diff options
| author | jbj <devnull@localhost> | 2002-07-21 22:06:19 +0000 |
|---|---|---|
| committer | jbj <devnull@localhost> | 2002-07-21 22:06:19 +0000 |
| commit | 6af194ed8eae2111a296a7b400a229f0df336a2b (patch) | |
| tree | 3f231083eb44a8562350aaacd1828b332789079e /lib | |
| parent | c2ffec4c6ff43026abea088a36360fbacfc80282 (diff) | |
| download | rpm-6af194ed8eae2111a296a7b400a229f0df336a2b.tar.gz rpm-6af194ed8eae2111a296a7b400a229f0df336a2b.tar.bz2 rpm-6af194ed8eae2111a296a7b400a229f0df336a2b.zip | |
- add methods to make signature handling opaque wrto rpmts.
CVS patchset: 5566
CVS date: 2002/07/21 22:06:19
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/Makefile.am | 2 | ||||
| -rw-r--r-- | lib/depends.c | 24 | ||||
| -rw-r--r-- | lib/package.c | 144 | ||||
| -rw-r--r-- | lib/psm.c | 4 | ||||
| -rw-r--r-- | lib/query.c | 16 | ||||
| -rw-r--r-- | lib/rpmchecksig.c | 158 | ||||
| -rw-r--r-- | lib/rpmcli.h | 12 | ||||
| -rw-r--r-- | lib/rpmfi.c | 6 | ||||
| -rw-r--r-- | lib/rpmlib.h | 24 | ||||
| -rw-r--r-- | lib/rpmts.c | 352 | ||||
| -rw-r--r-- | lib/rpmts.h | 186 | ||||
| -rw-r--r-- | lib/signature.c | 266 | ||||
| -rw-r--r-- | lib/transaction.c | 12 | ||||
| -rw-r--r-- | lib/verify.c | 14 |
14 files changed, 717 insertions, 503 deletions
diff --git a/lib/Makefile.am b/lib/Makefile.am index 5eae7c2d5..e6f30adf6 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -3,10 +3,10 @@ AUTOMAKE_OPTIONS = 1.4 foreign INCLUDES = -I. \ + -I$(top_srcdir) \ -I$(top_srcdir)/build \ -I$(top_srcdir)/rpmdb \ -I$(top_srcdir)/rpmio \ - -I$(top_srcdir)/beecrypt \ -I$(top_srcdir)/popt \ @INCPATH@ diff --git a/lib/depends.c b/lib/depends.c index 813cf7168..1cbeb224f 100644 --- a/lib/depends.c +++ b/lib/depends.c @@ -329,8 +329,10 @@ int rpmtsAddEraseElement(rpmts ts, Header h, int dboffset) * @return 0 if satisfied, 1 if not satisfied, 2 if error */ static int unsatisfiedDepend(rpmts ts, rpmds dep) - /*@globals _cacheDependsRC, fileSystem, internalState @*/ - /*@modifies ts, _cacheDependsRC, fileSystem, internalState @*/ + /*@globals _cacheDependsRC, rpmGlobalMacroContext, + fileSystem, internalState @*/ + /*@modifies ts, _cacheDependsRC, rpmGlobalMacroContext, + fileSystem, internalState @*/ { DBT * key = alloca(sizeof(*key)); DBT * data = alloca(sizeof(*data)); @@ -551,8 +553,10 @@ exit: static int checkPackageDeps(rpmts ts, const char * pkgNEVR, /*@null@*/ rpmds requires, /*@null@*/ rpmds conflicts, /*@null@*/ const char * depName, uint_32 multiLib, int adding) - /*@globals fileSystem, internalState @*/ - /*@modifies ts, requires, conflicts, fileSystem, internalState */ + /*@globals rpmGlobalMacroContext, + fileSystem, internalState @*/ + /*@modifies ts, requires, conflicts, rpmGlobalMacroContext, + fileSystem, internalState */ { const char * Name; int_32 Flags; @@ -652,8 +656,8 @@ static int checkPackageDeps(rpmts ts, const char * pkgNEVR, */ static int checkPackageSet(rpmts ts, const char * dep, /*@only@*/ /*@null@*/ rpmdbMatchIterator mi, int adding) - /*@globals fileSystem, internalState @*/ - /*@modifies ts, mi, fileSystem, internalState @*/ + /*@globals rpmGlobalMacroContext, fileSystem, internalState @*/ + /*@modifies ts, mi, rpmGlobalMacroContext, fileSystem, internalState @*/ { int scareMem = 1; Header h; @@ -691,8 +695,8 @@ static int checkPackageSet(rpmts ts, const char * dep, * @return 0 no problems found */ static int checkDependentPackages(rpmts ts, const char * dep) - /*@globals fileSystem, internalState @*/ - /*@modifies ts, fileSystem, internalState @*/ + /*@globals rpmGlobalMacroContext, fileSystem, internalState @*/ + /*@modifies ts, rpmGlobalMacroContext, fileSystem, internalState @*/ { rpmdbMatchIterator mi; mi = rpmtsInitIterator(ts, RPMTAG_REQUIRENAME, dep, 0); @@ -706,8 +710,8 @@ static int checkDependentPackages(rpmts ts, const char * dep) * @return 0 no problems found */ static int checkDependentConflicts(rpmts ts, const char * dep) - /*@globals fileSystem, internalState @*/ - /*@modifies ts, fileSystem, internalState @*/ + /*@globals rpmGlobalMacroContext, fileSystem, internalState @*/ + /*@modifies ts, rpmGlobalMacroContext, fileSystem, internalState @*/ { int rc = 0; diff --git a/lib/package.c b/lib/package.c index f8116986f..5fe74c0fd 100644 --- a/lib/package.c +++ b/lib/package.c @@ -9,7 +9,6 @@ #include <rpmio_internal.h> #include <rpmlib.h> -#define _RPMTS_INTERNAL #include "rpmts.h" #include "misc.h" /* XXX stripTrailingChar() */ @@ -154,14 +153,15 @@ static int rpmtsStashKeyid(rpmts ts) /*@globals nkeyids, keyids @*/ /*@modifies nkeyids, keyids @*/ { - pgpDigParams sigp = NULL; + const void * sig = rpmtsSig(ts); + pgpDig dig = rpmtsDig(ts); + pgpDigParams sigp = rpmtsSignature(ts); unsigned int keyid; int i; - if (ts->sig == NULL || ts->dig == NULL) + if (sig == NULL || dig == NULL || sigp == NULL) return 0; - sigp = &ts->dig->signature; keyid = pgpGrab(sigp->signid+4, 4); if (keyid == 0) return 0; @@ -191,12 +191,18 @@ static unsigned char header_magic[8] = { int rpmReadPackageFile(rpmts ts, FD_t fd, const char * fn, Header * hdrp) { + pgpDig dig; byte buf[8*BUFSIZ]; ssize_t count; struct rpmlead * l = alloca(sizeof(*l)); - Header sig; + Header sigh; + int_32 sigtag; + int_32 sigtype; + const void * sig; + int_32 siglen; Header h = NULL; int hmagic; + int vsflags; rpmRC rc = RPMRC_FAIL; /* assume failure */ int xx; int i; @@ -243,51 +249,52 @@ int rpmReadPackageFile(rpmts ts, FD_t fd, } /* Read the signature header. */ - rc = rpmReadSignature(fd, &sig, l->signature_type); + rc = rpmReadSignature(fd, &sigh, l->signature_type); if (!(rc == RPMRC_OK || rc == RPMRC_BADSIZE)) { rpmError(RPMERR_SIGGEN, _("%s: rpmReadSignature failed\n"), fn); goto exit; } - if (sig == NULL) { + if (sigh == NULL) { rpmError(RPMERR_SIGGEN, _("%s: No signature available\n"), fn); rc = RPMRC_FAIL; goto exit; } /* Figger the most effective available signature. */ - ts->sigtag = 0; - if (ts->vsflags & _RPMTS_VSF_VERIFY_LEGACY) { - if (ts->sigtag == 0 && !(ts->vsflags & _RPMTS_VSF_NOSIGNATURES)) { - if (headerIsEntry(sig, RPMSIGTAG_DSA)) - ts->sigtag = RPMSIGTAG_DSA; - else if (headerIsEntry(sig, RPMSIGTAG_RSA)) - ts->sigtag = RPMSIGTAG_RSA; - else if (headerIsEntry(sig, RPMSIGTAG_GPG)) { - ts->sigtag = RPMSIGTAG_GPG; + sigtag = 0; + vsflags = rpmtsVerifySigFlags(ts); + if (vsflags & _RPMTS_VSF_VERIFY_LEGACY) { + if (sigtag == 0 && !(vsflags & _RPMTS_VSF_NOSIGNATURES)) { + if (headerIsEntry(sigh, RPMSIGTAG_DSA)) + sigtag = RPMSIGTAG_DSA; + else if (headerIsEntry(sigh, RPMSIGTAG_RSA)) + sigtag = RPMSIGTAG_RSA; + else if (headerIsEntry(sigh, RPMSIGTAG_GPG)) { + sigtag = RPMSIGTAG_GPG; fdInitDigest(fd, PGPHASHALGO_SHA1, 0); - } else if (headerIsEntry(sig, RPMSIGTAG_PGP)) { - ts->sigtag = RPMSIGTAG_PGP; + } else if (headerIsEntry(sigh, RPMSIGTAG_PGP)) { + sigtag = RPMSIGTAG_PGP; fdInitDigest(fd, PGPHASHALGO_MD5, 0); } } - if (ts->sigtag == 0 && !(ts->vsflags & _RPMTS_VSF_NODIGESTS)) { - if (headerIsEntry(sig, RPMSIGTAG_SHA1)) - ts->sigtag = RPMSIGTAG_SHA1; - else if (headerIsEntry(sig, RPMSIGTAG_MD5)) { - ts->sigtag = RPMSIGTAG_MD5; + if (sigtag == 0 && !(vsflags & _RPMTS_VSF_NODIGESTS)) { + if (headerIsEntry(sigh, RPMSIGTAG_SHA1)) + sigtag = RPMSIGTAG_SHA1; + else if (headerIsEntry(sigh, RPMSIGTAG_MD5)) { + sigtag = RPMSIGTAG_MD5; fdInitDigest(fd, PGPHASHALGO_MD5, 0); } } } else { - if (ts->sigtag == 0 && !(ts->vsflags & _RPMTS_VSF_NOSIGNATURES)) { - if (headerIsEntry(sig, RPMSIGTAG_DSA)) - ts->sigtag = RPMSIGTAG_DSA; - else if (headerIsEntry(sig, RPMSIGTAG_RSA)) - ts->sigtag = RPMSIGTAG_RSA; + if (sigtag == 0 && !(vsflags & _RPMTS_VSF_NOSIGNATURES)) { + if (headerIsEntry(sigh, RPMSIGTAG_DSA)) + sigtag = RPMSIGTAG_DSA; + else if (headerIsEntry(sigh, RPMSIGTAG_RSA)) + sigtag = RPMSIGTAG_RSA; } - if (ts->sigtag == 0 && !(ts->vsflags & _RPMTS_VSF_NODIGESTS)) { - if (headerIsEntry(sig, RPMSIGTAG_SHA1)) - ts->sigtag = RPMSIGTAG_SHA1; + if (sigtag == 0 && !(vsflags & _RPMTS_VSF_NODIGESTS)) { + if (headerIsEntry(sigh, RPMSIGTAG_SHA1)) + sigtag = RPMSIGTAG_SHA1; } } @@ -301,37 +308,37 @@ int rpmReadPackageFile(rpmts ts, FD_t fd, } /* Any signatures to check? */ - if (ts->sigtag == 0) { + if (sigtag == 0) { rc = RPMRC_OK; goto exit; } - ts->dig = pgpNewDig(); - if (ts->dig == NULL) { + dig = rpmtsDig(ts); + if (dig == NULL) { rc = RPMRC_FAIL; goto exit; } - ts->dig->nbytes = 0; + dig->nbytes = 0; /* Retrieve the tag parameters from the signature header. */ - ts->sig = NULL; - xx = headerGetEntry(sig, ts->sigtag, &ts->sigtype, - (void **) &ts->sig, &ts->siglen); - if (ts->sig == NULL) { + sig = NULL; + xx = headerGetEntry(sigh, sigtag, &sigtype, (void **) &sig, &siglen); + if (sig == NULL) { rc = RPMRC_FAIL; goto exit; } + (void) rpmtsSetSig(ts, sigtag, sigtype, sig, siglen); - switch (ts->sigtag) { + switch (sigtag) { case RPMSIGTAG_RSA: /* Parse the parameters from the OpenPGP packets that will be needed. */ - xx = pgpPrtPkts(ts->sig, ts->siglen, ts->dig, + xx = pgpPrtPkts(sig, siglen, dig, (_print_pkts & rpmIsDebug())); /* XXX only V3 signatures for now. */ - if (ts->dig->signature.version != 3) { + if (dig->signature.version != 3) { rpmMessage(RPMMESS_WARNING, _("only V3 signatures can be verified, skipping V%u signature"), - ts->dig->signature.version); + dig->signature.version); rc = RPMRC_OK; goto exit; } @@ -341,22 +348,22 @@ int rpmReadPackageFile(rpmts ts, FD_t fd, if (!headerGetEntry(h, RPMTAG_HEADERIMMUTABLE, &uht, &uh, &uhc)) break; - ts->dig->md5ctx = rpmDigestInit(PGPHASHALGO_MD5, RPMDIGEST_NONE); - (void) rpmDigestUpdate(ts->dig->md5ctx, header_magic, sizeof(header_magic)); - ts->dig->nbytes += sizeof(header_magic); - (void) rpmDigestUpdate(ts->dig->md5ctx, uh, uhc); - ts->dig->nbytes += uhc; + dig->md5ctx = rpmDigestInit(PGPHASHALGO_MD5, RPMDIGEST_NONE); + (void) rpmDigestUpdate(dig->md5ctx, header_magic, sizeof(header_magic)); + dig->nbytes += sizeof(header_magic); + (void) rpmDigestUpdate(dig->md5ctx, uh, uhc); + dig->nbytes += uhc; uh = headerFreeData(uh, uht); } break; case RPMSIGTAG_DSA: /* Parse the parameters from the OpenPGP packets that will be needed. */ - xx = pgpPrtPkts(ts->sig, ts->siglen, ts->dig, + xx = pgpPrtPkts(sig, siglen, dig, (_print_pkts & rpmIsDebug())); /* XXX only V3 signatures for now. */ - if (ts->dig->signature.version != 3) { + if (dig->signature.version != 3) { rpmMessage(RPMMESS_WARNING, _("only V3 signatures can be verified, skipping V%u signature"), - ts->dig->signature.version); + dig->signature.version); rc = RPMRC_OK; goto exit; } @@ -368,41 +375,41 @@ int rpmReadPackageFile(rpmts ts, FD_t fd, if (!headerGetEntry(h, RPMTAG_HEADERIMMUTABLE, &uht, &uh, &uhc)) break; - ts->dig->hdrsha1ctx = rpmDigestInit(PGPHASHALGO_SHA1, RPMDIGEST_NONE); - (void) rpmDigestUpdate(ts->dig->hdrsha1ctx, header_magic, sizeof(header_magic)); - ts->dig->nbytes += sizeof(header_magic); - (void) rpmDigestUpdate(ts->dig->hdrsha1ctx, uh, uhc); - ts->dig->nbytes += uhc; + dig->hdrsha1ctx = rpmDigestInit(PGPHASHALGO_SHA1, RPMDIGEST_NONE); + (void) rpmDigestUpdate(dig->hdrsha1ctx, header_magic, sizeof(header_magic)); + dig->nbytes += sizeof(header_magic); + (void) rpmDigestUpdate(dig->hdrsha1ctx, uh, uhc); + dig->nbytes += uhc; uh = headerFreeData(uh, uht); } break; case RPMSIGTAG_GPG: case RPMSIGTAG_PGP5: /* XXX legacy */ case RPMSIGTAG_PGP: /* Parse the parameters from the OpenPGP packets that will be needed. */ - xx = pgpPrtPkts(ts->sig, ts->siglen, ts->dig, + xx = pgpPrtPkts(sig, siglen, dig, (_print_pkts & rpmIsDebug())); /* XXX only V3 signatures for now. */ - if (ts->dig->signature.version != 3) { + if (dig->signature.version != 3) { rpmMessage(RPMMESS_WARNING, _("only V3 signatures can be verified, skipping V%u signature"), - ts->dig->signature.version); + dig->signature.version); rc = RPMRC_OK; goto exit; } /*@fallthrough@*/ case RPMSIGTAG_MD5: /* Legacy signatures need the compressed payload in the digest too. */ - ts->dig->nbytes += headerSizeof(h, hmagic); + dig->nbytes += headerSizeof(h, hmagic); while ((count = Fread(buf, sizeof(buf[0]), sizeof(buf), fd)) > 0) - ts->dig->nbytes += count; + dig->nbytes += count; if (count < 0) { rpmError(RPMERR_FREAD, _("%s: Fread failed: %s\n"), fn, Fstrerror(fd)); rc = RPMRC_FAIL; goto exit; } - ts->dig->nbytes += count; + dig->nbytes += count; /* XXX Steal the digest-in-progress from the file handle. */ for (i = fd->ndigests - 1; i >= 0; i--) { @@ -410,12 +417,12 @@ int rpmReadPackageFile(rpmts ts, FD_t fd, if (fddig->hashctx == NULL) continue; if (fddig->hashalgo == PGPHASHALGO_MD5) { - ts->dig->md5ctx = fddig->hashctx; + dig->md5ctx = fddig->hashctx; fddig->hashctx = NULL; continue; } if (fddig->hashalgo == PGPHASHALGO_SHA1) { - ts->dig->sha1ctx = fddig->hashctx; + dig->sha1ctx = fddig->hashctx; fddig->hashctx = NULL; continue; } @@ -457,7 +464,7 @@ exit: legacyRetrofit(h, l); /* Append (and remap) signature tags to the metadata. */ - headerMergeLegacySigs(h, sig); + headerMergeLegacySigs(h, sigh); /* Bump reference count for return. */ /*@-boundswrite@*/ @@ -465,10 +472,7 @@ exit: /*@=boundswrite@*/ } h = headerFree(h); - if (ts->sig != NULL) - ts->sig = headerFreeData(ts->sig, ts->sigtype); - if (ts->dig != NULL) - ts->dig = pgpFreeDig(ts->dig); - sig = rpmFreeSignature(sig); + rpmtsCleanDig(ts); + sigh = rpmFreeSignature(sigh); return rc; } @@ -338,8 +338,8 @@ static int mergeFiles(rpmfi fi, Header h, Header newH) */ /*@-bounds@*/ static int markReplacedFiles(const PSM_t psm) - /*@globals fileSystem, internalState @*/ - /*@modifies psm, fileSystem, internalState @*/ + /*@globals rpmGlobalMacroContext, fileSystem, internalState @*/ + /*@modifies psm, rpmGlobalMacroContext, fileSystem, internalState @*/ { const rpmts ts = psm->ts; rpmfi fi = psm->fi; diff --git a/lib/query.c b/lib/query.c index d99509ca0..552b3b0c5 100644 --- a/lib/query.c +++ b/lib/query.c @@ -709,7 +709,7 @@ restart: break; case RPMQV_PKGID: - { unsigned char md5[16]; + { unsigned char MD5[16]; unsigned char * t; for (i = 0, s = arg; *s && isxdigit(*s); s++, i++) @@ -719,11 +719,11 @@ restart: return 1; } - md5[0] = '\0'; - for (i = 0, t = md5, s = arg; i < 16; i++, t++, s += 2) + MD5[0] = '\0'; + for (i = 0, t = MD5, s = arg; i < 16; i++, t++, s += 2) *t = (nibble(s[0]) << 4) | nibble(s[1]); - qva->qva_mi = rpmtsInitIterator(ts, RPMTAG_SIGMD5, md5, sizeof(md5)); + qva->qva_mi = rpmtsInitIterator(ts, RPMTAG_SIGMD5, MD5, sizeof(MD5)); if (qva->qva_mi == NULL) { rpmError(RPMERR_QUERYINFO, _("no package matches %s: %s\n"), "pkgid", arg); @@ -752,7 +752,7 @@ restart: break; case RPMQV_FILEID: - { unsigned char md5[16]; + { unsigned char MD5[16]; unsigned char * t; for (i = 0, s = arg; *s && isxdigit(*s); s++, i++) @@ -762,11 +762,11 @@ restart: return 1; } - md5[0] = '\0'; - for (i = 0, t = md5, s = arg; i < 16; i++, t++, s += 2) + MD5[0] = '\0'; + for (i = 0, t = MD5, s = arg; i < 16; i++, t++, s += 2) *t = (nibble(s[0]) << 4) | nibble(s[1]); - qva->qva_mi = rpmtsInitIterator(ts, RPMTAG_FILEMD5S, md5, sizeof(md5)); + qva->qva_mi = rpmtsInitIterator(ts, RPMTAG_FILEMD5S, MD5, sizeof(MD5)); if (qva->qva_mi == NULL) { rpmError(RPMERR_QUERYINFO, _("no package matches %s: %s\n"), "fileid", arg); diff --git a/lib/rpmchecksig.c b/lib/rpmchecksig.c index c405cfc37..c112c83d3 100644 --- a/lib/rpmchecksig.c +++ b/lib/rpmchecksig.c @@ -10,7 +10,6 @@ #include "rpmdb.h" -#define _RPMTS_INTERNAL #include "rpmts.h" #include "rpmlead.h" @@ -18,10 +17,10 @@ #include "misc.h" /* XXX for makeTempFile() */ #include "debug.h" -/*@access rpmts @*/ /* ts->dig et al */ /*?access Header @*/ /* XXX compared with NULL */ /*@access FD_t @*/ /* XXX stealing digests */ /*@access pgpDig @*/ +/*@access pgpDigParams @*/ /*@unchecked@*/ static int _print_pkts = 0; @@ -31,8 +30,7 @@ static int _print_pkts = 0; /*@-boundsread@*/ static int manageFile(FD_t *fdp, const char **fnp, int flags, /*@unused@*/ int rc) - /*@globals rpmGlobalMacroContext, - fileSystem, internalState @*/ + /*@globals rpmGlobalMacroContext, fileSystem, internalState @*/ /*@modifies *fdp, *fnp, rpmGlobalMacroContext, fileSystem, internalState @*/ { @@ -147,7 +145,7 @@ static int getSignid(Header sig, int sigtag, byte * signid) int rc = 1; if (headerGetEntry(sig, sigtag, &pkttyp, &pkt, &pktlen) && pkt != NULL) { - struct pgpDig_s * dig = pgpNewDig(); + pgpDig dig = pgpNewDig(); if (!pgpPrtPkts(pkt, pktlen, dig, 0)) { /*@-bounds@*/ @@ -183,7 +181,7 @@ static int rpmReSign(/*@unused@*/ rpmts ts, const char *rpm, *trpm; const char *sigtarget = NULL; char tmprpm[1024+1]; - Header sig = NULL; + Header sigh = NULL; void * uh = NULL; int_32 uht, uhc; int res = EXIT_FAILURE; @@ -223,12 +221,12 @@ static int rpmReSign(/*@unused@*/ rpmts ts, /*@switchbreak@*/ break; } - rc = rpmReadSignature(fd, &sig, l->signature_type); + rc = rpmReadSignature(fd, &sigh, l->signature_type); if (!(rc == RPMRC_OK || rc == RPMRC_BADSIZE)) { rpmError(RPMERR_SIGGEN, _("%s: rpmReadSignature failed\n"), rpm); goto exit; } - if (sig == NULL) { + if (sigh == NULL) { rpmError(RPMERR_SIGGEN, _("%s: No signature available\n"), rpm); goto exit; } @@ -241,7 +239,7 @@ static int rpmReSign(/*@unused@*/ rpmts ts, /* ASSERT: fd == NULL && ofd == NULL */ /* Dump the immutable region (if present). */ - if (headerGetEntry(sig, RPMTAG_HEADERSIGNATURES, &uht, &uh, &uhc)) { + if (headerGetEntry(sigh, RPMTAG_HEADERSIGNATURES, &uht, &uh, &uhc)) { HeaderIterator hi; int_32 tag, type, count; hPTR_t ptr; @@ -265,24 +263,24 @@ static int rpmReSign(/*@unused@*/ rpmts ts, hi = headerFreeIterator(hi); oh = headerFree(oh); - sig = headerFree(sig); - sig = headerLink(nh); + sigh = headerFree(sigh); + sigh = headerLink(nh); nh = headerFree(nh); } /* Eliminate broken digest values. */ - xx = headerRemoveEntry(sig, RPMSIGTAG_LEMD5_1); - xx = headerRemoveEntry(sig, RPMSIGTAG_LEMD5_2); - xx = headerRemoveEntry(sig, RPMSIGTAG_BADSHA1_1); - xx = headerRemoveEntry(sig, RPMSIGTAG_BADSHA1_2); + xx = headerRemoveEntry(sigh, RPMSIGTAG_LEMD5_1); + xx = headerRemoveEntry(sigh, RPMSIGTAG_LEMD5_2); + xx = headerRemoveEntry(sigh, RPMSIGTAG_BADSHA1_1); + xx = headerRemoveEntry(sigh, RPMSIGTAG_BADSHA1_2); /* Toss and recalculate header+payload size and digests. */ - xx = headerRemoveEntry(sig, RPMSIGTAG_SIZE); - xx = rpmAddSignature(sig, sigtarget, RPMSIGTAG_SIZE, qva->passPhrase); - xx = headerRemoveEntry(sig, RPMSIGTAG_MD5); - xx = rpmAddSignature(sig, sigtarget, RPMSIGTAG_MD5, qva->passPhrase); - xx = headerRemoveEntry(sig, RPMSIGTAG_SHA1); - xx = rpmAddSignature(sig, sigtarget, RPMSIGTAG_SHA1, qva->passPhrase); + xx = headerRemoveEntry(sigh, RPMSIGTAG_SIZE); + xx = rpmAddSignature(sigh, sigtarget, RPMSIGTAG_SIZE, qva->passPhrase); + xx = headerRemoveEntry(sigh, RPMSIGTAG_MD5); + xx = rpmAddSignature(sigh, sigtarget, RPMSIGTAG_MD5, qva->passPhrase); + xx = headerRemoveEntry(sigh, RPMSIGTAG_SHA1); + xx = rpmAddSignature(sigh, sigtarget, RPMSIGTAG_SHA1, qva->passPhrase); /* If gpg/pgp is configured, replace the signature. */ if ((sigtag = rpmLookupSignatureType(RPMLOOKUPSIG_QUERY)) > 0) { @@ -290,34 +288,34 @@ static int rpmReSign(/*@unused@*/ rpmts ts, /* Grab the old signature fingerprint (if any) */ memset(oldsignid, 0, sizeof(oldsignid)); - xx = getSignid(sig, sigtag, oldsignid); + xx = getSignid(sigh, sigtag, oldsignid); switch (sigtag) { case RPMSIGTAG_GPG: - xx = headerRemoveEntry(sig, RPMSIGTAG_DSA); + xx = headerRemoveEntry(sigh, RPMSIGTAG_DSA); /*@fallthrough@*/ case RPMSIGTAG_PGP5: case RPMSIGTAG_PGP: - xx = headerRemoveEntry(sig, RPMSIGTAG_RSA); + xx = headerRemoveEntry(sigh, RPMSIGTAG_RSA); /*@switchbreak@*/ break; } - xx = headerRemoveEntry(sig, sigtag); - xx = rpmAddSignature(sig, sigtarget, sigtag, qva->passPhrase); + xx = headerRemoveEntry(sigh, sigtag); + xx = rpmAddSignature(sigh, sigtarget, sigtag, qva->passPhrase); /* If package was previously signed, check for same signer. */ memset(newsignid, 0, sizeof(newsignid)); if (memcmp(oldsignid, newsignid, sizeof(oldsignid))) { /* Grab the new signature fingerprint */ - xx = getSignid(sig, sigtag, newsignid); + xx = getSignid(sigh, sigtag, newsignid); /* If same signer, skip resigning the package. */ if (!memcmp(oldsignid, newsignid, sizeof(oldsignid))) { rpmMessage(RPMMESS_WARNING, _("%s: was already signed by key ID %s, skipping\n"), - rpm, pgpHexStr(newsignid, sizeof(newsignid))); + rpm, pgpHexStr(newsignid+4, sizeof(newsignid)-4)); /* Clean up intermediate target */ xx = unlink(sigtarget); @@ -329,8 +327,8 @@ static int rpmReSign(/*@unused@*/ rpmts ts, } /* Reallocate the signature into one contiguous region. */ - sig = headerReload(sig, RPMTAG_HEADERSIGNATURES); - if (sig == NULL) /* XXX can't happen */ + sigh = headerReload(sigh, RPMTAG_HEADERSIGNATURES); + if (sigh == NULL) /* XXX can't happen */ goto exit; /* Write the lead/signature of the output rpm */ @@ -351,7 +349,7 @@ static int rpmReSign(/*@unused@*/ rpmts ts, goto exit; } - if (rpmWriteSignature(ofd, sig)) { + if (rpmWriteSignature(ofd, sigh)) { rpmError(RPMERR_SIGGEN, _("%s: rpmWriteSignature failed: %s\n"), trpm, Fstrerror(ofd)); goto exit; @@ -381,7 +379,7 @@ exit: if (fd) (void) manageFile(&fd, NULL, 0, res); if (ofd) (void) manageFile(&ofd, NULL, 0, res); - sig = rpmFreeSignature(sig); + sigh = rpmFreeSignature(sigh); if (sigtarget) { xx = unlink(sigtarget); @@ -406,8 +404,10 @@ exit: static int rpmImportPubkey(const rpmts ts, /*@unused@*/ QVA_t qva, /*@null@*/ const char ** argv) - /*@globals RPMVERSION, fileSystem, internalState @*/ - /*@modifies ts, fileSystem, internalState @*/ + /*@globals RPMVERSION, rpmGlobalMacroContext, + fileSystem, internalState @*/ + /*@modifies ts, rpmGlobalMacroContext, + fileSystem, internalState @*/ { const char * fn; int res = 0; @@ -418,7 +418,7 @@ static int rpmImportPubkey(const rpmts ts, int_32 pflags = (RPMSENSE_KEYRING|RPMSENSE_EQUAL); int_32 zero = 0; pgpDig dig = NULL; - struct pgpDigParams_s *digp = NULL; + pgpDigParams pubp = NULL; int rc, xx; if (argv == NULL) return res; @@ -464,25 +464,25 @@ static int rpmImportPubkey(const rpmts ts, /* Build header elements. */ (void) pgpPrtPkts(pkt, pktlen, dig, 0); - digp = &dig->pubkey; + pubp = &dig->pubkey; /*@-boundswrite@*/ v = t = xmalloc(16+1); - t = stpcpy(t, pgpHexStr(digp->signid, sizeof(digp->signid))); + t = stpcpy(t, pgpHexStr(pubp->signid, sizeof(pubp->signid))); r = t = xmalloc(8+1); - t = stpcpy(t, pgpHexStr(digp->time, sizeof(digp->time))); + t = stpcpy(t, pgpHexStr(pubp->time, sizeof(pubp->time))); n = t = xmalloc(sizeof("gpg()")+8); t = stpcpy( stpcpy( stpcpy(t, "gpg("), v+8), ")"); - /*@-nullpass@*/ /* FIX: digp->userid may be NULL */ - u = t = xmalloc(sizeof("gpg()")+strlen(digp->userid)); - t = stpcpy( stpcpy( stpcpy(t, "gpg("), digp->userid), ")"); + /*@-nullpass@*/ /* FIX: pubp->userid may be NULL */ + u = t = xmalloc(sizeof("gpg()")+strlen(pubp->userid)); + t = stpcpy( stpcpy( stpcpy(t, "gpg("), pubp->userid), ")"); /*@=nullpass@*/ evr = t = xmalloc(sizeof("4X:-")+strlen(v)+strlen(r)); - t = stpcpy(t, (digp->version == 4 ? "4:" : "3:")); + t = stpcpy(t, (pubp->version == 4 ? "4:" : "3:")); t = stpcpy( stpcpy( stpcpy(t, v), "-"), r); /*@=boundswrite@*/ @@ -651,7 +651,12 @@ int rpmVerifySignatures(QVA_t qva, rpmts ts, FD_t fd, char missingKeys[7164], * m; char untrustedKeys[7164], * u; int_32 sigtag; - Header sig; + int_32 sigtype; + const void * sig; + pgpDig dig; + pgpDigParams sigp; + int_32 siglen; + Header sigh; HeaderIterator hi; int res = 0; int xx; @@ -666,62 +671,63 @@ int rpmVerifySignatures(QVA_t qva, rpmts ts, FD_t fd, if (readLead(fd, l)) { rpmError(RPMERR_READLEAD, _("%s: readLead failed\n"), fn); res++; - goto bottom; + goto exit; } switch (l->major) { case 1: rpmError(RPMERR_BADSIGTYPE, _("%s: No signature available (v1.0 RPM)\n"), fn); res++; - goto bottom; + goto exit; /*@notreached@*/ /*@switchbreak@*/ break; default: /*@switchbreak@*/ break; } - rc = rpmReadSignature(fd, &sig, l->signature_type); + rc = rpmReadSignature(fd, &sigh, l->signature_type); if (!(rc == RPMRC_OK || rc == RPMRC_BADSIZE)) { rpmError(RPMERR_SIGGEN, _("%s: rpmReadSignature failed\n"), fn); res++; - goto bottom; + goto exit; } - if (sig == NULL) { + if (sigh == NULL) { rpmError(RPMERR_SIGGEN, _("%s: No signature available\n"), fn); res++; - goto bottom; + goto exit; } /* Grab a hint of what needs doing to avoid duplication. */ sigtag = 0; if (sigtag == 0 && !nosignatures) { - if (headerIsEntry(sig, RPMSIGTAG_DSA)) + if (headerIsEntry(sigh, RPMSIGTAG_DSA)) sigtag = RPMSIGTAG_DSA; - else if (headerIsEntry(sig, RPMSIGTAG_RSA)) + else if (headerIsEntry(sigh, RPMSIGTAG_RSA)) sigtag = RPMSIGTAG_RSA; - else if (headerIsEntry(sig, RPMSIGTAG_GPG)) + else if (headerIsEntry(sigh, RPMSIGTAG_GPG)) sigtag = RPMSIGTAG_GPG; - else if (headerIsEntry(sig, RPMSIGTAG_PGP)) + else if (headerIsEntry(sigh, RPMSIGTAG_PGP)) sigtag = RPMSIGTAG_PGP; } if (sigtag == 0 && !nodigests) { - if (headerIsEntry(sig, RPMSIGTAG_MD5)) + if (headerIsEntry(sigh, RPMSIGTAG_MD5)) sigtag = RPMSIGTAG_MD5; - else if (headerIsEntry(sig, RPMSIGTAG_SHA1)) + else if (headerIsEntry(sigh, RPMSIGTAG_SHA1)) sigtag = RPMSIGTAG_SHA1; /* XXX never happens */ } - if (headerIsEntry(sig, RPMSIGTAG_PGP) - || headerIsEntry(sig, RPMSIGTAG_PGP5) - || headerIsEntry(sig, RPMSIGTAG_MD5)) + if (headerIsEntry(sigh, RPMSIGTAG_PGP) + || headerIsEntry(sigh, RPMSIGTAG_PGP5) + || headerIsEntry(sigh, RPMSIGTAG_MD5)) fdInitDigest(fd, PGPHASHALGO_MD5, 0); - if (headerIsEntry(sig, RPMSIGTAG_GPG)) + if (headerIsEntry(sigh, RPMSIGTAG_GPG)) fdInitDigest(fd, PGPHASHALGO_SHA1, 0); - ts->dig = pgpNewDig(); + dig = rpmtsDig(ts); + sigp = rpmtsSignature(ts); /* Read the file, generating digest(s) on the fly. */ - if (readFile(fd, fn, ts->dig)) { + if (dig == NULL || sigp == NULL || readFile(fd, fn, dig)) { res++; - goto bottom; + goto exit; } res2 = 0; @@ -731,18 +737,20 @@ int rpmVerifySignatures(QVA_t qva, rpmts ts, FD_t fd, sprintf(b, "%s:%c", fn, (rpmIsVerbose() ? '\n' : ' ') ); b += strlen(b); - for (hi = headerInitIterator(sig); - headerNextIterator(hi, &ts->sigtag, &ts->sigtype, &ts->sig, &ts->siglen); - ts->sig = headerFreeData(ts->sig, ts->sigtype)) + for (hi = headerInitIterator(sigh); + headerNextIterator(hi, &sigtag, &sigtype, &sig, &siglen) != 0; + (void) rpmtsSetSig(ts, sigtag, sigtype, NULL, siglen)) { - if (ts->sig == NULL) /* XXX can't happen */ + if (sig == NULL) /* XXX can't happen */ continue; + (void) rpmtsSetSig(ts, sigtag, sigtype, sig, siglen); + /* Clean up parameters from previous sigtag. */ - pgpCleanDig(ts->dig); + pgpCleanDig(dig); - switch (ts->sigtag) { + switch (sigtag) { case RPMSIGTAG_RSA: case RPMSIGTAG_DSA: case RPMSIGTAG_GPG: @@ -750,14 +758,14 @@ int rpmVerifySignatures(QVA_t qva, rpmts ts, FD_t fd, case RPMSIGTAG_PGP: if (nosignatures) continue; - xx = pgpPrtPkts(ts->sig, ts->siglen, ts->dig, + xx = pgpPrtPkts(sig, siglen, dig, (_print_pkts & rpmIsDebug())); /* XXX only V3 signatures for now. */ - if (ts->dig->signature.version != 3) { + if (sigp->version != 3) { rpmError(RPMERR_SIGVFY, _("only V3 signatures can be verified, skipping V%u signature"), - ts->dig->signature.version); + sigp->version); continue; } /*@switchbreak@*/ break; @@ -795,7 +803,7 @@ int rpmVerifySignatures(QVA_t qva, rpmts ts, FD_t fd, res2 = 1; } else { char *tempKey; - switch (ts->sigtag) { + switch (sigtag) { case RPMSIGTAG_SIZE: b = stpcpy(b, "SIZE "); res2 = 1; @@ -876,7 +884,7 @@ int rpmVerifySignatures(QVA_t qva, rpmts ts, FD_t fd, b = stpcpy(b, " "); b = stpcpy(b, result); } else { - switch (ts->sigtag) { + switch (sigtag) { case RPMSIGTAG_SIZE: b = stpcpy(b, "size "); /*@switchbreak@*/ break; @@ -942,10 +950,10 @@ int rpmVerifySignatures(QVA_t qva, rpmts ts, FD_t fd, } } - bottom: - ts->dig = pgpFreeDig(ts->dig); } +exit: + rpmtsCleanDig(ts); return res; } diff --git a/lib/rpmcli.h b/lib/rpmcli.h index a90508eed..890a8ef40 100644 --- a/lib/rpmcli.h +++ b/lib/rpmcli.h @@ -399,8 +399,8 @@ int showVerifyPackage(QVA_t qva, rpmts ts, Header h) * @return 0 on success, 1 on failure */ int rpmVerifySignatures(QVA_t qva, rpmts ts, FD_t fd, const char * fn) - /*@globals fileSystem, internalState @*/ - /*@modifies qva, ts, fd, + /*@globals rpmGlobalMacroContext, fileSystem, internalState @*/ + /*@modifies qva, ts, fd, rpmGlobalMacroContext, fileSystem, internalState @*/; /** \ingroup rpmcli @@ -577,8 +577,8 @@ typedef /*@abstract@*/ struct IDTindex_s { * @return id index */ /*@only@*/ /*@null@*/ IDTX IDTXload(rpmts ts, rpmTag tag) - /*@globals fileSystem, internalState @*/ - /*@modifies ts, fileSystem, internalState @*/; + /*@globals rpmGlobalMacroContext, fileSystem, internalState @*/ + /*@modifies ts, rpmGlobalMacroContext, fileSystem, internalState @*/; /** * Load tag (instance,value) pairs from packages, and return sorted id index. @@ -589,8 +589,8 @@ typedef /*@abstract@*/ struct IDTindex_s { */ /*@only@*/ /*@null@*/ IDTX IDTXglob(rpmts ts, const char * globstr, rpmTag tag) - /*@globals fileSystem, internalState @*/ - /*@modifies ts, fileSystem, internalState @*/; + /*@globals rpmGlobalMacroContext, fileSystem, internalState @*/ + /*@modifies ts, rpmGlobalMacroContext, fileSystem, internalState @*/; /** \ingroup rpmcli * Rollback transactions, erasing new, reinstalling old, package(s). diff --git a/lib/rpmfi.c b/lib/rpmfi.c index c53b76063..91e638bb2 100644 --- a/lib/rpmfi.c +++ b/lib/rpmfi.c @@ -200,15 +200,15 @@ rpmfileState rpmfiFState(rpmfi fi) const unsigned char * rpmfiMD5(rpmfi fi) { - unsigned char * md5 = NULL; + unsigned char * MD5 = NULL; if (fi != NULL && fi->i >= 0 && fi->i < fi->fc) { /*@-boundsread@*/ if (fi->md5s != NULL) - md5 = fi->md5s + (16 * fi->i); + MD5 = fi->md5s + (16 * fi->i); /*@=boundsread@*/ } - return md5; + return MD5; } const char * rpmfiFLink(rpmfi fi) diff --git a/lib/rpmlib.h b/lib/rpmlib.h index 7024ffc58..6d88c5698 100644 --- a/lib/rpmlib.h +++ b/lib/rpmlib.h @@ -15,9 +15,9 @@ * Package read return codes. */ typedef enum rpmRC_e { - RPMRC_OK = 0, - RPMRC_NOTFOUND = 1, - RPMRC_FAIL = 2, + RPMRC_OK = 0, /*!< Generic success code */ + RPMRC_NOTFOUND = 1, /*!< Generic not found code. */ + RPMRC_FAIL = 2, /*!< Generic failure code. */ RPMRC_BADSIZE = 3, RPMRC_SHORTREAD = 4 } rpmRC; @@ -840,8 +840,9 @@ typedef /*@abstract@*/ struct psm_s * PSM_t; */ int rpmReadPackageFile(rpmts ts, FD_t fd, const char * fn, /*@null@*/ /*@out@*/ Header * hdrp) - /*@globals fileSystem, internalState @*/ - /*@modifies ts, fd, *hdrp, fileSystem, internalState @*/; + /*@globals rpmGlobalMacroContext, fileSystem, internalState @*/ + /*@modifies ts, fd, *hdrp, rpmGlobalMacroContext, + fileSystem, internalState @*/; /** * Install source package. @@ -854,8 +855,7 @@ int rpmReadPackageFile(rpmts ts, FD_t fd, rpmRC rpmInstallSourcePackage(rpmts ts, FD_t fd, /*@null@*/ /*@out@*/ const char ** specFilePtr, /*@null@*/ /*@out@*/ const char ** cookie) - /*@globals rpmGlobalMacroContext, - fileSystem, internalState @*/ + /*@globals rpmGlobalMacroContext, fileSystem, internalState @*/ /*@modifies ts, fd, *specFilePtr, *cookie, rpmGlobalMacroContext, fileSystem, internalState @*/; @@ -978,7 +978,7 @@ void rpmShowRpmlibProvides(FILE * fp) * @param tagstr name of tag * @return tag value */ -int tagValue(const char *tagstr) +int tagValue(const char * tagstr) /*@*/; #define RPMLEAD_BINARY 0 @@ -999,7 +999,8 @@ int tagValue(const char *tagstr) */ struct rpmlead { unsigned char magic[4]; - unsigned char major, minor; + unsigned char major; + unsigned char minor; short type; short archnum; char name[66]; @@ -1135,8 +1136,9 @@ typedef enum rpmVerifySignatureReturn_e { */ rpmVerifySignatureReturn rpmVerifySignature(const rpmts ts, /*@out@*/ char * result) - /*@globals fileSystem, internalState @*/ - /*@modifies ts, *result, fileSystem, internalState @*/; + /*@globals rpmGlobalMacroContext, fileSystem, internalState @*/ + /*@modifies ts, *result, rpmGlobalMacroContext, + fileSystem, internalState @*/; /** \ingroup signature * Destroy signature header from package. diff --git a/lib/rpmts.c b/lib/rpmts.c index f51aea28c..c7bc4a78b 100644 --- a/lib/rpmts.c +++ b/lib/rpmts.c @@ -4,9 +4,9 @@ */ #include "system.h" +#include "rpmio_internal.h" /* XXX for pgp and beecrypt */ #include <rpmlib.h> #include <rpmmacro.h> /* XXX rpmtsOpenDB() needs rpmGetPath */ -#include <rpmpgp.h> /* XXX rpmtsFree() needs pgpFreeDig */ #include "rpmdb.h" /* XXX stealing db->db_mode. */ @@ -59,6 +59,8 @@ extern int statvfs (const char * file, /*@out@*/ struct statvfs * buf) /*@access rpmtsi @*/ /*@access rpmts @*/ /*@access fnpyKey @*/ +/*@access pgpDig @*/ +/*@access pgpDigParams @*/ /*@unchecked@*/ int _ts_debug = 0; @@ -128,9 +130,7 @@ int rpmtsOpenDB(rpmts ts, int dbmode) rc = rpmdbOpen(ts->rootDir, &ts->rdb, ts->dbmode, 0644); if (rc) { const char * dn; - /*@-globs -mods@*/ /* FIX: rpmGlobalMacroContext for an error? shrug */ dn = rpmGetPath(ts->rootDir, "%{_dbpath}", NULL); - /*@=globs =mods@*/ rpmMessage(RPMMESS_ERROR, _("cannot open Packages database in %s\n"), dn); dn = _free(dn); @@ -138,7 +138,7 @@ int rpmtsOpenDB(rpmts ts, int dbmode) return rc; } -rpmdbMatchIterator rpmtsInitIterator(const rpmts ts, int rpmtag, +rpmdbMatchIterator rpmtsInitIterator(const rpmts ts, rpmTag rpmtag, const void * keyp, size_t keylen) { if (ts->rdb == NULL && rpmtsOpenDB(ts, ts->dbmode)) @@ -146,9 +146,124 @@ rpmdbMatchIterator rpmtsInitIterator(const rpmts ts, int rpmtag, return rpmdbInitIterator(ts->rdb, rpmtag, keyp, keylen); } -static int rpmtsCloseSDB(rpmts ts) - /*@globals fileSystem @*/ - /*@modifies ts, fileSystem @*/ +rpmVerifySignatureReturn rpmtsFindPubkey(rpmts ts) +{ + const void * sig = rpmtsSig(ts); + pgpDig dig = rpmtsDig(ts); + pgpDigParams sigp = rpmtsSignature(ts); + pgpDigParams pubp = rpmtsSignature(ts); + rpmVerifySignatureReturn res; + int xx; + + if (sig == NULL || dig == NULL || sigp == NULL || pubp == NULL) { + res = RPMSIG_NOKEY; /* XXX RPMSIG_ARGS */ + goto exit; + } + + if (ts->pkpkt == NULL + || memcmp(sigp->signid, ts->pksignid, sizeof(ts->pksignid))) + { + int ix = -1; + rpmdbMatchIterator mi; + Header h; + + ts->pkpkt = _free(ts->pkpkt); + ts->pkpktlen = 0; + memset(ts->pksignid, 0, sizeof(ts->pksignid)); + + /* Make sure the database is open. */ + (void) rpmtsOpenDB(ts, ts->dbmode); + + /* Retrieve the pubkey that matches the signature. */ + mi = rpmtsInitIterator(ts, RPMTAG_PUBKEYS, sigp->signid, sizeof(sigp->signid)); + while ((h = rpmdbNextIterator(mi)) != NULL) { + const char ** pubkeys; + int_32 pt, pc; + + if (!headerGetEntry(h, RPMTAG_PUBKEYS, &pt, (void **)&pubkeys, &pc)) + continue; + ix = rpmdbGetIteratorFileNum(mi); +/*@-boundsread@*/ + if (ix >= pc + || b64decode(pubkeys[ix], (void **) &ts->pkpkt, &ts->pkpktlen)) + ix = -1; +/*@=boundsread@*/ + pubkeys = headerFreeData(pubkeys, pt); + break; + } + mi = rpmdbFreeIterator(mi); + + /* Was a matching pubkey found? */ + if (ix < 0 || ts->pkpkt == NULL) { + res = RPMSIG_NOKEY; + goto exit; + } + + /* + * Can the pubkey packets be parsed? + * Do the parameters match the signature? + */ + if (pgpPrtPkts(ts->pkpkt, ts->pkpktlen, NULL, 0) + && sigp->pubkey_algo == pubp->pubkey_algo +#ifdef NOTYET + && sigp->hash_algo == pubp->hash_algo +#endif + && !memcmp(sigp->signid, pubp->signid, sizeof(sigp->signid))) + { + ts->pkpkt = _free(ts->pkpkt); + ts->pkpktlen = 0; + res = RPMSIG_NOKEY; + goto exit; + } + + /* XXX Verify the pubkey signature. */ + + /* Packet looks good, save the signer id. */ +/*@-boundsread@*/ + memcpy(ts->pksignid, sigp->signid, sizeof(ts->pksignid)); +/*@=boundsread@*/ + + rpmMessage(RPMMESS_DEBUG, "========== %s pubkey id %s\n", + (sigp->pubkey_algo == PGPPUBKEYALGO_DSA ? "DSA" : + (sigp->pubkey_algo == PGPPUBKEYALGO_RSA ? "RSA" : "???")), + pgpHexStr(sigp->signid, sizeof(sigp->signid))); + + } + +#ifdef NOTNOW + { + if (ts->pkpkt == NULL) { + const char * pkfn = rpmExpand("%{_gpg_pubkey}", NULL); + if (pgpReadPkts(pkfn, &ts->pkpkt, &ts->pkpktlen) != PGPARMOR_PUBKEY) { + pkfn = _free(pkfn); + res = RPMSIG_NOKEY; + goto exit; + } + pkfn = _free(pkfn); + } + } +#endif + + /* Retrieve parameters from pubkey packet(s). */ + xx = pgpPrtPkts(ts->pkpkt, ts->pkpktlen, dig, 0); + + /* Do the parameters match the signature? */ + if (sigp->pubkey_algo == pubp->pubkey_algo +#ifdef NOTYET + && sigp->hash_algo == pubp->hash_algo +#endif + && !memcmp(sigp->signid, pubp->signid, sizeof(sigp->signid)) ) + res = RPMSIG_OK; + else + res = RPMSIG_NOKEY; + + /* XXX Verify the signature signature. */ + +exit: + return res; +} + +int rpmtsCloseSDB(rpmts ts) { int rc = 0; @@ -159,19 +274,12 @@ static int rpmtsCloseSDB(rpmts ts) return rc; } -/** - * Open dependency universe database. - * @param ts transaction set - * @return 0 on success - */ -static int rpmtsOpenSDB(rpmts ts) - /*@globals rpmGlobalMacroContext, fileSystem, internalState @*/ - /*@modifies ts, rpmGlobalMacroContext, fileSystem, internalState @*/ +int rpmtsOpenSDB(rpmts ts, int dbmode) { static int has_sdbpath = -1; int rc = 0; - if (ts->sdb != NULL) + if (ts->sdb != NULL && ts->sdbmode == dbmode) return 0; if (has_sdbpath < 0) @@ -182,17 +290,16 @@ static int rpmtsOpenSDB(rpmts ts) return 1; addMacro(NULL, "_dbpath", NULL, "%{_solve_dbpath}", RMIL_DEFAULT); - rc = rpmdbOpen(ts->rootDir, &ts->sdb, O_RDONLY, 0644); + rc = rpmdbOpen(ts->rootDir, &ts->sdb, ts->sdbmode, 0644); if (rc) { const char * dn; - /*@-globs -mods@*/ /* FIX: rpmGlobalMacroContext for an error? shrug */ dn = rpmGetPath(ts->rootDir, "%{_dbpath}", NULL); - /*@=globs =mods@*/ rpmMessage(RPMMESS_DEBUG, - _("cannot open Packages database in %s\n"), dn); + _("cannot open Solve database in %s\n"), dn); dn = _free(dn); } delMacro(NULL, "_dbpath"); + return rc; } @@ -222,7 +329,7 @@ int rpmtsSolve(rpmts ts, rpmds ds) Header bh; Header h; time_t bhtime; - int rpmtag; + rpmTag rpmtag; const char * keyp; size_t keylen; int rc = 1; /* assume not found */ @@ -240,7 +347,7 @@ int rpmtsSolve(rpmts ts, rpmds ds) return rc; if (ts->sdb == NULL) { - xx = rpmtsOpenSDB(ts); + xx = rpmtsOpenSDB(ts, ts->sdbmode); if (xx) return rc; } @@ -346,89 +453,98 @@ rpmps rpmtsProblems(rpmts ts) return ps; } -void rpmtsClean(rpmts ts) +void rpmtsCleanDig(rpmts ts) { - if (ts) { - rpmtsi pi; rpmte p; + ts->sig = headerFreeData(ts->sig, ts->sigtype); + ts->dig = pgpFreeDig(ts->dig); +} - /* Clean up after dependency checks. */ - pi = rpmtsiInit(ts); - while ((p = rpmtsiNext(pi, 0)) != NULL) - rpmteCleanDS(p); - pi = rpmtsiFree(pi); +void rpmtsClean(rpmts ts) +{ + rpmtsi pi; rpmte p; + if (ts == NULL) + return; - ts->addedPackages = rpmalFree(ts->addedPackages); - ts->numAddedPackages = 0; + /* Clean up after dependency checks. */ + pi = rpmtsiInit(ts); + while ((p = rpmtsiNext(pi, 0)) != NULL) + rpmteCleanDS(p); + pi = rpmtsiFree(pi); - ts->suggests = _free(ts->suggests); - ts->nsuggests = 0; + ts->addedPackages = rpmalFree(ts->addedPackages); + ts->numAddedPackages = 0; - ts->probs = rpmpsFree(ts->probs); + ts->suggests = _free(ts->suggests); + ts->nsuggests = 0; - if (ts->sig != NULL) - ts->sig = headerFreeData(ts->sig, ts->sigtype); + ts->probs = rpmpsFree(ts->probs); - if (ts->dig != NULL) - ts->dig = pgpFreeDig(ts->dig); - } + rpmtsCleanDig(ts); } rpmts rpmtsFree(rpmts ts) { - if (ts) { - rpmtsi pi; rpmte p; - int oc; + rpmtsi pi; rpmte p; + int oc; + if (ts == NULL) + return NULL; - (void) rpmtsUnlink(ts, "tsCreate"); + (void) rpmtsUnlink(ts, "tsCreate"); - /*@-usereleased@*/ - if (ts->nrefs > 0) - return NULL; +/*@-usereleased@*/ + if (ts->nrefs > 0) + return NULL; - (void) rpmtsCloseDB(ts); + (void) rpmtsCloseDB(ts); - (void) rpmtsCloseSDB(ts); + (void) rpmtsCloseSDB(ts); - ts->availablePackages = rpmalFree(ts->availablePackages); - ts->numAvailablePackages = 0; + ts->availablePackages = rpmalFree(ts->availablePackages); + ts->numAvailablePackages = 0; - ts->dsi = _free(ts->dsi); - ts->removedPackages = _free(ts->removedPackages); - if (ts->scriptFd != NULL) { - ts->scriptFd = - fdFree(ts->scriptFd, "rpmtsFree"); - ts->scriptFd = NULL; - } - ts->rootDir = _free(ts->rootDir); - ts->currDir = _free(ts->currDir); + ts->dsi = _free(ts->dsi); + ts->removedPackages = _free(ts->removedPackages); + if (ts->scriptFd != NULL) { + ts->scriptFd = fdFree(ts->scriptFd, "rpmtsFree"); + ts->scriptFd = NULL; + } + ts->rootDir = _free(ts->rootDir); + ts->currDir = _free(ts->currDir); - for (pi = rpmtsiInit(ts), oc = 0; (p = rpmtsiNext(pi, 0)) != NULL; oc++) { + for (pi = rpmtsiInit(ts), oc = 0; (p = rpmtsiNext(pi, 0)) != NULL; oc++) { /*@-type -unqualifiedtrans @*/ - ts->order[oc] = rpmteFree(ts->order[oc]); + ts->order[oc] = rpmteFree(ts->order[oc]); /*@=type =unqualifiedtrans @*/ - } - pi = rpmtsiFree(pi); + } + pi = rpmtsiFree(pi); /*@-type +voidabstract @*/ /* FIX: double indirection */ - ts->order = _free(ts->order); + ts->order = _free(ts->order); /*@=type =voidabstract @*/ - if (ts->pkpkt != NULL) - ts->pkpkt = _free(ts->pkpkt); - ts->pkpktlen = 0; - memset(ts->pksignid, 0, sizeof(ts->pksignid)); + if (ts->pkpkt != NULL) + ts->pkpkt = _free(ts->pkpkt); + ts->pkpktlen = 0; + memset(ts->pksignid, 0, sizeof(ts->pksignid)); /*@-nullstate@*/ /* FIX: partial annotations */ - rpmtsClean(ts); + rpmtsClean(ts); /*@=nullstate@*/ - /*@-refcounttrans@*/ ts = _free(ts); /*@=refcounttrans@*/ - /*@=usereleased@*/ - } + /*@-refcounttrans@*/ ts = _free(ts); /*@=refcounttrans@*/ +/*@=usereleased@*/ + return NULL; } +int rpmtsVerifySigFlags(rpmts ts) +{ + int ret = 0; + if (ts != NULL) + ret = ts->vsflags; + return ret; +} + int rpmtsSetVerifySigFlags(rpmts ts, int vsflags) - /*@modifies ts @*/ { int ret = 0; if (ts != NULL) { @@ -553,6 +669,83 @@ int_32 rpmtsSetTid(rpmts ts, int_32 tid) return otid; } +int_32 rpmtsSigtag(const rpmts ts) +{ + int_32 sigtag = 0; + if (ts != NULL) + sigtag = ts->sigtag; + return sigtag; +} + +int_32 rpmtsSigtype(const rpmts ts) +{ + int_32 sigtag = 0; + if (ts != NULL) + sigtag = ts->sigtag; + return sigtag; +} + +const void * rpmtsSig(const rpmts ts) +{ + const void * sig = NULL; + if (ts != NULL) + sig = ts->sig; + return sig; +} + +int_32 rpmtsSiglen(const rpmts ts) +{ + int_32 siglen = 0; + if (ts != NULL) + siglen = ts->siglen; + return siglen; +} + +int rpmtsSetSig(rpmts ts, + int_32 sigtag, int_32 sigtype, const void * sig, int_32 siglen) +{ + if (ts != NULL) { + if (ts->sig) + ts->sig = headerFreeData(ts->sig, ts->sigtype); + ts->sigtag = sigtag; + ts->sigtype = sigtype; +/*@-assignexpose -kepttrans@*/ + ts->sig = sig; +/*@=assignexpose =kepttrans@*/ + ts->siglen = siglen; + } + return 0; +} + +pgpDig rpmtsDig(rpmts ts) +{ +/*@-mods@*/ /* FIX: hide lazy malloc for now */ + if (ts->dig == NULL) + ts->dig = pgpNewDig(); +/*@=mods@*/ + if (ts->dig == NULL) + return NULL; + return ts->dig; +} + +pgpDigParams rpmtsSignature(const rpmts ts) +{ + pgpDig dig = rpmtsDig(ts); + if (dig == NULL) return NULL; +/*@-immediatetrans@*/ + return &dig->signature; +/*@=immediatetrans@*/ +} + +pgpDigParams rpmtsPubkey(const rpmts ts) +{ + pgpDig dig = rpmtsDig(ts); + if (dig == NULL) return NULL; +/*@-immediatetrans@*/ + return &dig->pubkey; +/*@=immediatetrans@*/ +} + rpmdb rpmtsGetRdb(rpmts ts) { rpmdb rdb = NULL; @@ -828,6 +1021,12 @@ rpmts rpmtsCreate(void) ts->filesystems = NULL; ts->dsi = NULL; + ts->solve = rpmtsSolve; + ts->nsuggests = 0; + ts->suggests = NULL; + ts->sdb = NULL; + ts->sdbmode = O_RDONLY; + ts->rdb = NULL; ts->dbmode = O_RDONLY; @@ -847,11 +1046,6 @@ rpmts rpmtsCreate(void) ts->numAddedPackages = 0; ts->addedPackages = NULL; - ts->solve = rpmtsSolve; - ts->nsuggests = 0; - ts->suggests = NULL; - ts->sdb = NULL; - ts->numAvailablePackages = 0; ts->availablePackages = NULL; diff --git a/lib/rpmts.h b/lib/rpmts.h index 9ec4e92f5..9c8ba720d 100644 --- a/lib/rpmts.h +++ b/lib/rpmts.h @@ -66,14 +66,15 @@ struct rpmts_s { rpmtransFlags transFlags; /*!< Bit(s) to control operation. */ tsmStage goal; /*!< Transaction goal (i.e. mode) */ +/*@refcounted@*/ /*@null@*/ + rpmdb sdb; /*!< Solve database handle. */ + int sdbmode; /*!< Solve database open mode. */ /*@null@*/ int (*solve) (rpmts ts, const rpmds key) /*@modifies ts @*/; /*!< Search for NEVRA key. */ int nsuggests; /*!< No. of depCheck suggestions. */ /*@only@*/ /*@null@*/ const void ** suggests; /*!< Possible depCheck suggestions. */ -/*@refcounted@*/ /*@null@*/ - rpmdb sdb; /*!< Solve database handle. */ /*@observer@*/ /*@null@*/ rpmCallbackFunction notify; /*!< Callback function. */ @@ -91,9 +92,9 @@ struct rpmts_s { /*@only@*/ /*@null@*/ rpmDiskSpaceInfo dsi; /*!< Per filesystem disk/inode usage. */ - int dbmode; /*!< Database open mode. */ /*@refcounted@*/ /*@null@*/ rpmdb rdb; /*!< Install database handle. */ + int dbmode; /*!< Install database open mode. */ /*@only@*/ hashTable ht; /*!< Fingerprint hash table. */ @@ -161,14 +162,14 @@ extern "C" { * @return 0 on success */ int rpmtsCheck(rpmts ts) - /*@globals fileSystem, internalState @*/ - /*@modifies ts, fileSystem, internalState @*/; + /*@globals rpmGlobalMacroContext, fileSystem, internalState @*/ + /*@modifies ts, rpmGlobalMacroContext, fileSystem, internalState @*/; /** \ingroup rpmts * Determine package order in a transaction set according to dependencies. * * Order packages, returning error if circular dependencies cannot be - * eliminated by removing PreReq's from the loop(s). Only dependencies from + * eliminated by removing Requires's from the loop(s). Only dependencies from * added or removed packages are used to determine ordering using a * topological sort (Knuth vol. 1, p. 262). Use rpmtsCheck() to verify * that all dependencies can be resolved. @@ -177,9 +178,6 @@ int rpmtsCheck(rpmts ts) * with packages removed for upgrades immediately following the new package * to be installed. * - * The operation would be easier if we could sort the addedPackages array in the - * transaction set, but we store indexes into the array in various places. - * * @param ts transaction set * @return no. of (added) packages that could not be ordered */ @@ -188,7 +186,7 @@ int rpmtsOrder(rpmts ts) /*@modifies ts, fileSystem, internalState @*/; /** \ingroup rpmts - * Process all packages in a transaction set. + * Process all package elements in a transaction set. * * @param ts transaction set * @param okProbs previously known problems (or NULL) @@ -251,8 +249,8 @@ int rpmtsCloseDB(rpmts ts) * @return 0 on success */ int rpmtsOpenDB(rpmts ts, int dbmode) - /*@globals fileSystem, internalState @*/ - /*@modifies ts, fileSystem, internalState @*/; + /*@globals rpmGlobalMacroContext, fileSystem, internalState @*/ + /*@modifies ts, rpmGlobalMacroContext, fileSystem, internalState @*/; /** \ingroup rpmts * Return transaction database iterator. @@ -263,13 +261,45 @@ int rpmtsOpenDB(rpmts ts, int dbmode) * @return NULL on failure */ /*@only@*/ /*@null@*/ -rpmdbMatchIterator rpmtsInitIterator(const rpmts ts, int rpmtag, +rpmdbMatchIterator rpmtsInitIterator(const rpmts ts, rpmTag rpmtag, /*@null@*/ const void * keyp, size_t keylen) - /*@globals fileSystem, internalState @*/ - /*@modifies ts, fileSystem, internalState @*/; + /*@globals rpmGlobalMacroContext, fileSystem, internalState @*/ + /*@modifies ts, rpmGlobalMacroContext, fileSystem, internalState @*/; /** - * Attempt to solve a needed dependency. + * Retrieve pubkey from rpm database. + * @param ts rpm transaction + * @return RPMSIG_OK on success, RPMSIG_NOKEY if not found + */ +rpmVerifySignatureReturn rpmtsFindPubkey(rpmts ts) + /*@globals rpmGlobalMacroContext, fileSystem, internalState @*/ + /*@modifies ts, rpmGlobalMacroContext, fileSystem, internalState */; + +/** \ingroup rpmts + * Close the database used by the transaction to solve dependencies. + * @param ts transaction set + * @return 0 on success + */ +/*@-exportlocal@*/ +int rpmtsCloseSDB(rpmts ts) + /*@globals fileSystem @*/ + /*@modifies ts, fileSystem @*/; +/*@=exportlocal@*/ + +/** \ingroup rpmts + * Open the database used by the transaction to solve dependencies. + * @param ts transaction set + * @param dbmode O_RDONLY or O_RDWR + * @return 0 on success + */ +/*@-exportlocal@*/ +int rpmtsOpenSDB(rpmts ts, int dbmode) + /*@globals rpmGlobalMacroContext, fileSystem, internalState @*/ + /*@modifies ts, rpmGlobalMacroContext, fileSystem, internalState @*/; +/*@=exportlocal@*/ + +/** + * Attempt to solve a needed dependency using the solve database.. * @param ts transaction set * @param ds dependency set * @return 0 if resolved (and added to ts), 1 not found @@ -281,7 +311,8 @@ int rpmtsSolve(rpmts ts, rpmds ds) /*@=exportlocal@*/ /** - * Attempt to solve a needed dependency. + * Attempt to solve a needed dependency using memory resident tables. + * @deprecated This function will move from rpmlib to the python bindings. * @param ts transaction set * @param ds dependency set * @return 0 if resolved (and added to ts), 1 not found @@ -301,6 +332,13 @@ rpmps rpmtsProblems(rpmts ts) /*@modifies ts @*/; /** \ingroup rpmts + * Free signature verification data. + * @param ts transaction set + */ +void rpmtsCleanDig(rpmts ts) + /*@modifies ts @*/; + +/** \ingroup rpmts * Re-create an empty transaction set. * @param ts transaction set */ @@ -318,10 +356,18 @@ rpmts rpmtsFree(/*@killref@*/ /*@only@*//*@null@*/ rpmts ts) /*@modifies ts, fileSystem @*/; /** \ingroup rpmts + * Get verify signatures flag(s). + * @param ts transaction set + * @return verify signatures flags + */ +int rpmtsVerifySigFlags(rpmts ts) + /*@*/; + +/** \ingroup rpmts * Set verify signatures flag(s). * @param ts transaction set * @param vsflags new verify signatures flags - * @retrun previous value + * @return previous value */ int rpmtsSetVerifySigFlags(rpmts ts, int vsflags) /*@modifies ts @*/; @@ -412,7 +458,81 @@ int_32 rpmtsSetTid(rpmts ts, int_32 tid) /*@modifies ts @*/; /** \ingroup rpmts - * Get transaction database handle. + * Get signature tag. + * @param ts transaction set + * @return signature tag + */ +int_32 rpmtsSigtag(const rpmts ts) + /*@*/; + +/** \ingroup rpmts + * Get signature tag type. + * @param ts transaction set + * @return signature tag type + */ +int_32 rpmtsSigtype(const rpmts ts) + /*@*/; + +/** \ingroup rpmts + * Get signature tag data, i.e. from header. + * @param ts transaction set + * @return signature tag data + */ +/*@observer@*/ /*@null@*/ +extern const void * rpmtsSig(const rpmts ts) + /*@*/; + +/** \ingroup rpmts + * Get signature tag data length, i.e. no. of bytes of data. + * @param ts transaction set + * @return signature tag data length + */ +int_32 rpmtsSiglen(const rpmts ts) + /*@*/; + +/** \ingroup rpmts + * Set signature tag info, i.e. from header. + * @param ts transaction set + * @param sigtag signature tag + * @param sigtype signature tag type + * @param sig signature tag data + * @param siglen signature tag data length + * @return 0 always + */ +int rpmtsSetSig(rpmts ts, + int_32 sigtag, int_32 sigtype, + /*@kept@*/ /*@null@*/ const void * sig, int_32 siglen) + /*@modifies ts @*/; + +/** \ingroup rpmts + * Get OpenPGP packet parameters, i.e. signature/pubkey constants. + * @param ts transaction set + * @return signature/pubkey constants. + */ +/*@exposed@*/ /*@null@*/ +pgpDig rpmtsDig(rpmts ts) + /*@*/; + +/** \ingroup rpmts + * Get OpenPGP signature constants. + * @param ts transaction set + * @return signature constants. + */ +/*@exposed@*/ /*@null@*/ +pgpDigParams rpmtsSignature(const rpmts ts) + /*@*/; + +/** \ingroup rpmts + * Get OpenPGP pubkey constants. + * @param ts transaction set + * @return pubkey constants. + */ +/*@exposed@*/ /*@null@*/ +pgpDigParams rpmtsPubkey(const rpmts ts) + /*@*/; + +/** \ingroup rpmts + * Get transaction set database handle. * @param ts transaction set * @return transaction database handle */ @@ -511,7 +631,7 @@ rpmtransFlags rpmtsSetFlags(rpmts ts, rpmtransFlags transFlags) * Set transaction notify callback function and argument. * * @warning This call must be made before rpmtsRun() for - * install/upgrade/freshen to "work". + * install/upgrade/freshen to function correctly. * * @param ts transaction set * @param notify progress callback @@ -534,12 +654,8 @@ rpmts rpmtsCreate(void) /** \ingroup rpmts * Add package to be installed to transaction set. * - * If fd is NULL, the callback set by rpmtsSetNotifyCallback() is used to - * open and close the file descriptor. If Header is NULL, the fd is always - * used, otherwise fd is only needed (and only opened) for actual package - * installation. - * - * @warning The fd argument has been eliminated, and is assumed always NULL. + * The transaction set is checked for duplicate package names. + * If found, the package with the "newest" EVR will be replaced. * * @param ts transaction set * @param h header @@ -551,22 +667,8 @@ rpmts rpmtsCreate(void) int rpmtsAddInstallElement(rpmts ts, Header h, /*@exposed@*/ /*@null@*/ const fnpyKey key, int upgrade, /*@null@*/ rpmRelocation * relocs) - /*@globals fileSystem, internalState @*/ - /*@modifies ts, h, fileSystem, internalState @*/; - -#ifdef DYING -/** \ingroup rpmts - * Add package to universe of possible packages to install in transaction set. - * @warning The key parameter is non-functional. - * @param ts transaction set - * @param h header - * @param key package private data - */ -/*@unused@*/ -void rpmtsAvailablePackage(rpmts ts, Header h, - /*@exposed@*/ /*@null@*/ fnpyKey key) - /*@modifies h, ts @*/; -#endif + /*@globals rpmGlobalMacroContext, fileSystem, internalState @*/ + /*@modifies ts, h, rpmGlobalMacroContext, fileSystem, internalState @*/; /** \ingroup rpmts * Add package to be erased to transaction set. diff --git a/lib/signature.c b/lib/signature.c index 443824731..732be4f7f 100644 --- a/lib/signature.c +++ b/lib/signature.c @@ -9,7 +9,6 @@ #include <rpmmacro.h> /* XXX for rpmGetPath() */ #include "rpmdb.h" -#define _RPMTS_INTERNAL #include "rpmts.h" #include "misc.h" /* XXX for dosetenv() and makeTempFile() */ @@ -18,11 +17,11 @@ #include "signature.h" #include "debug.h" -/*@access rpmts @*/ /*@access Header@*/ /* XXX compared with NULL */ /*@access FD_t@*/ /* XXX compared with NULL */ /*@access DIGEST_CTX@*/ /* XXX compared with NULL */ /*@access pgpDig@*/ +/*@access pgpDigParams@*/ #if !defined(__GLIBC__) char ** environ = NULL; @@ -532,7 +531,7 @@ static int makeHDRSignature(Header sig, const char * file, int_32 sigTag, byte * pkt; int_32 pktlen; const char * fn = NULL; - const char * sha1 = NULL; + const char * SHA1 = NULL; int ret = -1; /* assume failure. */ switch (sigTag) { @@ -566,14 +565,14 @@ static int makeHDRSignature(Header sig, const char * file, int_32 sigTag, ctx = rpmDigestInit(PGPHASHALGO_SHA1, RPMDIGEST_NONE); (void) rpmDigestUpdate(ctx, header_magic, sizeof(header_magic)); (void) rpmDigestUpdate(ctx, uh, uhc); - (void) rpmDigestFinal(ctx, (void **)&sha1, NULL, 1); + (void) rpmDigestFinal(ctx, (void **)&SHA1, NULL, 1); uh = headerFreeData(uh, uht); } h = headerFree(h); - if (sha1 == NULL) + if (SHA1 == NULL) goto exit; - if (!headerAddEntry(sig, RPMSIGTAG_SHA1, RPM_STRING_TYPE, sha1, 1)) + if (!headerAddEntry(sig, RPMSIGTAG_SHA1, RPM_STRING_TYPE, SHA1, 1)) goto exit; ret = 0; break; @@ -620,7 +619,7 @@ exit: (void) unlink(fn); fn = _free(fn); } - sha1 = _free(sha1); + SHA1 = _free(SHA1); h = headerFree(h); if (fd) (void) Fclose(fd); return ret; @@ -863,29 +862,31 @@ static rpmVerifySignatureReturn verifySizeSignature(const rpmts ts, /*@out@*/ char * t) /*@modifies *t @*/ { + const void * sig = rpmtsSig(ts); + pgpDig dig = rpmtsDig(ts); rpmVerifySignatureReturn res; int_32 size = 0x7fffffff; *t = '\0'; t = stpcpy(t, _("Header+Payload size: ")); - if (ts->sig == NULL || ts->dig == NULL || ts->dig->nbytes == 0) { + if (sig == NULL || dig == NULL || dig->nbytes == 0) { res = RPMSIG_NOKEY; /* XXX RPMSIG_ARGS */ res = RPMSIG_NOKEY; t = stpcpy(t, rpmSigString(res)); goto exit; } - memcpy(&size, ts->sig, sizeof(size)); + memcpy(&size, sig, sizeof(size)); - if (size != ts->dig->nbytes) { + if (size != dig->nbytes) { res = RPMSIG_BAD; t = stpcpy(t, rpmSigString(res)); - sprintf(t, " Expected(%d) != (%d)\n", size, ts->dig->nbytes); + sprintf(t, " Expected(%d) != (%d)\n", size, dig->nbytes); } else { res = RPMSIG_OK; t = stpcpy(t, rpmSigString(res)); - sprintf(t, " (%d)", ts->dig->nbytes); + sprintf(t, " (%d)", dig->nbytes); } exit: @@ -900,6 +901,9 @@ verifyMD5Signature(const rpmts ts, /*@out@*/ char * t, /*@null@*/ DIGEST_CTX md5ctx) /*@modifies *t @*/ { + const void * sig = rpmtsSig(ts); + int_32 siglen = rpmtsSiglen(ts); + pgpDig dig = rpmtsDig(ts); rpmVerifySignatureReturn res; byte * md5sum = NULL; size_t md5len = 0; @@ -907,7 +911,7 @@ verifyMD5Signature(const rpmts ts, /*@out@*/ char * t, *t = '\0'; t = stpcpy(t, _("MD5 digest: ")); - if (md5ctx == NULL || ts->sig == NULL || ts->dig == NULL) { + if (md5ctx == NULL || sig == NULL || dig == NULL) { res = RPMSIG_NOKEY; /* XXX RPMSIG_ARGS */ t = stpcpy(t, rpmSigString(res)); goto exit; @@ -916,11 +920,11 @@ verifyMD5Signature(const rpmts ts, /*@out@*/ char * t, (void) rpmDigestFinal(rpmDigestDup(md5ctx), (void **)&md5sum, &md5len, 0); - if (md5len != ts->siglen || memcmp(md5sum, ts->sig, md5len)) { + if (md5len != siglen || memcmp(md5sum, sig, md5len)) { res = RPMSIG_BAD; t = stpcpy(t, rpmSigString(res)); t = stpcpy(t, " Expected("); - (void) pgpHexCvt(t, ts->sig, ts->siglen); + (void) pgpHexCvt(t, sig, siglen); t += strlen(t); t = stpcpy(t, ") != ("); } else { @@ -952,167 +956,49 @@ verifySHA1Signature(const rpmts ts, /*@out@*/ char * t, /*@null@*/ DIGEST_CTX sha1ctx) /*@modifies *t @*/ { + const void * sig = rpmtsSig(ts); +#ifdef NOTYET + int_32 siglen = rpmtsSiglen(ts); +#endif + pgpDig dig = rpmtsDig(ts); rpmVerifySignatureReturn res; - const char * sha1 = NULL; + const char * SHA1 = NULL; *t = '\0'; t = stpcpy(t, _("Header SHA1 digest: ")); - if (sha1ctx == NULL || ts->sig == NULL || ts->dig == NULL) { + if (sha1ctx == NULL || sig == NULL || dig == NULL) { res = RPMSIG_NOKEY; /* XXX RPMSIG_ARGS */ t = stpcpy(t, rpmSigString(res)); goto exit; } (void) rpmDigestFinal(rpmDigestDup(sha1ctx), - (void **)&sha1, NULL, 1); + (void **)&SHA1, NULL, 1); - if (sha1 == NULL || strlen(sha1) != strlen(ts->sig)) { + if (SHA1 == NULL || strlen(SHA1) != strlen(sig)) { res = RPMSIG_BAD; t = stpcpy(t, rpmSigString(res)); t = stpcpy(t, " Expected("); - t = stpcpy(t, ts->sig); + t = stpcpy(t, sig); t = stpcpy(t, ") != ("); } else { res = RPMSIG_OK; t = stpcpy(t, rpmSigString(res)); t = stpcpy(t, " ("); } - if (sha1) - t = stpcpy(t, sha1); + if (SHA1) + t = stpcpy(t, SHA1); t = stpcpy(t, ")"); exit: - sha1 = _free(sha1); + SHA1 = _free(SHA1); t = stpcpy(t, "\n"); return res; } /*@=boundswrite@*/ /** - * Retrieve pubkey from rpm database. - * @param ts rpm transaction - * @return RPMSIG_OK on success, RPMSIG_NOKEY if not found - */ -static rpmVerifySignatureReturn -rpmtsFindPubkey(rpmts ts) - /*@globals fileSystem, internalState @*/ - /*@modifies ts, fileSystem, internalState */ -{ - struct pgpDigParams_s * sigp = NULL; - rpmVerifySignatureReturn res; - int xx; - - if (ts->sig == NULL || ts->dig == NULL) { - res = RPMSIG_NOKEY; - goto exit; - } - sigp = &ts->dig->signature; - - if (ts->pkpkt == NULL - || memcmp(sigp->signid, ts->pksignid, sizeof(ts->pksignid))) - { - int ix = -1; - rpmdbMatchIterator mi; - Header h; - - ts->pkpkt = _free(ts->pkpkt); - ts->pkpktlen = 0; - memset(ts->pksignid, 0, sizeof(ts->pksignid)); - - /* Make sure the database is open. */ - (void) rpmtsOpenDB(ts, ts->dbmode); - - /* Retrieve the pubkey that matches the signature. */ - mi = rpmtsInitIterator(ts, RPMTAG_PUBKEYS, sigp->signid, sizeof(sigp->signid)); - while ((h = rpmdbNextIterator(mi)) != NULL) { - const char ** pubkeys; - int_32 pt, pc; - - if (!headerGetEntry(h, RPMTAG_PUBKEYS, &pt, (void **)&pubkeys, &pc)) - continue; - ix = rpmdbGetIteratorFileNum(mi); -/*@-boundsread@*/ - if (ix >= pc - || b64decode(pubkeys[ix], (void **) &ts->pkpkt, &ts->pkpktlen)) - ix = -1; -/*@=boundsread@*/ - pubkeys = headerFreeData(pubkeys, pt); - break; - } - mi = rpmdbFreeIterator(mi); - - /* Was a matching pubkey found? */ - if (ix < 0 || ts->pkpkt == NULL) { - res = RPMSIG_NOKEY; - goto exit; - } - - /* - * Can the pubkey packets be parsed? - * Do the parameters match the signature? - */ - if (pgpPrtPkts(ts->pkpkt, ts->pkpktlen, NULL, 0) - && ts->dig->signature.pubkey_algo == ts->dig->pubkey.pubkey_algo -#ifdef NOTYET - && ts->dig->signature.hash_algo == ts->dig->pubkey.hash_algo -#endif - && !memcmp(ts->dig->signature.signid, ts->dig->pubkey.signid, 8)) - { - ts->pkpkt = _free(ts->pkpkt); - ts->pkpktlen = 0; - res = RPMSIG_NOKEY; - goto exit; - } - - /* XXX Verify the pubkey signature. */ - - /* Packet looks good, save the signer id. */ -/*@-boundsread@*/ - memcpy(ts->pksignid, sigp->signid, sizeof(ts->pksignid)); -/*@=boundsread@*/ - - rpmMessage(RPMMESS_DEBUG, "========== %s pubkey id %s\n", - (sigp->pubkey_algo == PGPPUBKEYALGO_DSA ? "DSA" : - (sigp->pubkey_algo == PGPPUBKEYALGO_RSA ? "RSA" : "???")), - pgpHexStr(sigp->signid, sizeof(sigp->signid))); - - } - -#ifdef NOTNOW - { - if (ts->pkpkt == NULL) { - const char * pkfn = rpmExpand("%{_gpg_pubkey}", NULL); - if (pgpReadPkts(pkfn, &ts->pkpkt, &ts->pkpktlen) != PGPARMOR_PUBKEY) { - pkfn = _free(pkfn); - res = RPMSIG_NOKEY; - goto exit; - } - pkfn = _free(pkfn); - } - } -#endif - - /* Retrieve parameters from pubkey packet(s). */ - xx = pgpPrtPkts(ts->pkpkt, ts->pkpktlen, ts->dig, 0); - - /* Do the parameters match the signature? */ - if (ts->dig->signature.pubkey_algo == ts->dig->pubkey.pubkey_algo -#ifdef NOTYET - && ts->dig->signature.hash_algo == ts->dig->pubkey.hash_algo -#endif - && !memcmp(ts->dig->signature.signid, ts->dig->pubkey.signid, 8)) - res = RPMSIG_OK; - else - res = RPMSIG_NOKEY; - - /* XXX Verify the signature signature. */ - -exit: - return res; -} - -/** * Convert hex to binary nibble. * @param c hex character * @return binary nibble @@ -1140,24 +1026,29 @@ static inline unsigned char nibble(char c) static rpmVerifySignatureReturn verifyPGPSignature(rpmts ts, /*@out@*/ char * t, /*@null@*/ DIGEST_CTX md5ctx) - /*@globals fileSystem, internalState @*/ - /*@modifies ts, *t, fileSystem, internalState */ + /*@globals rpmGlobalMacroContext, fileSystem, internalState @*/ + /*@modifies ts, *t, rpmGlobalMacroContext, fileSystem, internalState */ { - struct pgpDigParams_s * sigp = NULL; + const void * sig = rpmtsSig(ts); +#ifdef NOTYET + int_32 siglen = rpmtsSiglen(ts); +#endif + int_32 sigtag = rpmtsSigtag(ts); + pgpDig dig = rpmtsDig(ts); + pgpDigParams sigp = rpmtsSignature(ts); rpmVerifySignatureReturn res; int xx; *t = '\0'; t = stpcpy(t, _("V3 RSA/MD5 signature: ")); - if (md5ctx == NULL || ts->sig == NULL || ts->dig == NULL) { + if (md5ctx == NULL || sig == NULL || dig == NULL || sigp == NULL) { res = RPMSIG_NOKEY; /* XXX RPMSIG_ARGS */ goto exit; } - sigp = &ts->dig->signature; - /* XXX sanity check on ts->sigtag and signature agreement. */ - if (!(ts->sigtag == RPMSIGTAG_PGP + /* XXX sanity check on sigtag and signature agreement. */ + if (!(sigtag == RPMSIGTAG_PGP && sigp->pubkey_algo == PGPPUBKEYALGO_RSA && sigp->hash_algo == PGPHASHALGO_MD5)) { @@ -1174,7 +1065,7 @@ verifyPGPSignature(rpmts ts, /*@out@*/ char * t, #ifdef NOTYET /* XXX not for binary/text document signatures. */ if (sigp->sigtype == 4) { - int nb = ts->dig->nbytes + sigp->hashlen; + int nb = dig->nbytes + sigp->hashlen; byte trailer[6]; nb = htonl(nb); trailer[0] = 0x4; @@ -1184,10 +1075,10 @@ verifyPGPSignature(rpmts ts, /*@out@*/ char * t, } #endif - xx = rpmDigestFinal(ctx, (void **)&ts->dig->md5, &ts->dig->md5len, 1); + xx = rpmDigestFinal(ctx, (void **)&dig->md5, &dig->md5len, 1); /* Compare leading 16 bits of digest for quick check. */ - s = ts->dig->md5; + s = dig->md5; signhash16[0] = (nibble(s[0]) << 4) | nibble(s[1]); signhash16[1] = (nibble(s[2]) << 4) | nibble(s[3]); if (memcmp(signhash16, sigp->signhash16, sizeof(signhash16))) { @@ -1207,12 +1098,12 @@ verifyPGPSignature(rpmts ts, /*@out@*/ char * t, memset(tt, 'f', (2 * nb)); tt[0] = '0'; tt[1] = '0'; tt[2] = '0'; tt[3] = '1'; - tt += (2 * nb) - strlen(prefix) - strlen(ts->dig->md5) - 2; + tt += (2 * nb) - strlen(prefix) - strlen(dig->md5) - 2; *tt++ = '0'; *tt++ = '0'; tt = stpcpy(tt, prefix); - tt = stpcpy(tt, ts->dig->md5); + tt = stpcpy(tt, dig->md5); - mp32nzero(&ts->dig->rsahm); mp32nsethex(&ts->dig->rsahm, hexstr); + mp32nzero(&dig->rsahm); mp32nsethex(&dig->rsahm, hexstr); hexstr = _free(hexstr); @@ -1223,7 +1114,7 @@ verifyPGPSignature(rpmts ts, /*@out@*/ char * t, if (res != RPMSIG_OK) goto exit; - if (rsavrfy(&ts->dig->rsa_pk, &ts->dig->rsahm, &ts->dig->c)) + if (rsavrfy(&dig->rsa_pk, &dig->rsahm, &dig->c)) res = RPMSIG_OK; else res = RPMSIG_BAD; @@ -1251,26 +1142,31 @@ exit: static rpmVerifySignatureReturn verifyGPGSignature(rpmts ts, /*@out@*/ char * t, /*@null@*/ DIGEST_CTX sha1ctx) - /*@globals fileSystem, internalState @*/ - /*@modifies ts, *t, fileSystem, internalState */ + /*@globals rpmGlobalMacroContext, fileSystem, internalState @*/ + /*@modifies ts, *t, rpmGlobalMacroContext, fileSystem, internalState */ { - struct pgpDigParams_s * sigp = NULL; + const void * sig = rpmtsSig(ts); +#ifdef NOTYET + int_32 siglen = rpmtsSiglen(ts); +#endif + int_32 sigtag = rpmtsSigtag(ts); + pgpDig dig = rpmtsDig(ts); + pgpDigParams sigp = rpmtsSignature(ts); rpmVerifySignatureReturn res; int xx; *t = '\0'; - if (ts->dig != NULL && ts->dig->hdrsha1ctx == sha1ctx) + if (dig != NULL && dig->hdrsha1ctx == sha1ctx) t = stpcpy(t, _("Header ")); t = stpcpy(t, _("V3 DSA signature: ")); - if (sha1ctx == NULL || ts->sig == NULL || ts->dig == NULL) { + if (sha1ctx == NULL || sig == NULL || dig == NULL || sigp == NULL) { res = RPMSIG_NOKEY; /* XXX RPMSIG_ARGS */ goto exit; } - sigp = &ts->dig->signature; - /* XXX sanity check on ts->sigtag and signature agreement. */ - if (!((ts->sigtag == RPMSIGTAG_GPG || ts->sigtag == RPMSIGTAG_DSA) + /* XXX sanity check on sigtag and signature agreement. */ + if (!((sigtag == RPMSIGTAG_GPG || sigtag == RPMSIGTAG_DSA) && sigp->pubkey_algo == PGPPUBKEYALGO_DSA && sigp->hash_algo == PGPHASHALGO_SHA1)) { @@ -1286,7 +1182,7 @@ verifyGPGSignature(rpmts ts, /*@out@*/ char * t, #ifdef NOTYET /* XXX not for binary/text document signatures. */ if (sigp->sigtype == 4) { - int nb = ts->dig->nbytes + sigp->hashlen; + int nb = dig->nbytes + sigp->hashlen; byte trailer[6]; nb = htonl(nb); trailer[0] = 0x4; @@ -1295,13 +1191,13 @@ verifyGPGSignature(rpmts ts, /*@out@*/ char * t, xx = rpmDigestUpdate(ctx, trailer, sizeof(trailer)); } #endif - xx = rpmDigestFinal(ctx, (void **)&ts->dig->sha1, &ts->dig->sha1len, 1); + xx = rpmDigestFinal(ctx, (void **)&dig->sha1, &dig->sha1len, 1); - mp32nzero(&ts->dig->hm); mp32nsethex(&ts->dig->hm, ts->dig->sha1); + mp32nzero(&dig->hm); mp32nsethex(&dig->hm, dig->sha1); /* Compare leading 16 bits of digest for quick check. */ - signhash16[0] = (*ts->dig->hm.data >> 24) & 0xff; - signhash16[1] = (*ts->dig->hm.data >> 16) & 0xff; + signhash16[0] = (*dig->hm.data >> 24) & 0xff; + signhash16[1] = (*dig->hm.data >> 16) & 0xff; if (memcmp(signhash16, sigp->signhash16, sizeof(signhash16))) { res = RPMSIG_BAD; goto exit; @@ -1313,8 +1209,8 @@ verifyGPGSignature(rpmts ts, /*@out@*/ char * t, if (res != RPMSIG_OK) goto exit; - if (dsavrfy(&ts->dig->p, &ts->dig->q, &ts->dig->g, - &ts->dig->hm, &ts->dig->y, &ts->dig->r, &ts->dig->s)) + if (dsavrfy(&dig->p, &dig->q, &dig->g, + &dig->hm, &dig->y, &dig->r, &dig->s)) res = RPMSIG_OK; else res = RPMSIG_BAD; @@ -1334,33 +1230,37 @@ exit: rpmVerifySignatureReturn rpmVerifySignature(const rpmts ts, char * result) { + const void * sig = rpmtsSig(ts); + int_32 siglen = rpmtsSiglen(ts); + int_32 sigtag = rpmtsSigtag(ts); + pgpDig dig = rpmtsDig(ts); rpmVerifySignatureReturn res; - if (ts->sig == NULL || ts->siglen <= 0 || ts->dig == NULL) { + if (sig == NULL || siglen <= 0 || dig == NULL) { sprintf(result, _("Verify signature: BAD PARAMETERS\n")); return RPMSIG_UNKNOWN; } - switch (ts->sigtag) { + switch (sigtag) { case RPMSIGTAG_SIZE: res = verifySizeSignature(ts, result); break; case RPMSIGTAG_MD5: - res = verifyMD5Signature(ts, result, ts->dig->md5ctx); + res = verifyMD5Signature(ts, result, dig->md5ctx); break; case RPMSIGTAG_SHA1: - res = verifySHA1Signature(ts, result, ts->dig->hdrsha1ctx); + res = verifySHA1Signature(ts, result, dig->hdrsha1ctx); break; case RPMSIGTAG_RSA: case RPMSIGTAG_PGP5: /* XXX legacy */ case RPMSIGTAG_PGP: - res = verifyPGPSignature(ts, result, ts->dig->md5ctx); + res = verifyPGPSignature(ts, result, dig->md5ctx); break; case RPMSIGTAG_DSA: - res = verifyGPGSignature(ts, result, ts->dig->hdrsha1ctx); + res = verifyGPGSignature(ts, result, dig->hdrsha1ctx); break; case RPMSIGTAG_GPG: - res = verifyGPGSignature(ts, result, ts->dig->sha1ctx); + res = verifyGPGSignature(ts, result, dig->sha1ctx); break; case RPMSIGTAG_LEMD5_1: case RPMSIGTAG_LEMD5_2: @@ -1368,7 +1268,7 @@ rpmVerifySignature(const rpmts ts, char * result) res = RPMSIG_UNKNOWN; break; default: - sprintf(result, _("Signature: UNKNOWN (%d)\n"), ts->sigtag); + sprintf(result, _("Signature: UNKNOWN (%d)\n"), sigtag); res = RPMSIG_UNKNOWN; break; } diff --git a/lib/transaction.c b/lib/transaction.c index 520228863..16c3c8180 100644 --- a/lib/transaction.c +++ b/lib/transaction.c @@ -221,8 +221,8 @@ static int handleInstInstalledFiles(const rpmts ts, rpmte p, rpmfi fi, sharedFileInfo shared, int sharedCount, int reportConflicts) - /*@globals fileSystem, internalState @*/ - /*@modifies ts, fi, fileSystem, internalState @*/ + /*@globals rpmGlobalMacroContext, fileSystem, internalState @*/ + /*@modifies ts, fi, rpmGlobalMacroContext, fileSystem, internalState @*/ { const char * altNEVR = NULL; rpmfi otherFi = NULL; @@ -310,8 +310,8 @@ static int handleInstInstalledFiles(const rpmts ts, /* XXX only ts->rpmdb modified */ static int handleRmvdInstalledFiles(const rpmts ts, rpmfi fi, sharedFileInfo shared, int sharedCount) - /*@globals fileSystem, internalState @*/ - /*@modifies ts, fi, fileSystem, internalState @*/ + /*@globals rpmGlobalMacroContext, fileSystem, internalState @*/ + /*@modifies ts, fi, rpmGlobalMacroContext, fileSystem, internalState @*/ { HGE_t hge = fi->hge; Header h; @@ -651,8 +651,8 @@ assert(otherFi != NULL); /* Here is a pre-existing modified config file that needs saving. */ { char md5sum[50]; - const unsigned char * md5 = fi->md5s + (16 * i); - if (!domd5(fn, md5sum, 0, NULL) && memcmp(md5, md5sum, 16)) { + const unsigned char * MD5 = fi->md5s + (16 * i); + if (!domd5(fn, md5sum, 0, NULL) && memcmp(MD5, md5sum, 16)) { fi->actions[i] = FA_BACKUP; /*@switchbreak@*/ break; } diff --git a/lib/verify.c b/lib/verify.c index ea2721af2..2d58117d8 100644 --- a/lib/verify.c +++ b/lib/verify.c @@ -122,8 +122,8 @@ int rpmVerifyFile(const rpmts ts, const rpmfi fi, if (rc) *res |= (RPMVERIFY_READFAIL|RPMVERIFY_MD5); else { - const unsigned char * md5 = rpmfiMD5(fi); - if (md5 == NULL || memcmp(md5sum, md5, sizeof(md5sum))) + const unsigned char * MD5 = rpmfiMD5(fi); + if (MD5 == NULL || memcmp(md5sum, MD5, sizeof(md5sum))) *res |= RPMVERIFY_MD5; } } @@ -290,7 +290,7 @@ static int verifyHeader(QVA_t qva, const rpmts ts, rpmfi fi) ec = rc; } } else if (verifyResult) { - const char * size, * md5, * link, * mtime, * mode; + const char * size, * MD5, * link, * mtime, * mode; const char * group, * user, * rdev; /*@observer@*/ static const char *const aok = "."; /*@observer@*/ static const char *const unknown = "?"; @@ -306,7 +306,7 @@ static int verifyHeader(QVA_t qva, const rpmts ts, rpmfi fi) ((verifyResult & RPMVERIFY_READFAIL) ? unknown : \ (verifyResult & _RPMVERIFY_F) ? _C : aok) - md5 = _verifyfile(RPMVERIFY_MD5, "5"); + MD5 = _verifyfile(RPMVERIFY_MD5, "5"); size = _verify(RPMVERIFY_FILESIZE, "S"); link = _verifylink(RPMVERIFY_LINKTO, "L"); mtime = _verify(RPMVERIFY_MTIME, "T"); @@ -320,7 +320,7 @@ static int verifyHeader(QVA_t qva, const rpmts ts, rpmfi fi) #undef _verifyfile sprintf(te, "%s%s%s%s%s%s%s%s %c %s", - size, mode, md5, rdev, link, user, group, mtime, + size, mode, MD5, rdev, link, user, group, mtime, ((fileAttrs & RPMFILE_CONFIG) ? 'c' : (fileAttrs & RPMFILE_DOC) ? 'd' : (fileAttrs & RPMFILE_GHOST) ? 'g' : @@ -354,8 +354,8 @@ static int verifyHeader(QVA_t qva, const rpmts ts, rpmfi fi) */ static int verifyDependencies(/*@unused@*/ QVA_t qva, rpmts ts, Header h) - /*@globals fileSystem, internalState @*/ - /*@modifies ts, h, fileSystem, internalState @*/ + /*@globals rpmGlobalMacroContext, fileSystem, internalState @*/ + /*@modifies ts, h, rpmGlobalMacroContext, fileSystem, internalState @*/ { rpmps ps; int numProblems; |