(fd, buffer, sizeof(buffer))) > 0) { - if (count == -1) { - perror(_("Couldn't read sigtarget")); - fdClose(ofd); - fdClose(fd); - unlink(sigtarget); - unlink(tmprpm); - xfree(sigtarget); - exit(EXIT_FAILURE); - } - if (fdWrite(ofd, buffer, count) < 0) { - perror(_("Couldn't write package")); - fdClose(ofd); - fdClose(fd); - unlink(sigtarget); - unlink(tmprpm); - xfree(sigtarget); - exit(EXIT_FAILURE); - } - } - fdClose(fd); - fdClose(ofd); + /* Append the header and archive from the temp file */ + /* ASSERT: fd == NULL && ofd != NULL */ + if (copyFile(&fd, &sigtarget, &ofd, &trpm)) + goto exit; + /* Both fd and ofd are now closed. */ + /* ASSERT: fd == NULL && ofd == NULL */ + + /* Clean up intermediate target */ unlink(sigtarget); - xfree(sigtarget); + xfree(sigtarget); sigtarget = NULL; - /* Move it in to place */ + /* Move final target into place. */ unlink(rpm); - rename(tmprpm, rpm); + rename(trpm, rpm); tmprpm[0] = '\0'; + } + + rc = 0; + +exit: + if (fd) manageFile(&fd, NULL, 0, rc); + if (ofd) manageFile(&ofd, NULL, 0, rc); + + if (sig) { + rpmFreeSignature(sig); + sig = NULL; + } + if (sigtarget) { + unlink(sigtarget); + xfree(sigtarget); + sigtarget = NULL; + } + if (tmprpm[0] != '\0') { + unlink(tmprpm); + tmprpm[0] = '\0'; } - return 0; + return rc; } int rpmCheckSig(int flags, const char **argv) { - FD_t fd, ofd; - int res, res2, res3; + FD_t fd = NULL; + FD_t ofd = NULL; + int res2, res3; struct rpmlead lead; - const char *rpm; + const char *rpm = NULL; char result[1024]; - const char * sigtarget; + const char * sigtarget = NULL; unsigned char buffer[8192]; unsigned char missingKeys[7164]; unsigned char untrustedKeys[7164]; @@ -160,57 +229,47 @@ int rpmCheckSig(int flags, const char **argv) HeaderIterator sigIter; int_32 tag, type, count; void *ptr; + int res = 0; + + while ((rpm = *argv++) != NULL) { - res = 0; - while (*argv) { - rpm = *argv++; - if (fdFileno(fd = fdOpen(rpm, O_RDONLY, 0644)) < 0) { - fprintf(stderr, _("%s: Open failed\n"), rpm); + if (manageFile(&fd, &rpm, O_RDONLY, 0)) { res++; - continue; + goto bottom; } + if (readLead(fd, &lead)) { fprintf(stderr, _("%s: readLead failed\n"), rpm); res++; - continue; + goto bottom; } - if (lead.major == 1) { + switch (lead.major) { + case 1: fprintf(stderr, _("%s: No signature available (v1.0 RPM)\n"), rpm); res++; - continue; + goto bottom; + break; + default: + break; } if (rpmReadSignature(fd, &sig, lead.signature_type)) { fprintf(stderr, _("%s: rpmReadSignature failed\n"), rpm); res++; - continue; + goto bottom; } if (sig == NULL) { fprintf(stderr, _("%s: No signature available\n"), rpm); res++; - continue; + goto bottom; } - /* Write the rest to a temp file */ - if (makeTempFile(NULL, &sigtarget, &ofd)) - exit(EXIT_FAILURE); - while ((count = fdRead(fd, buffer, sizeof(buffer))) > 0) { - if (count == -1) { - perror(_("Couldn't read the header/archive")); - fdClose(ofd); - unlink(sigtarget); - xfree(sigtarget); - exit(EXIT_FAILURE); - } - if (fdWrite(ofd, buffer, count) < 0) { - fprintf(stderr, _("Unable to write %s"), sigtarget); - perror(""); - fdClose(ofd); - unlink(sigtarget); - xfree(sigtarget); - exit(EXIT_FAILURE); - } + /* Write the header and archive to a temp file */ + /* ASSERT: ofd == NULL && sigtarget == NULL */ + if (copyFile(&fd, &rpm, &ofd, &sigtarget)) { + res++; + goto bottom; } - fdClose(fd); - fdClose(ofd); + /* Both fd and ofd are now closed. sigtarget contains tempfile name. */ + /* ASSERT: fd == NULL && ofd == NULL */ res2 = 0; missingKeys[0] = '\0'; @@ -219,16 +278,26 @@ int rpmCheckSig(int flags, const char **argv) sigIter = headerInitIterator(sig); while (headerNextIterator(sigIter, &tag, &type, &ptr, &count)) { - if ((tag == RPMSIGTAG_PGP || tag == RPMSIGTAG_PGP5) - && !(flags & CHECKSIG_PGP)) - continue; - if ((tag == RPMSIGTAG_GPG) && !(flags & CHECKSIG_GPG)) - continue; - if ((tag == RPMSIGTAG_MD5 || - tag == RPMSIGTAG_LEMD5_2 || - tag == RPMSIGTAG_LEMD5_1) - && !(flags & CHECKSIG_MD5)) + switch (tag) { + case RPMSIGTAG_PGP5: /* XXX legacy */ + case RPMSIGTAG_PGP: + if (!(flags & CHECKSIG_PGP)) + continue; + break; + case RPMSIGTAG_GPG: + if (!(flags & CHECKSIG_GPG)) + continue; + break; + case RPMSIGTAG_LEMD5_2: + case RPMSIGTAG_LEMD5_1: + case RPMSIGTAG_MD5: + if (!(flags & CHECKSIG_MD5)) + continue; + break; + default: continue; + break; + } if ((res3 = rpmVerifySignature(sigtarget, tag, ptr, count, result))) { @@ -242,17 +311,19 @@ int rpmCheckSig(int flags, const char **argv) strcat(buffer, "SIZE "); res2 = 1; break; - case RPMSIGTAG_MD5: - case RPMSIGTAG_LEMD5_1: case RPMSIGTAG_LEMD5_2: + case RPMSIGTAG_LEMD5_1: + case RPMSIGTAG_MD5: strcat(buffer, "MD5 "); res2 = 1; break; + case RPMSIGTAG_PGP5: /* XXX legacy */ case RPMSIGTAG_PGP: - case RPMSIGTAG_PGP5: - if (res3 == RPMSIG_NOKEY || res3 == RPMSIG_NOTTRUSTED) { - /* Do not consider these a failure */ - int offset = 7; + switch (res3) { + /* Do not consider these a failure */ + case RPMSIG_NOKEY: + case RPMSIG_NOTTRUSTED: + { int offset = 7; strcat(buffer, "(PGP) "); tempKey = strstr(result, "Key ID"); if (tempKey == NULL) { @@ -268,27 +339,33 @@ int rpmCheckSig(int flags, const char **argv) strncat(untrustedKeys, tempKey + offset, 8); } } - } else { + } break; + default: strcat(buffer, "PGP "); res2 = 1; + break; } break; case RPMSIGTAG_GPG: - if (res3 == RPMSIG_NOKEY) { - /* Do not consider this a failure */ + /* Do not consider this a failure */ + switch (res3) { + case RPMSIG_NOKEY: strcat(buffer, "(GPG) "); strcat(missingKeys, " GPG#"); tempKey = strstr(result, "key ID"); if (tempKey) strncat(missingKeys, tempKey+7, 8); - } else { + break; + default: strcat(buffer, "GPG "); res2 = 1; + break; } break; default: strcat(buffer, "?UnknownSignatureType? "); res2 = 1; + break; } } } else { @@ -296,23 +373,24 @@ int rpmCheckSig(int flags, const char **argv) strcat(buffer, result); } else { switch (tag) { - case RPMSIGTAG_SIZE: + case RPMSIGTAG_SIZE: strcat(buffer, "size "); break; - case RPMSIGTAG_MD5: - case RPMSIGTAG_LEMD5_1: - case RPMSIGTAG_LEMD5_2: + case RPMSIGTAG_LEMD5_2: + case RPMSIGTAG_LEMD5_1: + case RPMSIGTAG_MD5: strcat(buffer, "md5 "); break; - case RPMSIGTAG_PGP: - case RPMSIGTAG_PGP5: + case RPMSIGTAG_PGP5: /* XXX legacy */ + case RPMSIGTAG_PGP: strcat(buffer, "pgp "); break; - case RPMSIGTAG_GPG: + case RPMSIGTAG_GPG: strcat(buffer, "gpg "); break; - default: + default: strcat(buffer, "??? "); + break; } } } @@ -320,7 +398,7 @@ int rpmCheckSig(int flags, const char **argv) headerFreeIterator(sigIter); res += res2; unlink(sigtarget); - xfree(sigtarget); + xfree(sigtarget); sigtarget = NULL; if (res2) { if (rpmIsVerbose()) { @@ -350,6 +428,14 @@ int rpmCheckSig(int flags, const char **argv) (untrustedKeys[0] != '\0') ? _(")") : ""); } } + + bottom: + if (fd) manageFile(&fd, NULL, 0, 0); + if (ofd) manageFile(&ofd, NULL, 0, 0); + if (sigtarget) { + unlink(sigtarget); + xfree(sigtarget); sigtarget = NULL; + } } return res; diff --git a/lib/rpmlib.h b/lib/rpmlib.h index 359dd3fae..7698d1d37 100644 --- a/lib/rpmlib.h +++ b/lib/rpmlib.h @@ -587,7 +587,28 @@ rpmErrorCallBackType rpmErrorSetCallback(rpmErrorCallBackType); #define RPMSIGTAG_LEMD5_2 1003 #define RPMSIGTAG_MD5 1004 #define RPMSIGTAG_GPG 1005 -#define RPMSIGTAG_PGP5 1006 +#define RPMSIGTAG_PGP5 1006 /* XXX legacy use only */ + +/* Signature tags by Public Key Algorithm (RFC 2440) */ +/* N.B.: These tags are tenative, the values may change */ +#define RPMTAG_PK_BASE 2048 +#define RPMTAG_PK_RSA_ES RPMTAG_PK_BASE+1 +#define RPMTAG_PK_RSA_E RPMTAG_PK_BASE+2 +#define RPMTAG_PK_RSA_S RPMTAG_PK_BASE+3 +#define RPMTAG_PK_ELGAMAL_E RPMTAG_PK_BASE+16 +#define RPMTAG_PK_DSA RPMTAG_PK_BASE+17 +#define RPMTAG_PK_ELLIPTIC RPMTAG_PK_BASE+18 +#define RPMTAG_PK_ECDSA RPMTAG_PK_BASE+19 +#define RPMTAG_PK_ELGAMAL_ES RPMTAG_PK_BASE+20 +#define RPMTAG_PK_DH RPMTAG_PK_BASE+21 + +#define RPMTAG_HASH_BASE 2048+64 +#define RPMTAG_HASH_MD5 RPMTAG_HASH_BASE+1 +#define RPMTAG_HASH_SHA1 RPMTAG_HASH_BASE+2 +#define RPMTAG_HASH_RIPEMD160 RPMTAG_HASH_BASE+3 +#define RPMTAG_HASH_MD2 RPMTAG_HASH_BASE+5 +#define RPMTAG_HASH_TIGER192 RPMTAG_HASH_BASE+6 +#define RPMTAG_HASH_HAVAL_5_160 RPMTAG_HASH_BASE+7 /**************************************************/ /* */ diff --git a/lib/signature.c b/lib/signature.c index 70a83f957..2537fc49c 100644 --- a/lib/signature.c +++ b/lib/signature.c @@ -25,90 +25,71 @@ typedef int (*md5func)(const char * fn, unsigned char * digest); int rpmLookupSignatureType(int action) { - static int rc = 0; - - switch (action) - { - case RPMLOOKUPSIG_DISABLE: - rc = -2; - return 0; - case RPMLOOKUPSIG_ENABLE: + static int disabled = 0; + int rc = 0; + + switch (action) { + case RPMLOOKUPSIG_DISABLE: + disabled = -2; + break; + case RPMLOOKUPSIG_ENABLE: + disabled = 0; + /* fall through */ + case RPMLOOKUPSIG_QUERY: + if (disabled) + break; /* Disabled */ + { const char *name = rpmExpand("%{_signature}", NULL); + if (!(name && *name != '%')) rc = 0; - /* fall through */ - case RPMLOOKUPSIG_QUERY: - if (rc == -2) - return 0; /* Disabled */ - else - { - const char *name = rpmExpand("%{_signature}", NULL); - if (!(name && *name != '%')) - rc = 0; - else if (!strcasecmp(name, "none")) - rc = 0; - else if (!strcasecmp(name, "pgp")) - rc = RPMSIGTAG_PGP; - else if (!strcasecmp(name, "pgp5")) - rc = RPMSIGTAG_PGP5; - else if (!strcasecmp(name, "gpg")) - rc = RPMSIGTAG_GPG; - else - rc = -1; /* Invalid %_signature spec in macro file */ - xfree(name); - } - break; + else if (!strcasecmp(name, "none")) + rc = 0; + else if (!strcasecmp(name, "pgp")) + rc = RPMSIGTAG_PGP; + else if (!strcasecmp(name, "pgp5")) /* XXX legacy */ + rc = RPMSIGTAG_PGP; + else if (!strcasecmp(name, "gpg")) + rc = RPMSIGTAG_GPG; + else + rc = -1; /* Invalid %_signature spec in macro file */ + xfree(name); + } break; } - return rc; } /* rpmDetectPGPVersion() returns the absolute path to the "pgp" */ /* executable of the requested version, or NULL when none found. */ -const char * rpmDetectPGPVersion(int sigTag) +const char * rpmDetectPGPVersion(pgpVersion *pgpVer) { /* Actually this should support having more then one pgp version. */ /* At the moment only one version is possible since we only */ /* have one %_pgpbin and one %_pgp_path. */ - static int pgp_version; + static pgpVersion saved_pgp_version = PGP_UNKNOWN; const char *pgpbin = rpmGetPath("%{_pgpbin}", NULL); - if (!pgp_version) - { + if (saved_pgp_version == PGP_UNKNOWN) { char *pgpvbin; struct stat statbuf; - if (!pgpbin || ! (pgpvbin = (char *)malloc(strlen(pgpbin) + 2))) - { - pgp_version = -1; + if (!pgpbin || ! (pgpvbin = (char *)alloca(strlen(pgpbin) + 2))) { + saved_pgp_version = -1; return NULL; } sprintf(pgpvbin, "%sv", pgpbin); if (stat(pgpvbin, &statbuf) == 0) - pgp_version = 50; + saved_pgp_version = PGP_5; else if (stat(pgpbin, &statbuf) == 0) - pgp_version = 26; + saved_pgp_version = PGP_2; else - pgp_version = -1; - - free(pgpvbin); + saved_pgp_version = PGP_NOTDETECTED; } - switch (sigTag) - { - case RPMSIGTAG_PGP: - if (pgp_version == 26) - return pgpbin; - break; - case RPMSIGTAG_PGP5: - if (pgp_version == 50) - return pgpbin; - break; - default: - break; - } - return NULL; + if (pgpbin && pgpVer) + *pgpVer = saved_pgp_version; + return pgpbin; } static int checkSize(FD_t fd, int size, int sigsize) @@ -136,7 +117,7 @@ static int checkSize(FD_t fd, int size, int sigsize) /* old-style one. It also immediately verifies the header+archive */ /* size and returns an error if it doesn't match. */ -int rpmReadSignature(FD_t fd, Header *header, short sig_type) +int rpmReadSignature(FD_t fd, Header *headerp, short sig_type) { unsigned char buf[2048]; int sigSize, pad; @@ -144,9 +125,8 @@ int rpmReadSignature(FD_t fd, Header *header, short sig_type) int_32 *archSize; Header h; - if (header) { - *header = NULL; - } + if (headerp) + *headerp = NULL; switch (sig_type) { case RPMSIG_NONE: @@ -155,12 +135,11 @@ int rpmReadSignature(FD_t fd, Header *header, short sig_type) case RPMSIG_PGP262_1024: rpmMessage(RPMMESS_DEBUG, _("Old PGP signature\n")); /* These are always 256 bytes */ - if (timedRead(fd, buf, 256) != 256) { + if (timedRead(fd, buf, 256) != 256) return 1; - } - if (header) { - *header = headerNew(); - headerAddEntry(*header, RPMSIGTAG_PGP, RPM_BIN_TYPE, buf, 152); + if (headerp) { + *headerp = headerNew(); + headerAddEntry(*headerp, RPMSIGTAG_PGP, RPM_BIN_TYPE, buf, 152); } break; case RPMSIG_MD5: @@ -173,9 +152,8 @@ int rpmReadSignature(FD_t fd, Header *header, short sig_type) rpmMessage(RPMMESS_DEBUG, _("New Header signature\n")); /* This is a new style signature */ h = headerRead(fd, HEADER_MAGIC_YES); - if (h == NULL) { + if (h == NULL) return 1; - } sigSize = headerSizeof(h, HEADER_MAGIC_YES); pad = (8 - (sigSize % 8)) % 8; /* 8-byte pad */ rpmMessage(RPMMESS_DEBUG, _("Signature size: %d\n"), sigSize); @@ -194,8 +172,8 @@ int rpmReadSignature(FD_t fd, Header *header, short sig_type) return 1; } } - if (header) { - *header = h; + if (headerp) { + *headerp = h; } else { headerFree(h); } @@ -240,7 +218,7 @@ void rpmFreeSignature(Header h) } static int makePGPSignature(const char *file, void **sig, int_32 *size, - const char *passPhrase, int sigTag) + const char *passPhrase) { char sigfile[1024]; int pid, status; @@ -255,6 +233,7 @@ static int makePGPSignature(const char *file, void **sig, int_32 *size, const char *pgp_path = rpmExpand("%{_pgp_path}", NULL); const char *name = rpmExpand("+myname=\"%{_pgp_name}\"", NULL); const char *path; + pgpVersion pgpVer; close(STDIN_FILENO); dup2(inpipe[0], 3); @@ -266,19 +245,22 @@ static int makePGPSignature(const char *file, void **sig, int_32 *size, /* dosetenv("PGPPASS", passPhrase, 1); */ - if ((path = rpmDetectPGPVersion(sigTag)) != NULL) { - switch(sigTag) { - case RPMSIGTAG_PGP: + if ((path = rpmDetectPGPVersion(&pgpVer)) != NULL) { + switch(pgpVer) { + case PGP_2: execlp(path, "pgp", "+batchmode=on", "+verbose=0", "+armor=off", name, "-sb", file, sigfile, NULL); break; - case RPMSIGTAG_PGP5: + case PGP_5: execlp(path,"pgps", "+batchmode=on", "+verbose=0", "+armor=off", name, "-b", file, "-o", sigfile, NULL); break; + case PGP_UNKNOWN: + case PGP_NOTDETECTED: + break; } } - rpmError(RPMERR_EXEC, _("Couldn't exec pgp")); + rpmError(RPMERR_EXEC, _("Couldn't exec pgp (%s)"), path); _exit(RPMERR_EXEC); } @@ -406,25 +388,26 @@ int rpmAddSignature(Header header, const char *file, int_32 sigTag, const char * void *sig; int ret = -1; + rpmMessage(RPMMESS_VERBOSE, _("Generating signature: %d\n"), sigTag); switch (sigTag) { - case RPMSIGTAG_SIZE: + case RPMSIGTAG_SIZE: stat(file, &statbuf); size = statbuf.st_size; ret = 0; headerAddEntry(header, RPMSIGTAG_SIZE, RPM_INT32_TYPE, &size, 1); break; - case RPMSIGTAG_MD5: + case RPMSIGTAG_MD5: ret = mdbinfile(file, buf); if (ret == 0) headerAddEntry(header, sigTag, RPM_BIN_TYPE, buf, 16); break; - case RPMSIGTAG_PGP: - case RPMSIGTAG_PGP5: - ret = makePGPSignature(file, &sig, &size, passPhrase, sigTag); + case RPMSIGTAG_PGP5: /* XXX legacy */ + case RPMSIGTAG_PGP: + ret = makePGPSignature(file, &sig, &size, passPhrase); if (ret == 0) headerAddEntry(header, sigTag, RPM_BIN_TYPE, sig, size); break; - case RPMSIGTAG_GPG: + case RPMSIGTAG_GPG: ret = makeGPGSignature(file, &sig, &size, passPhrase); if (ret == 0) headerAddEntry(header, sigTag, RPM_BIN_TYPE, sig, size); @@ -484,7 +467,7 @@ static int verifyMD5Signature(const char *datafile, unsigned char *sig, } static int verifyPGPSignature(const char *datafile, void *sig, - int count, char *result, int sigTag) + int count, char *result) { int pid, status, outpipe[2]; FD_t sfd; @@ -492,29 +475,24 @@ static int verifyPGPSignature(const char *datafile, void *sig, unsigned char buf[8192]; FILE *file; int res = RPMSIG_OK; - int usingPGP5 = 0; const char *path; + pgpVersion pgpVer; /* What version do we have? */ - if ((path = rpmDetectPGPVersion(RPMSIGTAG_PGP5))/* Use pgp5 if we have it */ - || sigTag == RPMSIGTAG_PGP5) /* ... or request it. */ - { - usingPGP5 = 1; - /* Its sad but true: pgp-5.0 returns also an exit value of 0 */ - /* when it finds a BAD signature. So instead we have to use */ - /* the text output. */ - res = RPMSIG_BAD; - } - else if (! (path = rpmDetectPGPVersion(RPMSIGTAG_PGP)) - || sigTag != RPMSIGTAG_PGP) - path = NULL; /* Fail */ - if (path == NULL) - { + if ((path = rpmDetectPGPVersion(&pgpVer)) == NULL) { errno = ENOENT; rpmError(RPMERR_EXEC, _("Could not run pgp. Use --nopgp to skip PGP checks.")); _exit(RPMERR_EXEC); } + + /* + * Sad but true: pgp-5.0 returns exit value of 0 on bad signature. + * Instead we have to use the text output to detect a bad signature. + */ + if (pgpVer == PGP_5) + res = RPMSIG_BAD; + /* Write out the signature */ { const char *tmppath = rpmGetPath("%{_tmppath}", NULL); sigfile = tempnam(tmppath, "rpmsig"); @@ -537,11 +515,12 @@ static int verifyPGPSignature(const char *datafile, void *sig, if (pgp_path && *pgp_path != '%') dosetenv("PGPPATH", pgp_path, 1); - if (usingPGP5) { + switch (pgpVer) { + case PGP_5: /* Some output (in particular "This signature applies to */ /* another message") is _always_ written to stderr; we */ /* want to catch that output, so dup stdout to stderr: */ - int save_stderr = dup(2); + { int save_stderr = dup(2); dup2(1, 2); execlp(path, "pgpv", "+batchmode=on", "+verbose=0", /* Write "Good signature..." to stdout: */ @@ -552,9 +531,14 @@ static int verifyPGPSignature(const char *datafile, void *sig, /* Restore stderr so we can print the error message below. */ dup2(save_stderr, 2); close(save_stderr); - } else { + } break; + case PGP_2: execlp(path, "pgp", "+batchmode=on", "+verbose=0", sigfile, datafile, NULL); + break; + case PGP_UNKNOWN: + case PGP_NOTDETECTED: + break; } fprintf(stderr, _("exec failed!\n")); @@ -692,26 +676,30 @@ static int checkPassPhrase(const char *passPhrase, const int sigTag) rpmError(RPMERR_EXEC, _("Couldn't exec gpg")); _exit(RPMERR_EXEC); } break; + case RPMSIGTAG_PGP5: /* XXX legacy */ case RPMSIGTAG_PGP: - case RPMSIGTAG_PGP5: { const char *pgp_path = rpmExpand("%{_pgp_path}", NULL); const char *name = rpmExpand("+myname=\"%{_pgp_name}\"", NULL); const char *path; + pgpVersion pgpVer; dosetenv("PGPPASSFD", "3", 1); if (pgp_path && *pgp_path != '%') dosetenv("PGPPATH", pgp_path, 1); - if ((path = rpmDetectPGPVersion(sigTag)) != NULL) { - switch(sigTag) { - case RPMSIGTAG_PGP: + if ((path = rpmDetectPGPVersion(&pgpVer)) != NULL) { + switch(pgpVer) { + case PGP_2: execlp(path, "pgp", "+batchmode=on", "+verbose=0", name, "-sf", NULL); break; - case RPMSIGTAG_PGP5: + case PGP_5: /* XXX legacy */ execlp(path,"pgps", "+batchmode=on", "+verbose=0", name, "-f", NULL); break; + case PGP_UNKNOWN: + case PGP_NOTDETECTED: + break; } } rpmError(RPMERR_EXEC, _("Couldn't exec pgp")); @@ -744,7 +732,7 @@ char *rpmGetPassPhrase(const char *prompt, const int sigTag) int aok; switch (sigTag) { - case RPMSIGTAG_GPG: + case RPMSIGTAG_GPG: { const char *name = rpmExpand("%{_gpg_name}", NULL); aok = (name && *name != '%'); xfree(name); @@ -755,8 +743,8 @@ char *rpmGetPassPhrase(const char *prompt, const int sigTag) return NULL; } break; - case RPMSIGTAG_PGP: - case RPMSIGTAG_PGP5: + case RPMSIGTAG_PGP5: /* XXX legacy */ + case RPMSIGTAG_PGP: { const char *name = rpmExpand("%{_pgp_name}", NULL); aok = (name && *name != '%'); xfree(name); @@ -767,12 +755,13 @@ char *rpmGetPassPhrase(const char *prompt, const int sigTag) return NULL; } break; - default: + default: /* Currently the calling function (rpm.c:main) is checking this and * doing a better job. This section should never be accessed. */ rpmError(RPMERR_SIGGEN, _("Invalid %%_signature spec in macro file")); return NULL; + break; } if (prompt) { @@ -792,30 +781,30 @@ int rpmVerifySignature(const char *file, int_32 sigTag, void *sig, int count, char *result) { switch (sigTag) { - case RPMSIGTAG_SIZE: + case RPMSIGTAG_SIZE: if (verifySizeSignature(file, *(int_32 *)sig, result)) { return RPMSIG_BAD; } break; - case RPMSIGTAG_MD5: + case RPMSIGTAG_MD5: if (verifyMD5Signature(file, sig, result, mdbinfile)) { return 1; } break; - case RPMSIGTAG_LEMD5_1: - case RPMSIGTAG_LEMD5_2: + case RPMSIGTAG_LEMD5_1: + case RPMSIGTAG_LEMD5_2: if (verifyMD5Signature(file, sig, result, mdbinfileBroken)) { return 1; } break; - case RPMSIGTAG_PGP: - case RPMSIGTAG_PGP5: - return verifyPGPSignature(file, sig, count, result, sigTag); + case RPMSIGTAG_PGP5: /* XXX legacy */ + case RPMSIGTAG_PGP: + return verifyPGPSignature(file, sig, count, result); break; - case RPMSIGTAG_GPG: + case RPMSIGTAG_GPG: return verifyGPGSignature(file, sig, count, result); break; - default: + default: sprintf(result, "Do not know how to verify sig type %d\n", sigTag); return RPMSIG_UNKNOWN; } diff --git a/lib/signature.h b/lib/signature.h index 69a5f17b9..d4e2e64f2 100644 --- a/lib/signature.h +++ b/lib/signature.h @@ -58,8 +58,13 @@ int rpmLookupSignatureType(int action); /* Utility to read a pass phrase from the user */ char *rpmGetPassPhrase(const char *prompt, const int sigTag); +/* >0 is a valid PGP version */ +typedef enum pgpVersion_e { + PGP_NOTDETECTED = -1, PGP_UNKNOWN = 0, PGP_2 = 2, PGP_5 = 5 +} pgpVersion; + /* Return path to pgp executable of given type, or NULL when not found */ -const char *rpmDetectPGPVersion(int sigType); +const char *rpmDetectPGPVersion(pgpVersion *pgpVersion); #ifdef __cplusplus } diff --git a/po/rpm.pot b/po/rpm.pot index 608d081f8..9c43eb762 100644 --- a/po/rpm.pot +++ b/po/rpm.pot @@ -6,7 +6,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" -"POT-Creation-Date: 1999-09-09 11:04-0400\n" +"POT-Creation-Date: 1999-09-10 19:45-0400\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: LANGUAGE <LL@li.org>\n" @@ -1140,91 +1140,79 @@ msgstr "" msgid "cannot access file %s\n" msgstr "" -#: ../rpm.c:1080 +#: ../rpm.c:1078 msgid "pgp not found: " msgstr "" -#: ../rpm.c:1083 -msgid "Use `%%_signature pgp5' instead of `%%_signature pgp' in macro file.\n" -msgstr "" - -#: ../rpm.c:1090 -msgid "pgp version 5 not found: " -msgstr "" - -#: ../rpm.c:1093 -msgid "Use `%%_signature pgp' instead of `%%_signature pgp5' in macro file.\n" -msgstr "" - -#: ../rpm.c:1099 +#: ../rpm.c:1082 msgid "Enter pass phrase: " msgstr "" -#: ../rpm.c:1100 +#: ../rpm.c:1084 msgid "Pass phrase check failed\n" msgstr "" -#: ../rpm.c:1103 +#: ../rpm.c:1087 msgid "Pass phrase is good.\n" msgstr "" -#: ../rpm.c:1110 +#: ../rpm.c:1092 msgid "Invalid %%_signature spec in macro file.\n" msgstr "" -#: ../rpm.c:1115 +#: ../rpm.c:1098 msgid "--sign may only be used during package building" msgstr "" -#: ../rpm.c:1132 +#: ../rpm.c:1113 msgid "exec failed\n" msgstr "" -#: ../rpm.c:1151 +#: ../rpm.c:1132 msgid "unexpected arguments to --querytags " msgstr "" -#: ../rpm.c:1162 +#: ../rpm.c:1143 msgid "no packages given for signature check" msgstr "" -#: ../rpm.c:1174 +#: ../rpm.c:1155 msgid "no packages given for signing" msgstr "" -#: ../rpm.c:1187 +#: ../rpm.c:1168 msgid "no packages files given for rebuild" msgstr "" -#: ../rpm.c:1244 +#: ../rpm.c:1225 msgid "no spec files given for build" msgstr "" -#: ../rpm.c:1246 +#: ../rpm.c:1227 msgid "no tar files given for build" msgstr "" -#: ../rpm.c:1258 +#: ../rpm.c:1239 msgid "no packages given for uninstall" msgstr "" -#: ../rpm.c:1307 +#: ../rpm.c:1288 msgid "no packages given for install" msgstr "" -#: ../rpm.c:1330 +#: ../rpm.c:1311 msgid "extra arguments given for query of all packages" msgstr "" -#: ../rpm.c:1335 +#: ../rpm.c:1316 msgid "no arguments given for query" msgstr "" -#: ../rpm.c:1352 +#: ../rpm.c:1333 msgid "extra arguments given for verify of all packages" msgstr "" -#: ../rpm.c:1356 +#: ../rpm.c:1337 msgid "no arguments given for verify" msgstr "" @@ -1413,7 +1401,7 @@ msgstr "" msgid "Could not open %%files file: %s" msgstr "" -#: ../build/files.c:1147 ../build/pack.c:433 +#: ../build/files.c:1147 ../build/pack.c:432 #, c-format msgid "line: %s" msgstr "" @@ -1505,67 +1493,67 @@ msgstr "" msgid "Could not open %s\n" msgstr "" -#: ../build/pack.c:314 ../build/pack.c:357 +#: ../build/pack.c:314 ../build/pack.c:356 #, c-format msgid "Unable to write package: %s" msgstr "" -#: ../build/pack.c:330 ../lib/rpmchecksig.c:94 +#: ../build/pack.c:329 ../lib/signature.c:391 #, c-format msgid "Generating signature: %d\n" msgstr "" -#: ../build/pack.c:347 +#: ../build/pack.c:346 #, c-format msgid "Unable to read sigtarget: %s" msgstr "" -#: ../build/pack.c:372 +#: ../build/pack.c:371 #, c-format msgid "Wrote: %s\n" msgstr "" -#: ../build/pack.c:387 +#: ../build/pack.c:386 #, c-format msgid "create archive failed on file %s: %s" msgstr "" -#: ../build/pack.c:403 +#: ../build/pack.c:402 #, c-format msgid "cpio_copy write failed: %s" msgstr "" -#: ../build/pack.c:410 +#: ../build/pack.c:409 #, c-format msgid "cpio_copy read failed: %s" msgstr "" -#: ../build/pack.c:489 +#: ../build/pack.c:488 #, c-format msgid "Could not open PreIn file: %s" msgstr "" -#: ../build/pack.c:496 +#: ../build/pack.c:495 #, c-format msgid "Could not open PreUn file: %s" msgstr "" -#: ../build/pack.c:503 +#: ../build/pack.c:502 #, c-format msgid "Could not open PostIn file: %s" msgstr "" -#: ../build/pack.c:510 +#: ../build/pack.c:509 #, c-format msgid "Could not open PostUn file: %s" msgstr "" -#: ../build/pack.c:518 +#: ../build/pack.c:517 #, c-format msgid "Could not open VerifyScript file: %s" msgstr "" -#: ../build/pack.c:534 +#: ../build/pack.c:533 #, c-format msgid "Could not open Trigger script file: %s" msgstr "" @@ -2467,7 +2455,7 @@ msgstr "" #: ../lib/problems.c:101 #, c-format -msgid "installing package %s-%s-%s needs %ld%c on the %s filesystem" +msgid "installing package %s-%s-%s needs %ld%cb on the %s filesystem" msgstr "" #: ../lib/problems.c:113 @@ -2730,83 +2718,87 @@ msgstr "" msgid "failed to remove directory %s: %s\n" msgstr "" -#: ../lib/rpmchecksig.c:30 ../lib/rpmchecksig.c:168 +#: ../lib/rpmchecksig.c:31 #, c-format -msgid "%s: Open failed\n" +msgid "%s: fdOpen failed: %s\n" msgstr "" -#: ../lib/rpmchecksig.c:34 ../lib/rpmchecksig.c:173 +#: ../lib/rpmchecksig.c:42 #, c-format -msgid "%s: readLead failed\n" +msgid "%s: makeTempFile failed\n" msgstr "" -#: ../lib/rpmchecksig.c:38 +#: ../lib/rpmchecksig.c:74 #, c-format -msgid "%s: Can't sign v1.0 RPM\n" +msgid "%s: fdWrite failed: %s\n" msgstr "" -#: ../lib/rpmchecksig.c:42 +#: ../lib/rpmchecksig.c:80 #, c-format -msgid "%s: Can't re-sign v2.0 RPM\n" +msgid "%s: fdRead failed: %s\n" msgstr "" -#: ../lib/rpmchecksig.c:46 ../lib/rpmchecksig.c:183 +#: ../lib/rpmchecksig.c:113 ../lib/rpmchecksig.c:242 #, c-format -msgid "%s: rpmReadSignature failed\n" +msgid "%s: readLead failed\n" msgstr "" -#: ../lib/rpmchecksig.c:59 ../lib/rpmchecksig.c:197 -msgid "Couldn't read the header/archive" +#: ../lib/rpmchecksig.c:118 +#, c-format +msgid "%s: Can't sign v1.0 RPM\n" msgstr "" -#: ../lib/rpmchecksig.c:66 -msgid "Couldn't write header/archive to temp file" +#: ../lib/rpmchecksig.c:122 +#, c-format +msgid "%s: Can't re-sign v2.0 RPM\n" msgstr "" -#: ../lib/rpmchecksig.c:117 -msgid "Couldn't read sigtarget" +#: ../lib/rpmchecksig.c:130 ../lib/rpmchecksig.c:256 +#, c-format +msgid "%s: rpmReadSignature failed\n" msgstr "" -#: ../lib/rpmchecksig.c:126 -msgid "Couldn't write package" +#: ../lib/rpmchecksig.c:134 ../lib/rpmchecksig.c:261 +#, c-format +msgid "%s: No signature available\n" msgstr "" -#: ../lib/rpmchecksig.c:178 +#: ../lib/rpmchecksig.c:167 #, c-format -msgid "%s: No signature available (v1.0 RPM)\n" +msgid "%s: writeLead failed: %s\n" msgstr "" -#: ../lib/rpmchecksig.c:188 +#: ../lib/rpmchecksig.c:173 #, c-format -msgid "%s: No signature available\n" +msgid "%s: rpmWriteSignature failed\n" msgstr "" -#: ../lib/rpmchecksig.c:204 +#: ../lib/rpmchecksig.c:248 #, c-format -msgid "Unable to write %s" +msgid "%s: No signature available (v1.0 RPM)\n" msgstr "" -#: ../lib/rpmchecksig.c:330 +#: ../lib/rpmchecksig.c:408 msgid "NOT OK" msgstr "" -#: ../lib/rpmchecksig.c:331 ../lib/rpmchecksig.c:345 +#: ../lib/rpmchecksig.c:409 ../lib/rpmchecksig.c:423 msgid " (MISSING KEYS:" msgstr "" -#: ../lib/rpmchecksig.c:333 ../lib/rpmchecksig.c:347 +#: ../lib/rpmchecksig.c:411 ../lib/rpmchecksig.c:425 msgid ") " msgstr "" -#: ../lib/rpmchecksig.c:334 ../lib/rpmchecksig.c:348 +#: ../lib/rpmchecksig.c:412 ../lib/rpmchecksig.c:426 msgid " (UNTRUSTED KEYS:" msgstr "" -#: ../lib/rpmchecksig.c:336 ../lib/rpmchecksig.c:350 +#: ../lib/rpmchecksig.c:414 ../lib/rpmchecksig.c:428 msgid ")" msgstr "" -#: ../lib/rpmchecksig.c:344 +#: ../lib/rpmchecksig.c:422 msgid "OK" msgstr "" @@ -3101,126 +3093,131 @@ msgstr "" msgid "Please contact rpm-list@redhat.com\n" msgstr "" -#: ../lib/signature.c:124 +#: ../lib/signature.c:105 #, c-format msgid "sigsize : %d\n" msgstr "" -#: ../lib/signature.c:125 +#: ../lib/signature.c:106 #, c-format msgid "Header + Archive: %d\n" msgstr "" -#: ../lib/signature.c:126 +#: ../lib/signature.c:107 #, c-format msgid "expected size : %d\n" msgstr "" -#: ../lib/signature.c:130 +#: ../lib/signature.c:111 msgid "file is not regular -- skipping size check\n" msgstr "" -#: ../lib/signature.c:153 +#: ../lib/signature.c:133 msgid "No signature\n" msgstr "" -#: ../lib/signature.c:156 +#: ../lib/signature.c:136 msgid "Old PGP signature\n" msgstr "" -#: ../lib/signature.c:169 +#: ../lib/signature.c:148 msgid "Old (internal-only) signature! How did you get that!?" msgstr "" -#: ../lib/signature.c:173 +#: ../lib/signature.c:152 msgid "New Header signature\n" msgstr "" #. 8-byte pad -#: ../lib/signature.c:181 ../lib/signature.c:223 +#: ../lib/signature.c:159 ../lib/signature.c:201 #, c-format msgid "Signature size: %d\n" msgstr "" -#: ../lib/signature.c:182 ../lib/signature.c:224 +#: ../lib/signature.c:160 ../lib/signature.c:202 #, c-format msgid "Signature pad : %d\n" msgstr "" -#: ../lib/signature.c:281 ../lib/signature.c:717 -msgid "Couldn't exec pgp" +#: ../lib/signature.c:263 +#, c-format +msgid "Couldn't exec pgp (%s)" msgstr "" -#: ../lib/signature.c:292 +#: ../lib/signature.c:274 msgid "pgp failed" msgstr "" #. PGP failed to write signature #. Just in case -#: ../lib/signature.c:299 +#: ../lib/signature.c:281 msgid "pgp failed to write signature" msgstr "" -#: ../lib/signature.c:304 +#: ../lib/signature.c:286 #, c-format msgid "PGP sig size: %d\n" msgstr "" -#: ../lib/signature.c:315 ../lib/signature.c:391 +#: ../lib/signature.c:297 ../lib/signature.c:373 msgid "unable to read the signature" msgstr "" -#: ../lib/signature.c:320 +#: ../lib/signature.c:302 #, c-format msgid "Got %d bytes of PGP sig\n" msgstr "" -#: ../lib/signature.c:357 ../lib/signature.c:692 +#: ../lib/signature.c:339 ../lib/signature.c:676 msgid "Couldn't exec gpg" msgstr "" -#: ../lib/signature.c:368 +#: ../lib/signature.c:350 msgid "gpg failed" msgstr "" #. GPG failed to write signature #. Just in case -#: ../lib/signature.c:375 +#: ../lib/signature.c:357 msgid "gpg failed to write signature" msgstr "" -#: ../lib/signature.c:380 +#: ../lib/signature.c:362 #, c-format msgid "GPG sig size: %d\n" msgstr "" -#: ../lib/signature.c:396 +#: ../lib/signature.c:378 #, c-format msgid "Got %d bytes of GPG sig\n" msgstr "" -#: ../lib/signature.c:515 ../lib/signature.c:562 +#: ../lib/signature.c:485 ../lib/signature.c:546 msgid "Could not run pgp. Use --nopgp to skip PGP checks." msgstr "" -#: ../lib/signature.c:560 ../lib/signature.c:632 +#: ../lib/signature.c:544 ../lib/signature.c:616 msgid "exec failed!\n" msgstr "" -#: ../lib/signature.c:634 +#: ../lib/signature.c:618 msgid "Could not run gpg. Use --nogpg to skip GPG checks." msgstr "" +#: ../lib/signature.c:705 +msgid "Couldn't exec pgp" +msgstr "" + #. This case should have been screened out long ago. -#: ../lib/signature.c:721 ../lib/signature.c:774 +#: ../lib/signature.c:709 ../lib/signature.c:762 msgid "Invalid %%_signature spec in macro file" msgstr "" -#: ../lib/signature.c:754 +#: ../lib/signature.c:742 msgid "You must set \"%%_gpg_name\" in your macro file" msgstr "" -#: ../lib/signature.c:766 +#: ../lib/signature.c:754 msgid "You must set \"%%_pgp_name\" in your macro file" msgstr "" @@ -1072,51 +1072,32 @@ int main(int argc, char ** argv) switch (sigTag = rpmLookupSignatureType(RPMLOOKUPSIG_QUERY)) { case 0: break; - case RPMSIGTAG_GPG: case RPMSIGTAG_PGP: - case RPMSIGTAG_PGP5: - if (sigTag == RPMSIGTAG_PGP - && !rpmDetectPGPVersion(RPMSIGTAG_PGP)) { + if ((sigTag == RPMSIGTAG_PGP || sigTag == RPMSIGTAG_PGP5) && + !rpmDetectPGPVersion(NULL)) { fprintf(stderr, _("pgp not found: ")); - if (rpmDetectPGPVersion(RPMSIGTAG_PGP5)) { - fprintf(stderr, - _("Use `%%_signature pgp5' instead of `%%_signature pgp' in macro file.\n")); - exit(EXIT_FAILURE); - } - /* Fall through to default: */ - } - else if (sigTag == RPMSIGTAG_PGP5 - && !rpmDetectPGPVersion(RPMSIGTAG_PGP5)) { - fprintf(stderr, _("pgp version 5 not found: ")); - if (rpmDetectPGPVersion(RPMSIGTAG_PGP)) { - fprintf(stderr, - _("Use `%%_signature pgp' instead of `%%_signature pgp5' in macro file.\n")); - exit(EXIT_FAILURE); - } - /* Fall through to default: */ - } - else if (!(passPhrase = - rpmGetPassPhrase(_("Enter pass phrase: "), sigTag))) { + exit(EXIT_FAILURE); + } /* fall through */ + case RPMSIGTAG_GPG: + passPhrase = rpmGetPassPhrase(_("Enter pass phrase: "), sigTag); + if (passPhrase == NULL) { fprintf(stderr, _("Pass phrase check failed\n")); exit(EXIT_FAILURE); - } else { - fprintf(stderr, _("Pass phrase is good.\n")); - passPhrase = strdup(passPhrase); - break; } - /* Fall through */ + fprintf(stderr, _("Pass phrase is good.\n")); + passPhrase = strdup(passPhrase); + break; default: fprintf(stderr, _("Invalid %%_signature spec in macro file.\n")); exit(EXIT_FAILURE); + break; } } } else { argerror(_("--sign may only be used during package building")); } - } - else - { + } else { /* Make rpmLookupSignatureType() return 0 ("none") from now on */ rpmLookupSignatureType(RPMLOOKUPSIG_DISABLE); } |