diff options
author | Panu Matilainen <pmatilai@redhat.com> | 2022-03-18 14:15:16 +0200 |
---|---|---|
committer | Panu Matilainen <pmatilai@redhat.com> | 2022-03-31 09:56:03 +0300 |
commit | fa70eca360e39d61504d1c33079892706f2f8af6 (patch) | |
tree | f4a0c18153884acf64132745be0b99f6847f082d | |
parent | 3e4c0a95d3c2c8c500fdfd07db5408ac44dde50c (diff) | |
download | rpm-fa70eca360e39d61504d1c33079892706f2f8af6.tar.gz |
Support imports to fs keyring too
The fs keyring doesn't of course need the header to be created, but
going through the same motions ensures consistent results, ie the
key goes throught the same validation steps and we also get a
"descriptive" file name for free (descriptive in that it matches the
rpmdb NVR)
-rw-r--r-- | lib/rpmts.c | 32 | ||||
-rw-r--r-- | tests/rpmsigdig.at | 49 |
2 files changed, 79 insertions, 2 deletions
diff --git a/lib/rpmts.c b/lib/rpmts.c index 3d5a0f1a4..92c11c836 100644 --- a/lib/rpmts.c +++ b/lib/rpmts.c @@ -7,6 +7,7 @@ #include <inttypes.h> #include <libgen.h> #include <fcntl.h> +#include <errno.h> #include <rpm/rpmtypes.h> #include <rpm/rpmlib.h> /* rpmReadPackage etc */ @@ -570,6 +571,32 @@ rpmRC rpmtsImportHeader(rpmtxn txn, Header h, rpmFlags flags) return rc; } +static rpmRC rpmtsImportFSKey(rpmtxn txn, Header h, rpmFlags flags) +{ + rpmRC rc = RPMRC_FAIL; + char *keyfmt = headerFormat(h, "%{nvr}.key", NULL); + char *keyval = headerGetAsString(h, RPMTAG_DESCRIPTION); + char *path = rpmGenPath(rpmtsRootDir(txn->ts), "%{_keyringpath}/", keyfmt); + + FD_t fd = Fopen(path, "wx"); + if (fd) { + size_t keylen = strlen(keyval); + if (Fwrite(keyval, 1, keylen, fd) == keylen) + rc = RPMRC_OK; + Fclose(fd); + } + + if (rc) { + rpmlog(RPMLOG_ERR, _("failed to import key: %s: %s\n"), + path, strerror(errno)); + } + + free(path); + free(keyval); + free(keyfmt); + return rc; +} + rpmRC rpmtsImportPubkey(const rpmts ts, const unsigned char * pkt, size_t pktlen) { Header h = NULL; @@ -612,7 +639,10 @@ rpmRC rpmtsImportPubkey(const rpmts ts, const unsigned char * pkt, size_t pktlen /* Add header to database. */ if (!(rpmtsFlags(ts) & RPMTRANS_FLAG_TEST)) { - rc = rpmtsImportHeader(txn, h, 0); + if (ts->keyringtype == KEYRING_FS) + rc = rpmtsImportFSKey(txn, h, 0); + else + rc = rpmtsImportHeader(txn, h, 0); } } rc = RPMRC_OK; diff --git a/tests/rpmsigdig.at b/tests/rpmsigdig.at index ab9b47393..bb87af351 100644 --- a/tests/rpmsigdig.at +++ b/tests/rpmsigdig.at @@ -191,7 +191,7 @@ AT_CLEANUP # ------------------------------ # Import a public RSA key -AT_SETUP([rpmkeys --import rsa]) +AT_SETUP([rpmkeys --import rsa (rpmdb)]) AT_KEYWORDS([rpmkeys import]) AT_CHECK([ RPMDB_INIT @@ -251,6 +251,53 @@ gpg(4344591e1964c5fc) = 4:4344591e1964c5fc-58e63918 []) AT_CLEANUP +AT_SETUP([rpmkeys --import rsa (fs)]) +AT_KEYWORDS([rpmkeys import]) +AT_CHECK([ +RPMDB_INIT + +runroot_other mkdir -p /tmp/kr +runroot rpmkeys \ + --define "_keyringpath /tmp/kr" \ + --define "_keyring fs" \ + --import /data/keys/rpm.org-rsa-2048-test.pub +runroot_other cat /tmp/kr/gpg-pubkey-1964c5fc-58e63918.key +], +[0], +[-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: rpm-4.17.90 + +mQENBFjmORgBCAC7TMEk6wnjSs8Dr4yqSScWdU2pjcqrkTxuzdWvowcIUPZI0w/g +HkRqGd4apjvY2V15kjL10gk3QhFP3pZ/9p7zh8o8NHX7aGdSGDK7NOq1eFaErPRY +91LW9RiZ0lbOjXEzIL0KHxUiTQEmdXJT43DJMFPyW9fkCWg0OltiX618FUdWWfI8 +eySdLur1utnqBvdEbCUvWK2RX3vQZQdvEBODnNk2pxqTyV0w6VPQ96W++lF/5Aas +7rUv3HIyIXxIggc8FRrnH+y9XvvHDonhTIlGnYZN4ubm9i4y3gOkrZlGTrEw7elQ +1QeMyG2QQEbze8YjpTm4iLABCBrRfPRaQpwrABEBAAG0IXJwbS5vcmcgUlNBIHRl +c3RrZXkgPHJzYUBycG0ub3JnPokBNwQTAQgAIQUCWOY5GAIbAwULCQgHAgYVCAkK +CwIEFgIDAQIeAQIXgAAKCRBDRFkeGWTF/MxxCACnjqFL+MmPh9W9JQKT2DcLbBzf +Cqo6wcEBoCOcwgRSk8dSikhARoteoa55JRJhuMyeKhhEAogE9HRmCPFdjezFTwgB +BDVBpO2dZ023mLXDVCYX3S8pShOgCP6Tn4wqCnYeAdLcGg106N4xcmgtcssJE+Pr +XzTZksbZsrTVEmL/Ym+R5w5jBfFnGk7Yw7ndwfQsfNXQb5AZynClFxnX546lcyZX +fEx3/e6ezw57WNOUK6WT+8b+EGovPkbetK/rGxNXuWaP6X4A/QUm8O98nCuHYFQq ++mvNdsCBqGf7mhaRGtpHk/JgCn5rFvArMDqLVrR9hX0LdCSsH7EGE+bR3r7wuQEN +BFjmORgBCACk+vDZrIXQuFXEYToZVwb2attzbbJJCqD71vmZTLsW0QxuPKRgbcYY +zp4K4lVBnHhFrF8MOUOxJ7kQWIJZMZFt+BDcptCYurbD2H4W2xvnWViiC+LzCMzz +iMJT6165uefL4JHTDPxC2fFiM9yrc72LmylJNkM/vepT128J5Qv0gRUaQbHiQuS6 +Dm/+WRnUfx3i89SV4mnBxb/Ta93GVqoOciWwzWSnwEnWYAvOb95JL4U7c5J5f/+c +KnQDHsW7sIiIdscsWzvgf6qs2Ra1Zrt7Fdk4+ZS2f/adagLhDO1C24sXf5XfMk5m +L0OGwZSr9m5s17VXxfspgU5ugc8kBJfzABEBAAGJAR8EGAEIAAkFAljmORgCGwwA +CgkQQ0RZHhlkxfzwDQf/Y5on5o+s/xD3tDyRYa6SErfT44lEArdCD7Yi+cygJFox +3jyM8ovtJAkwRegwyxcaLN7zeG1p1Sk9ZAYWQEJT6qSU4Ppu+CVGHgxgnTcfUiu6 +EZZQE6srvua53IMY1lT50M7vx0T5VicHFRWBFV2C/Mc32p7cEE6nn45nEZgUXQNl +ySEyvoRlsAJq6gFsfqucVz2vMJDTMVczUtq1CjvUqFbif8JVL36EoZCf1SeRw6d6 +s1Kp3AA33Rjd+Uw87HJ4EIB75zMFQX2H0ggAVdYTQcqGXHP5MZK1jJrHfxJyMi3d +UNW2iqnN3BA7guhOv6OMiROF1+I7Q5nWT63mQC7IgQ== +=Z6nu +-----END PGP PUBLIC KEY BLOCK----- +], +[]) +AT_CLEANUP + AT_SETUP([rpmkeys --import invalid keys]) AT_KEYWORDS([rpmkeys import]) RPMDB_INIT |