]> git.saurik.com Git - apt.git/blame - methods/gpgv.cc
dpkgpm: Convert ctime() call to ctime_r()
[apt.git] / methods / gpgv.cc
CommitLineData
ea542140
DK
1#include <config.h>
2
b3d44315 3#include <apt-pkg/acquire-method.h>
472ff00e 4#include <apt-pkg/configuration.h>
453b82a3 5#include <apt-pkg/error.h>
2f5b6151 6#include <apt-pkg/gpgv.h>
453b82a3 7#include <apt-pkg/strutl.h>
3927c6da 8#include <apt-pkg/fileutl.h>
b3d44315 9
453b82a3 10#include <ctype.h>
b3d44315 11#include <errno.h>
453b82a3
DK
12#include <stddef.h>
13#include <stdio.h>
14#include <stdlib.h>
15#include <string.h>
b3d44315 16#include <sys/wait.h>
453b82a3 17#include <unistd.h>
4e03c47d
DK
18
19#include <algorithm>
b3d44315 20#include <iostream>
453b82a3 21#include <string>
f5a3d009
DK
22#include <vector>
23
ea542140
DK
24#include <apti18n.h>
25
8f3ba4e8
DK
26using std::string;
27using std::vector;
28
b3d44315
MV
29#define GNUPGPREFIX "[GNUPG:]"
30#define GNUPGBADSIG "[GNUPG:] BADSIG"
31#define GNUPGNOPUBKEY "[GNUPG:] NO_PUBKEY"
32#define GNUPGVALIDSIG "[GNUPG:] VALIDSIG"
c5d8878d
MV
33#define GNUPGGOODSIG "[GNUPG:] GOODSIG"
34#define GNUPGKEYEXPIRED "[GNUPG:] KEYEXPIRED"
35#define GNUPGREVKEYSIG "[GNUPG:] REVKEYSIG"
2abb68b7 36#define GNUPGNODATA "[GNUPG:] NODATA"
b3d44315
MV
37
38class GPGVMethod : public pkgAcqMethod
39{
40 private:
da9ed163 41 string VerifyGetSigners(const char *file, const char *outfile,
b0d40854
DK
42 std::string const &key,
43 vector<string> &GoodSigners,
c5d8878d
MV
44 vector<string> &BadSigners,
45 vector<string> &WorthlessSigners,
b3d44315
MV
46 vector<string> &NoPubKeySigners);
47
48 protected:
3b302846
DK
49 virtual bool URIAcquire(std::string const &Message, FetchItem *Itm) APT_OVERRIDE;
50 virtual bool Configuration(string Message) APT_OVERRIDE;
b3d44315
MV
51 public:
52
53 GPGVMethod() : pkgAcqMethod("1.0",SingleInstance | SendConfig) {};
54};
55
9983999d
MV
56bool GPGVMethod::Configuration(string Message)
57{
58 if (pkgAcqMethod::Configuration(Message) == false)
59 return false;
60
61 DropPrivsOrDie();
62
63 return true;
64}
65
da9ed163 66string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile,
b0d40854 67 std::string const &key,
b3d44315
MV
68 vector<string> &GoodSigners,
69 vector<string> &BadSigners,
c5d8878d 70 vector<string> &WorthlessSigners,
b3d44315
MV
71 vector<string> &NoPubKeySigners)
72{
46e39c8e 73 bool const Debug = _config->FindB("Debug::Acquire::gpgv", false);
da9ed163 74
46e39c8e
MV
75 if (Debug == true)
76 std::clog << "inside VerifyGetSigners" << std::endl;
77
b3d44315 78 int fd[2];
4e03c47d 79 bool const keyIsID = (key.empty() == false && key[0] != '/');
46e39c8e 80
b3d44315 81 if (pipe(fd) < 0)
b3d44315 82 return "Couldn't create pipe";
b3d44315 83
cf440fac 84 pid_t pid = fork();
b3d44315 85 if (pid < 0)
da9ed163 86 return string("Couldn't spawn new process") + strerror(errno);
b3d44315 87 else if (pid == 0)
4e03c47d 88 ExecGPGV(outfile, file, 3, fd, (keyIsID ? "" : key));
b3d44315
MV
89 close(fd[1]);
90
cf440fac
DK
91 FILE *pipein = fdopen(fd[0], "r");
92
b39bb552 93 // Loop over the output of apt-key (which really is gnupg), and check the signatures.
4e03c47d 94 std::vector<std::string> ValidSigners;
bf6ac7ca
DK
95 size_t buffersize = 0;
96 char *buffer = NULL;
b3d44315
MV
97 while (1)
98 {
bf6ac7ca
DK
99 if (getline(&buffer, &buffersize, pipein) == -1)
100 break;
46e39c8e
MV
101 if (Debug == true)
102 std::clog << "Read: " << buffer << std::endl;
b3d44315
MV
103
104 // Push the data into three separate vectors, which
105 // we later concatenate. They're kept separate so
106 // if we improve the apt method communication stuff later
107 // it will be better.
108 if (strncmp(buffer, GNUPGBADSIG, sizeof(GNUPGBADSIG)-1) == 0)
109 {
46e39c8e
MV
110 if (Debug == true)
111 std::clog << "Got BADSIG! " << std::endl;
b3d44315
MV
112 BadSigners.push_back(string(buffer+sizeof(GNUPGPREFIX)));
113 }
4e03c47d 114 else if (strncmp(buffer, GNUPGNOPUBKEY, sizeof(GNUPGNOPUBKEY)-1) == 0)
b3d44315 115 {
46e39c8e
MV
116 if (Debug == true)
117 std::clog << "Got NO_PUBKEY " << std::endl;
b3d44315
MV
118 NoPubKeySigners.push_back(string(buffer+sizeof(GNUPGPREFIX)));
119 }
4e03c47d 120 else if (strncmp(buffer, GNUPGNODATA, sizeof(GNUPGBADSIG)-1) == 0)
2abb68b7 121 {
46e39c8e
MV
122 if (Debug == true)
123 std::clog << "Got NODATA! " << std::endl;
2abb68b7
MV
124 BadSigners.push_back(string(buffer+sizeof(GNUPGPREFIX)));
125 }
4e03c47d 126 else if (strncmp(buffer, GNUPGKEYEXPIRED, sizeof(GNUPGKEYEXPIRED)-1) == 0)
c5d8878d 127 {
46e39c8e
MV
128 if (Debug == true)
129 std::clog << "Got KEYEXPIRED! " << std::endl;
c5d8878d
MV
130 WorthlessSigners.push_back(string(buffer+sizeof(GNUPGPREFIX)));
131 }
4e03c47d 132 else if (strncmp(buffer, GNUPGREVKEYSIG, sizeof(GNUPGREVKEYSIG)-1) == 0)
c5d8878d 133 {
46e39c8e
MV
134 if (Debug == true)
135 std::clog << "Got REVKEYSIG! " << std::endl;
c5d8878d
MV
136 WorthlessSigners.push_back(string(buffer+sizeof(GNUPGPREFIX)));
137 }
4e03c47d 138 else if (strncmp(buffer, GNUPGGOODSIG, sizeof(GNUPGGOODSIG)-1) == 0)
b3d44315
MV
139 {
140 char *sig = buffer + sizeof(GNUPGPREFIX);
c5d8878d 141 char *p = sig + sizeof("GOODSIG");
b3d44315
MV
142 while (*p && isxdigit(*p))
143 p++;
144 *p = 0;
46e39c8e
MV
145 if (Debug == true)
146 std::clog << "Got GOODSIG, key ID:" << sig << std::endl;
b3d44315
MV
147 GoodSigners.push_back(string(sig));
148 }
4e03c47d
DK
149 else if (strncmp(buffer, GNUPGVALIDSIG, sizeof(GNUPGVALIDSIG)-1) == 0)
150 {
151 char *sig = buffer + sizeof(GNUPGVALIDSIG);
152 char *p = sig;
153 while (*p && isxdigit(*p))
154 p++;
155 *p = 0;
156 if (Debug == true)
157 std::clog << "Got VALIDSIG, key ID: " << sig << std::endl;
158 ValidSigners.push_back(string(sig));
159 }
b3d44315
MV
160 }
161 fclose(pipein);
1b7bf822 162 free(buffer);
b3d44315 163
4e03c47d
DK
164 // apt-key has a --keyid parameter, but this requires gpg, so we call it without it
165 // and instead check after the fact which keyids where used for verification
166 if (keyIsID == true)
167 {
168 if (Debug == true)
169 std::clog << "GoodSigs needs to be limited to keyid " << key << std::endl;
170 std::vector<std::string>::iterator const foundItr = std::find(ValidSigners.begin(), ValidSigners.end(), key);
171 bool const found = (foundItr != ValidSigners.end());
172 std::copy(GoodSigners.begin(), GoodSigners.end(), std::back_insert_iterator<std::vector<std::string> >(NoPubKeySigners));
173 if (found)
174 {
175 // we look for GOODSIG here as well as an expired sig is a valid sig as well (but not a good one)
176 std::string const goodlongkeyid = "GOODSIG " + key.substr(24, 16);
177 bool const foundGood = std::find(GoodSigners.begin(), GoodSigners.end(), goodlongkeyid) != GoodSigners.end();
178 if (Debug == true)
179 std::clog << "Key " << key << " is valid sig, is " << goodlongkeyid << " also a good one? " << (foundGood ? "yes" : "no") << std::endl;
180 GoodSigners.clear();
181 if (foundGood)
182 {
183 GoodSigners.push_back(goodlongkeyid);
184 NoPubKeySigners.erase(std::remove(NoPubKeySigners.begin(), NoPubKeySigners.end(), goodlongkeyid), NoPubKeySigners.end());
185 }
186 }
187 else
188 GoodSigners.clear();
189 }
190
cf440fac 191 int status;
b3d44315 192 waitpid(pid, &status, 0);
46e39c8e 193 if (Debug == true)
b3d44315 194 {
2737f28a 195 ioprintf(std::clog, "gpgv exited with status %i\n", WEXITSTATUS(status));
b3d44315
MV
196 }
197
198 if (WEXITSTATUS(status) == 0)
199 {
4e03c47d
DK
200 if (keyIsID)
201 {
202 // gpgv will report success, but we want to enforce a certain keyring
203 // so if we haven't found the key the valid we found is in fact invalid
204 if (GoodSigners.empty())
205 return _("At least one invalid signature was encountered.");
206 }
207 else
208 {
209 if (GoodSigners.empty())
210 return _("Internal error: Good signature, but could not determine key fingerprint?!");
211 }
da9ed163 212 return "";
b3d44315
MV
213 }
214 else if (WEXITSTATUS(status) == 1)
339690e4 215 return _("At least one invalid signature was encountered.");
b3d44315 216 else if (WEXITSTATUS(status) == 111)
b39bb552 217 return _("Could not execute 'apt-key' to verify signature (is gnupg installed?)");
ae99ce2e 218 else if (WEXITSTATUS(status) == 112)
b3d44315 219 {
ae99ce2e
DK
220 // acquire system checks for "NODATA" to generate GPG errors (the others are only warnings)
221 std::string errmsg;
222 //TRANSLATORS: %s is a single techy word like 'NODATA'
223 strprintf(errmsg, _("Clearsigned file isn't valid, got '%s' (does the network require authentication?)"), "NODATA");
224 return errmsg;
b3d44315
MV
225 }
226 else
b39bb552 227 return _("Unknown error executing apt-key");
b3d44315
MV
228}
229
b0d40854 230bool GPGVMethod::URIAcquire(std::string const &Message, FetchItem *Itm)
b3d44315 231{
b0d40854
DK
232 URI const Get = Itm->Uri;
233 string const Path = Get.Host + Get.Path; // To account for relative paths
234 std::string const key = LookupTag(Message, "Signed-By");
b3d44315
MV
235 vector<string> GoodSigners;
236 vector<string> BadSigners;
c5d8878d
MV
237 // a worthless signature is a expired or revoked one
238 vector<string> WorthlessSigners;
b3d44315
MV
239 vector<string> NoPubKeySigners;
240
241 FetchResult Res;
242 Res.Filename = Itm->DestFile;
243 URIStart(Res);
244
b39bb552 245 // Run apt-key on file, extract contents and get the key ID of the signer
b0d40854 246 string msg = VerifyGetSigners(Path.c_str(), Itm->DestFile.c_str(), key,
c5d8878d
MV
247 GoodSigners, BadSigners, WorthlessSigners,
248 NoPubKeySigners);
b3d44315
MV
249 if (GoodSigners.empty() || !BadSigners.empty() || !NoPubKeySigners.empty())
250 {
251 string errmsg;
252 // In this case, something bad probably happened, so we just go
253 // with what the other method gave us for an error message.
c5d8878d 254 if (BadSigners.empty() && WorthlessSigners.empty() && NoPubKeySigners.empty())
b3d44315
MV
255 errmsg = msg;
256 else
257 {
258 if (!BadSigners.empty())
259 {
339690e4 260 errmsg += _("The following signatures were invalid:\n");
b3d44315 261 for (vector<string>::iterator I = BadSigners.begin();
f7f0d6c7 262 I != BadSigners.end(); ++I)
b3d44315
MV
263 errmsg += (*I + "\n");
264 }
c5d8878d
MV
265 if (!WorthlessSigners.empty())
266 {
267 errmsg += _("The following signatures were invalid:\n");
268 for (vector<string>::iterator I = WorthlessSigners.begin();
f7f0d6c7 269 I != WorthlessSigners.end(); ++I)
c5d8878d
MV
270 errmsg += (*I + "\n");
271 }
b3d44315
MV
272 if (!NoPubKeySigners.empty())
273 {
339690e4 274 errmsg += _("The following signatures couldn't be verified because the public key is not available:\n");
b3d44315 275 for (vector<string>::iterator I = NoPubKeySigners.begin();
f7f0d6c7 276 I != NoPubKeySigners.end(); ++I)
b3d44315
MV
277 errmsg += (*I + "\n");
278 }
279 }
ce424cd4
MV
280 // this is only fatal if we have no good sigs or if we have at
281 // least one bad signature. good signatures and NoPubKey signatures
282 // happen easily when a file is signed with multiple signatures
283 if(GoodSigners.empty() or !BadSigners.empty())
f23153d0 284 return _error->Error("%s", errmsg.c_str());
b3d44315
MV
285 }
286
b3d44315
MV
287 // Just pass the raw output up, because passing it as a real data
288 // structure is too difficult with the method stuff. We keep it
289 // as three separate vectors for future extensibility.
290 Res.GPGVOutput = GoodSigners;
291 Res.GPGVOutput.insert(Res.GPGVOutput.end(),BadSigners.begin(),BadSigners.end());
292 Res.GPGVOutput.insert(Res.GPGVOutput.end(),NoPubKeySigners.begin(),NoPubKeySigners.end());
293 URIDone(Res);
294
295 if (_config->FindB("Debug::Acquire::gpgv", false))
296 {
b39bb552 297 std::clog << "apt-key succeeded\n";
b3d44315
MV
298 }
299
300 return true;
301}
302
303
304int main()
305{
339690e4 306 setlocale(LC_ALL, "");
3927c6da 307
b3d44315
MV
308 GPGVMethod Mth;
309
310 return Mth.Run();
311}