diff options
| -rw-r--r-- | CHANGES | 4 | ||||
| -rw-r--r-- | lib/rpmchecksig.c | 4 | ||||
| -rw-r--r-- | lib/rpmlib.h | 202 | ||||
| -rw-r--r-- | lib/signature.c | 45 | ||||
| -rw-r--r-- | po/rpm.pot | 18 | ||||
| -rwxr-xr-x | rpm.c | 6 | ||||
| -rwxr-xr-x | rpmqv.c | 6 |
7 files changed, 131 insertions, 154 deletions
@@ -1,4 +1,8 @@ 4.0 -> 4.1 + - add doxygen and lclint annotations most everywhere. + - rip out rpmrc configuration. + - consistent return for all signature verification. + - use enum for signature header tags. 3.0.6 -> 4.0 - use DIRNAMES/BASENAMES/DIRINDICES not FILENAMES in packages and db. diff --git a/lib/rpmchecksig.c b/lib/rpmchecksig.c index 5743b385a..bf7b9dcbb 100644 --- a/lib/rpmchecksig.c +++ b/lib/rpmchecksig.c @@ -92,7 +92,7 @@ exit: return rc; } -int rpmReSign(int add, char *passPhrase, const char **argv) +int rpmReSign(enum rpmKtype add, char *passPhrase, const char **argv) { FD_t fd = NULL; FD_t ofd = NULL; @@ -146,7 +146,7 @@ int rpmReSign(int add, char *passPhrase, const char **argv) /* ASSERT: fd == NULL && ofd == NULL */ /* Generate the new signatures */ - if (add != ADD_SIGNATURE) { + if (add != RPMK_ADD_SIGNATURE) { rpmFreeSignature(sig); sig = rpmNewSignature(); rpmAddSignature(sig, sigtarget, RPMSIGTAG_SIZE, passPhrase); diff --git a/lib/rpmlib.h b/lib/rpmlib.h index 6be2e7c0a..0bde6f750 100644 --- a/lib/rpmlib.h +++ b/lib/rpmlib.h @@ -338,82 +338,36 @@ extern const struct headerSprintfExtension rpmHeaderFormats[]; /*@{*/ /* Stuff for maintaining "variables" like SOURCEDIR, BUILDDIR, etc */ -/* #define RPMVAR_SOURCEDIR 0 -- No longer used */ -/* #define RPMVAR_BUILDDIR 1 -- No longer used */ -/* #define RPMVAR_DOCDIR 2 -- No longer used */ #define RPMVAR_OPTFLAGS 3 -/* #define RPMVAR_TOPDIR 4 -- No longer used */ -/* #define RPMVAR_SPECDIR 5 -- No longer used */ -/* #define RPMVAR_ROOT 6 -- No longer used */ -/* #define RPMVAR_RPMDIR 7 -- No longer used */ -/* #define RPMVAR_SRPMDIR 8 -- No longer used */ -/* #define RPMVAR_ARCHSENSITIVE 9 -- No longer used */ -/* #define RPMVAR_REQUIREDISTRIBUTION 10 -- No longer used */ -/* #define RPMVAR_REQUIREGROUP 11 -- No longer used */ -/* #define RPMVAR_REQUIREVENDOR 12 -- No longer used */ -/* #define RPMVAR_DISTRIBUTION 13 -- No longer used */ -/* #define RPMVAR_VENDOR 14 -- No longer used */ -/* #define RPMVAR_MESSAGELEVEL 15 -- No longer used */ -/* #define RPMVAR_REQUIREICON 16 -- No longer used */ -/* #define RPMVAR_TIMECHECK 17 -- No longer used */ -/* #define RPMVAR_SIGTYPE 18 -- No longer used */ -/* #define RPMVAR_PGP_PATH 19 -- No longer used */ -/* #define RPMVAR_PGP_NAME 20 -- No longer used */ -/* #define RPMVAR_PGP_SECRING 21 -- No longer used */ -/* #define RPMVAR_PGP_PUBRING 22 -- No longer used */ -/* #define RPMVAR_EXCLUDEDOCS 23 -- No longer used */ -/* #define RPMVAR_BUILDARCH 24 -- No longer used */ -/* #define RPMVAR_BUILDOS 25 -- No longer used */ -/* #define RPMVAR_BUILDROOT 26 */ -/* #define RPMVAR_DBPATH 27 -- No longer used */ -/* #define RPMVAR_PACKAGER 28 -- No longer used */ -/* #define RPMVAR_FTPPROXY 29 -- No longer used */ -/* #define RPMVAR_TMPPATH 30 -- No longer used */ -/* #define RPMVAR_CPIOBIN 31 -- No longer used */ -/* #define RPMVAR_FTPPORT 32 -- No longer used */ -/* #define RPMVAR_NETSHAREDPATH 33 -- No longer used */ -/* #define RPMVAR_DEFAULTDOCDIR 34 -- No longer used */ -/* #define RPMVAR_FIXPERMS 35 -- No longer used */ -/* #define RPMVAR_GZIPBIN 36 -- No longer used */ -/* #define RPMVAR_RPMFILENAME 37 -- No longer used */ #define RPMVAR_PROVIDES 38 -/* #define RPMVAR_BUILDSHELL 39 -- No longer used */ -/* #define RPMVAR_INSTCHANGELOG 40 -- No longer used */ -/* #define RPMVAR_BZIP2BIN 41 -- No longer used */ -/* #define RPMVAR_LANGPATT 42 -- No longer used */ #define RPMVAR_INCLUDE 43 -/* #define RPMVAR_ARCH 44 -- No longer used */ -/* #define RPMVAR_OS 45 -- No longer used */ -/* #define RPMVAR_BUILDPLATFORM 46 -- No longer used */ -/* #define RPMVAR_BUILDARCH 47 -- No longer used */ -/* #define RPMVAR_BUILDOS 48 -- No longer used */ #define RPMVAR_MACROFILES 49 -/* #define RPMVAR_GPG_PATH 51 -- No longer used */ -/* #define RPMVAR_GPG_NAME 52 -- No longer used */ -/* #define RPMVAR_HTTPPROXY 53 -- No longer used */ -/* #define RPMVAR_HTTPPORT 54 -- No longer used */ #define RPMVAR_NUM 55 /* number of RPMVAR entries */ /** \ingroup rpmrc * Return value of rpmrc variable. * @deprecated Use rpmExpand() with appropriate macro expression. + * @todo Eliminate. */ const char * rpmGetVar(int var); /** \ingroup rpmrc * Set value of rpmrc variable. * @deprecated Use rpmDefineMacro() to change appropriate macro instead. + * @todo Eliminate. */ void rpmSetVar(int var, const char *val); /** \ingroup rpmrc * Build and install arch/os table identifiers. */ -#define RPM_MACHTABLE_INSTARCH 0 -#define RPM_MACHTABLE_INSTOS 1 -#define RPM_MACHTABLE_BUILDARCH 2 -#define RPM_MACHTABLE_BUILDOS 3 +enum rpm_machtable_e { + RPM_MACHTABLE_INSTARCH = 0, + RPM_MACHTABLE_INSTOS = 1, + RPM_MACHTABLE_BUILDARCH = 2, + RPM_MACHTABLE_BUILDOS = 3 +}; #define RPM_MACHTABLE_COUNT 4 /* number of arch/os tables */ /** \ingroup rpmrc @@ -673,18 +627,19 @@ int rpmdbRebuild(const char * root); /*@{*/ /** */ -typedef enum rpmProblemType_e { RPMPROB_BADARCH, - RPMPROB_BADOS, - RPMPROB_PKG_INSTALLED, - RPMPROB_BADRELOCATE, - RPMPROB_REQUIRES, - RPMPROB_CONFLICT, - RPMPROB_NEW_FILE_CONFLICT, - RPMPROB_FILE_CONFLICT, - RPMPROB_OLDPACKAGE, - RPMPROB_DISKSPACE, - RPMPROB_BADPRETRANS - } rpmProblemType; +typedef enum rpmProblemType_e { + RPMPROB_BADARCH, + RPMPROB_BADOS, + RPMPROB_PKG_INSTALLED, + RPMPROB_BADRELOCATE, + RPMPROB_REQUIRES, + RPMPROB_CONFLICT, + RPMPROB_NEW_FILE_CONFLICT, + RPMPROB_FILE_CONFLICT, + RPMPROB_OLDPACKAGE, + RPMPROB_DISKSPACE, + RPMPROB_BADPRETRANS + } rpmProblemType; /** */ typedef /*@abstract@*/ struct rpmProblem_s { @@ -1079,12 +1034,14 @@ int showMatches(QVA_t *qva, /*@only@*/ /*@null@*/ rpmdbMatchIterator mi, #define QUERY_FOR_DUMPFILES (1 << 8) /** + * Return name of tag from value. * @param tag tag value * @return name of tag */ /*@observer@*/ const char *const tagName(int tag) /*@*/; /** + * Return value of tag from name. * @param targstr name of tag * @return tag value */ @@ -1167,7 +1124,6 @@ int rpmVerify(QVA_t *qva, enum rpmQVSources source, const char *arg); #define UNINSTALL_NODEPS (1 << 0) #define UNINSTALL_ALLMATCHES (1 << 1) - /** \ingroup rpmcli * @param rootdir path to top of install tree * @param argv array of package file names (NULL terminated) @@ -1192,8 +1148,6 @@ int rpmErase(const char * rootdir, const char ** argv, int uninstallFlags, /** \name RPMK */ /*@{*/ -/** signature.c **/ - /**************************************************/ /* */ /* Signature Tags */ @@ -1203,57 +1157,68 @@ int rpmErase(const char * rootdir, const char ** argv, int uninstallFlags, /* */ /**************************************************/ -#define RPMSIGTAG_SIZE 1000 +/** \ingroup signature + * Tags found in signature header from package. + */ +enum rpmtagSignature { + RPMSIGTAG_SIZE = 1000, /* the md5 sum was broken *twice* on big endian machines */ -#define RPMSIGTAG_LEMD5_1 1001 -#define RPMSIGTAG_PGP 1002 -#define RPMSIGTAG_LEMD5_2 1003 -#define RPMSIGTAG_MD5 1004 -#define RPMSIGTAG_GPG 1005 -#define RPMSIGTAG_PGP5 1006 /* XXX legacy use only */ + RPMSIGTAG_LEMD5_1 = 1001, + RPMSIGTAG_PGP = 1002, + RPMSIGTAG_LEMD5_2 = 1003, + RPMSIGTAG_MD5 = 1004, + RPMSIGTAG_GPG = 1005, + RPMSIGTAG_PGP5 = 1006, /* XXX legacy use only */ /* Signature tags by Public Key Algorithm (RFC 2440) */ /* N.B.: These tags are tenative, the values may change */ -#define RPMTAG_PK_BASE 2048 -#define RPMTAG_PK_RSA_ES RPMTAG_PK_BASE+1 -#define RPMTAG_PK_RSA_E RPMTAG_PK_BASE+2 -#define RPMTAG_PK_RSA_S RPMTAG_PK_BASE+3 -#define RPMTAG_PK_ELGAMAL_E RPMTAG_PK_BASE+16 -#define RPMTAG_PK_DSA RPMTAG_PK_BASE+17 -#define RPMTAG_PK_ELLIPTIC RPMTAG_PK_BASE+18 -#define RPMTAG_PK_ECDSA RPMTAG_PK_BASE+19 -#define RPMTAG_PK_ELGAMAL_ES RPMTAG_PK_BASE+20 -#define RPMTAG_PK_DH RPMTAG_PK_BASE+21 - -#define RPMTAG_HASH_BASE 2048+64 -#define RPMTAG_HASH_MD5 RPMTAG_HASH_BASE+1 -#define RPMTAG_HASH_SHA1 RPMTAG_HASH_BASE+2 -#define RPMTAG_HASH_RIPEMD160 RPMTAG_HASH_BASE+3 -#define RPMTAG_HASH_MD2 RPMTAG_HASH_BASE+5 -#define RPMTAG_HASH_TIGER192 RPMTAG_HASH_BASE+6 -#define RPMTAG_HASH_HAVAL_5_160 RPMTAG_HASH_BASE+7 - -/**************************************************/ -/* */ -/* verifySignature() results */ -/* */ -/**************************************************/ + RPMTAG_PK_BASE = 512, + RPMTAG_PK_RSA_ES = RPMTAG_PK_BASE+1, + RPMTAG_PK_RSA_E = RPMTAG_PK_BASE+2, + RPMTAG_PK_RSA_S = RPMTAG_PK_BASE+3, + RPMTAG_PK_ELGAMAL_E = RPMTAG_PK_BASE+16, + RPMTAG_PK_DSA = RPMTAG_PK_BASE+17, + RPMTAG_PK_ELLIPTIC = RPMTAG_PK_BASE+18, + RPMTAG_PK_ECDSA = RPMTAG_PK_BASE+19, + RPMTAG_PK_ELGAMAL_ES = RPMTAG_PK_BASE+20, + RPMTAG_PK_DH = RPMTAG_PK_BASE+21, + + RPMTAG_HASH_BASE = 512+64, + RPMTAG_HASH_MD5 = RPMTAG_HASH_BASE+1, + RPMTAG_HASH_SHA1 = RPMTAG_HASH_BASE+2, + RPMTAG_HASH_RIPEMD160 = RPMTAG_HASH_BASE+3, + RPMTAG_HASH_MD2 = RPMTAG_HASH_BASE+5, + RPMTAG_HASH_TIGER192 = RPMTAG_HASH_BASE+6, + RPMTAG_HASH_HAVAL_5_160 = RPMTAG_HASH_BASE+7 +}; -/* verifySignature() results */ -#define RPMSIG_OK 0 -#define RPMSIG_UNKNOWN 1 -#define RPMSIG_BAD 2 -#define RPMSIG_NOKEY 3 /* Do not have the key to check this signature */ -#define RPMSIG_NOTTRUSTED 4 /* We have the key but it is not trusted */ +/** + * Return codes from verifySignature(). + */ +enum rpmVerifySignatureReturn { + RPMSIG_OK = 0, /*!< Signature is OK. */ + RPMSIG_UNKNOWN = 1, /*!< Signature is unknown. */ + RPMSIG_BAD = 2, /*!< Signature does not verify. */ + RPMSIG_NOKEY = 3, /*!< Key is unavailable. */ + RPMSIG_NOTTRUSTED = 4 /*!< Signature is OK, but key is not trusted. */ +}; /** \ingroup signature + * Verify a signature from a package. + * @param file file name of header+payload + * @param sigTag type of signature + * @param sig signature itself + * @param count no. of bytes in signature + * @param result detailed text result of signature verification + * @return result of signature verification */ -void rpmFreeSignature(Header h); +enum rpmVerifySignatureReturn rpmVerifySignature(const char *file, + int_32 sigTag, void *sig, int count, char *result); /** \ingroup signature + * Destroy signature header from package. */ -int rpmVerifySignature(const char *file, int_32 sigTag, void *sig, int count, - char *result); +void rpmFreeSignature(Header h); /* --- checksig/resign */ @@ -1262,17 +1227,28 @@ int rpmVerifySignature(const char *file, int_32 sigTag, void *sig, int count, #define CHECKSIG_GPG (1 << 2) /** \ingroup rpmcli + * @param flags * @param argv array of package file names (NULL terminated) + * @return 0 on success */ int rpmCheckSig(int flags, const char ** argv); /** \ingroup rpmcli - * @param argv array of package file names (NULL terminated) + * Type of signature operation to perform. */ -int rpmReSign(int add, char *passPhrase, const char ** argv); +enum rpmKtype { + RPMK_NEW_SIGNATURE = 0, /*!< Discard previous signature. */ + RPMK_ADD_SIGNATURE /*!< Add element to signature. */ +}; -#define ADD_SIGNATURE 1 -#define NEW_SIGNATURE 0 +/** \ingroup rpmcli + * Create/modify elements in signature header. + * @param add type of signature operation + * @param passPhrase + * @param argv array of package file names (NULL terminated) + * @return 0 on success + */ +int rpmReSign(enum rpmKtype add, char *passPhrase, const char ** argv); /*@}*/ diff --git a/lib/signature.c b/lib/signature.c index 0042eb9cd..fa53e5a99 100644 --- a/lib/signature.c +++ b/lib/signature.c @@ -427,7 +427,8 @@ int rpmAddSignature(Header header, const char *file, int_32 sigTag, const char * return ret; } -static int verifySizeSignature(const char *datafile, int_32 size, char *result) +static enum rpmVerifySignatureReturn +verifySizeSignature(const char *datafile, int_32 size, char *result) { struct stat statbuf; @@ -436,16 +437,17 @@ static int verifySizeSignature(const char *datafile, int_32 size, char *result) sprintf(result, "Header+Archive size mismatch.\n" "Expected %d, saw %d.\n", size, (int)statbuf.st_size); - return 1; + return RPMSIG_BAD; } sprintf(result, "Header+Archive size OK: %d bytes\n", size); - return 0; + return RPMSIG_OK; } #define X(_x) (unsigned)((_x) & 0xff) -static int verifyMD5Signature(const char *datafile, unsigned char *sig, +static enum rpmVerifySignatureReturn +verifyMD5Signature(const char *datafile, unsigned char *sig, char *result, md5func fn) { unsigned char md5sum[16]; @@ -465,7 +467,7 @@ static int verifyMD5Signature(const char *datafile, unsigned char *sig, X(md5sum[4]), X(md5sum[5]), X(md5sum[6]), X(md5sum[7]), X(md5sum[8]), X(md5sum[9]), X(md5sum[10]), X(md5sum[11]), X(md5sum[12]), X(md5sum[13]), X(md5sum[14]), X(md5sum[15]) ); - return 1; + return RPMSIG_BAD; } sprintf(result, "MD5 sum OK: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x" @@ -475,11 +477,11 @@ static int verifyMD5Signature(const char *datafile, unsigned char *sig, X(md5sum[8]), X(md5sum[9]), X(md5sum[10]), X(md5sum[11]), X(md5sum[12]), X(md5sum[13]), X(md5sum[14]), X(md5sum[15]) ); - return 0; + return RPMSIG_OK; } -static int verifyPGPSignature(const char *datafile, void *sig, - int count, char *result) +static enum rpmVerifySignatureReturn +verifyPGPSignature(const char *datafile, void *sig, int count, char *result) { int pid, status, outpipe[2]; FD_t sfd; @@ -590,8 +592,8 @@ static int verifyPGPSignature(const char *datafile, void *sig, return res; } -static int verifyGPGSignature(const char *datafile, void *sig, - int count, char *result) +static enum rpmVerifySignatureReturn +verifyGPGSignature(const char *datafile, void *sig, int count, char *result) { int pid, status, outpipe[2]; FD_t sfd; @@ -787,26 +789,21 @@ char *rpmGetPassPhrase(const char *prompt, const int sigTag) return pass; } -int rpmVerifySignature(const char *file, int_32 sigTag, void *sig, int count, +enum rpmVerifySignatureReturn +rpmVerifySignature(const char *file, int_32 sigTag, void *sig, int count, char *result) { switch (sigTag) { case RPMSIGTAG_SIZE: - if (verifySizeSignature(file, *(int_32 *)sig, result)) { - return RPMSIG_BAD; - } - break; + return verifySizeSignature(file, *(int_32 *)sig, result); + /*@notreached@*/ break; case RPMSIGTAG_MD5: - if (verifyMD5Signature(file, sig, result, mdbinfile)) { - return 1; - } - break; + return verifyMD5Signature(file, sig, result, mdbinfile); + /*@notreached@*/ break; case RPMSIGTAG_LEMD5_1: case RPMSIGTAG_LEMD5_2: - if (verifyMD5Signature(file, sig, result, mdbinfileBroken)) { - return 1; - } - break; + return verifyMD5Signature(file, sig, result, mdbinfileBroken); + /*@notreached@*/ break; case RPMSIGTAG_PGP5: /* XXX legacy */ case RPMSIGTAG_PGP: return verifyPGPSignature(file, sig, count, result); @@ -818,6 +815,6 @@ int rpmVerifySignature(const char *file, int_32 sigTag, void *sig, int count, sprintf(result, "Do not know how to verify sig type %d\n", sigTag); return RPMSIG_UNKNOWN; } - + /*@notreached@*/ return RPMSIG_OK; } diff --git a/po/rpm.pot b/po/rpm.pot index 2dd8b01bd..64b9be517 100644 --- a/po/rpm.pot +++ b/po/rpm.pot @@ -6,7 +6,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" -"POT-Creation-Date: 2000-08-27 15:15-0400\n" +"POT-Creation-Date: 2000-08-27 17:01-0400\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: LANGUAGE <LL@li.org>\n" @@ -3409,7 +3409,7 @@ msgstr "" msgid "Got %d bytes of PGP sig\n" msgstr "" -#: lib/signature.c:348 lib/signature.c:691 +#: lib/signature.c:348 lib/signature.c:693 msgid "Couldn't exec gpg" msgstr "" @@ -3441,33 +3441,33 @@ msgstr "" msgid "Generating signature using GPG.\n" msgstr "" -#: lib/signature.c:497 lib/signature.c:559 +#: lib/signature.c:499 lib/signature.c:561 msgid "Could not run pgp. Use --nopgp to skip PGP checks." msgstr "" -#: lib/signature.c:557 lib/signature.c:630 +#: lib/signature.c:559 lib/signature.c:632 msgid "exec failed!\n" msgstr "" -#: lib/signature.c:632 +#: lib/signature.c:634 msgid "Could not run gpg. Use --nogpg to skip GPG checks." msgstr "" -#: lib/signature.c:720 +#: lib/signature.c:722 msgid "Couldn't exec pgp" msgstr "" #. @notreached@ #. This case should have been screened out long ago. -#: lib/signature.c:724 lib/signature.c:777 +#: lib/signature.c:726 lib/signature.c:779 msgid "Invalid %%_signature spec in macro file" msgstr "" -#: lib/signature.c:757 +#: lib/signature.c:759 msgid "You must set \"%%_gpg_name\" in your macro file" msgstr "" -#: lib/signature.c:769 +#: lib/signature.c:771 msgid "You must set \"%%_pgp_name\" in your macro file" msgstr "" @@ -536,7 +536,7 @@ int main(int argc, const char ** argv) int installFlags = 0, uninstallFlags = 0, interfaceFlags = 0; int verifyFlags; int checksigFlags = 0; - int addSign = NEW_SIGNATURE; + enum rpmKtype addSign = RPMK_NEW_SIGNATURE; char * passPhrase = ""; const char * optArg; pid_t pipeChild = 0; @@ -721,7 +721,7 @@ int main(int argc, const char ** argv) if (bigMode != MODE_UNKNOWN && bigMode != MODE_RESIGN) argerror(_("only one major mode may be specified")); bigMode = MODE_RESIGN; - addSign = NEW_SIGNATURE; + addSign = RPMK_NEW_SIGNATURE; signIt = 1; break; @@ -729,7 +729,7 @@ int main(int argc, const char ** argv) if (bigMode != MODE_UNKNOWN && bigMode != MODE_RESIGN) argerror(_("only one major mode may be specified")); bigMode = MODE_RESIGN; - addSign = ADD_SIGNATURE; + addSign = RPMK_ADD_SIGNATURE; signIt = 1; break; @@ -655,7 +655,7 @@ int main(int argc, const char ** argv) #endif #if defined(IAM_RPMK) - int addSign = NEW_SIGNATURE; + enum rpmKtype addSign = RPMK_NEW_SIGNATURE; int checksigFlags = 0; #endif @@ -887,7 +887,7 @@ int main(int argc, const char ** argv) if (bigMode != MODE_UNKNOWN && bigMode != MODE_RESIGN) argerror(_("only one major mode may be specified")); bigMode = MODE_RESIGN; - addSign = NEW_SIGNATURE; + addSign = RPMK_NEW_SIGNATURE; signIt = 1; break; @@ -895,7 +895,7 @@ int main(int argc, const char ** argv) if (bigMode != MODE_UNKNOWN && bigMode != MODE_RESIGN) argerror(_("only one major mode may be specified")); bigMode = MODE_RESIGN; - addSign = ADD_SIGNATURE; + addSign = RPMK_ADD_SIGNATURE; signIt = 1; break; #endif /* IAM_RPMK */ |