]> git.saurik.com Git - apt.git/blame_incremental - methods/gpgv.cc
projects / apt.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
drop privileges in copy:// method as we do for file://
[apt.git] / methods / gpgv.cc
... / ...
CommitLineData
1#include <config.h>
2
3#include <apt-pkg/acquire-method.h>
4#include <apt-pkg/configuration.h>
5#include <apt-pkg/error.h>
6#include <apt-pkg/gpgv.h>
7#include <apt-pkg/strutl.h>
8#include <apt-pkg/fileutl.h>
9
10#include <ctype.h>
11#include <errno.h>
12#include <stddef.h>
13#include <stdio.h>
14#include <stdlib.h>
15#include <string.h>
16#include <sys/wait.h>
17#include <unistd.h>
18
19#include <algorithm>
20#include <iostream>
21#include <string>
22#include <vector>
23
24#include <apti18n.h>
25
26using std::string;
27using std::vector;
28
29#define GNUPGPREFIX "[GNUPG:]"
30#define GNUPGBADSIG "[GNUPG:] BADSIG"
31#define GNUPGNOPUBKEY "[GNUPG:] NO_PUBKEY"
32#define GNUPGVALIDSIG "[GNUPG:] VALIDSIG"
33#define GNUPGGOODSIG "[GNUPG:] GOODSIG"
34#define GNUPGKEYEXPIRED "[GNUPG:] KEYEXPIRED"
35#define GNUPGREVKEYSIG "[GNUPG:] REVKEYSIG"
36#define GNUPGNODATA "[GNUPG:] NODATA"
37
38class GPGVMethod : public pkgAcqMethod
39{
40 private:
41 string VerifyGetSigners(const char *file, const char *outfile,
42 std::string const &key,
43 vector<string> &GoodSigners,
44 vector<string> &BadSigners,
45 vector<string> &WorthlessSigners,
46 vector<string> &NoPubKeySigners);
47
48 protected:
49 virtual bool URIAcquire(std::string const &Message, FetchItem *Itm) APT_OVERRIDE;
50 virtual bool Configuration(string Message) APT_OVERRIDE;
51 public:
52
53 GPGVMethod() : pkgAcqMethod("1.0",SingleInstance | SendConfig) {};
54};
55
56bool GPGVMethod::Configuration(string Message)
57{
58 if (pkgAcqMethod::Configuration(Message) == false)
59 return false;
60
61 DropPrivsOrDie();
62
63 return true;
64}
65
66string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile,
67 std::string const &key,
68 vector<string> &GoodSigners,
69 vector<string> &BadSigners,
70 vector<string> &WorthlessSigners,
71 vector<string> &NoPubKeySigners)
72{
73 bool const Debug = _config->FindB("Debug::Acquire::gpgv", false);
74
75 if (Debug == true)
76 std::clog << "inside VerifyGetSigners" << std::endl;
77
78 int fd[2];
79 bool const keyIsID = (key.empty() == false && key[0] != '/');
80
81 if (pipe(fd) < 0)
82 return "Couldn't create pipe";
83
84 pid_t pid = fork();
85 if (pid < 0)
86 return string("Couldn't spawn new process") + strerror(errno);
87 else if (pid == 0)
88 ExecGPGV(outfile, file, 3, fd, (keyIsID ? "" : key));
89 close(fd[1]);
90
91 FILE *pipein = fdopen(fd[0], "r");
92
93 // Loop over the output of apt-key (which really is gnupg), and check the signatures.
94 std::vector<std::string> ValidSigners;
95 size_t buffersize = 0;
96 char *buffer = NULL;
97 while (1)
98 {
99 if (getline(&buffer, &buffersize, pipein) == -1)
100 break;
101 if (Debug == true)
102 std::clog << "Read: " << buffer << std::endl;
103
104 // Push the data into three separate vectors, which
105 // we later concatenate. They're kept separate so
106 // if we improve the apt method communication stuff later
107 // it will be better.
108 if (strncmp(buffer, GNUPGBADSIG, sizeof(GNUPGBADSIG)-1) == 0)
109 {
110 if (Debug == true)
111 std::clog << "Got BADSIG! " << std::endl;
112 BadSigners.push_back(string(buffer+sizeof(GNUPGPREFIX)));
113 }
114 else if (strncmp(buffer, GNUPGNOPUBKEY, sizeof(GNUPGNOPUBKEY)-1) == 0)
115 {
116 if (Debug == true)
117 std::clog << "Got NO_PUBKEY " << std::endl;
118 NoPubKeySigners.push_back(string(buffer+sizeof(GNUPGPREFIX)));
119 }
120 else if (strncmp(buffer, GNUPGNODATA, sizeof(GNUPGBADSIG)-1) == 0)
121 {
122 if (Debug == true)
123 std::clog << "Got NODATA! " << std::endl;
124 BadSigners.push_back(string(buffer+sizeof(GNUPGPREFIX)));
125 }
126 else if (strncmp(buffer, GNUPGKEYEXPIRED, sizeof(GNUPGKEYEXPIRED)-1) == 0)
127 {
128 if (Debug == true)
129 std::clog << "Got KEYEXPIRED! " << std::endl;
130 WorthlessSigners.push_back(string(buffer+sizeof(GNUPGPREFIX)));
131 }
132 else if (strncmp(buffer, GNUPGREVKEYSIG, sizeof(GNUPGREVKEYSIG)-1) == 0)
133 {
134 if (Debug == true)
135 std::clog << "Got REVKEYSIG! " << std::endl;
136 WorthlessSigners.push_back(string(buffer+sizeof(GNUPGPREFIX)));
137 }
138 else if (strncmp(buffer, GNUPGGOODSIG, sizeof(GNUPGGOODSIG)-1) == 0)
139 {
140 char *sig = buffer + sizeof(GNUPGPREFIX);
141 char *p = sig + sizeof("GOODSIG");
142 while (*p && isxdigit(*p))
143 p++;
144 *p = 0;
145 if (Debug == true)
146 std::clog << "Got GOODSIG, key ID:" << sig << std::endl;
147 GoodSigners.push_back(string(sig));
148 }
149 else if (strncmp(buffer, GNUPGVALIDSIG, sizeof(GNUPGVALIDSIG)-1) == 0)
150 {
151 char *sig = buffer + sizeof(GNUPGVALIDSIG);
152 char *p = sig;
153 while (*p && isxdigit(*p))
154 p++;
155 *p = 0;
156 if (Debug == true)
157 std::clog << "Got VALIDSIG, key ID: " << sig << std::endl;
158 ValidSigners.push_back(string(sig));
159 }
160 }
161 fclose(pipein);
162 free(buffer);
163
164 // apt-key has a --keyid parameter, but this requires gpg, so we call it without it
165 // and instead check after the fact which keyids where used for verification
166 if (keyIsID == true)
167 {
168 if (Debug == true)
169 std::clog << "GoodSigs needs to be limited to keyid " << key << std::endl;
170 std::vector<std::string>::iterator const foundItr = std::find(ValidSigners.begin(), ValidSigners.end(), key);
171 bool const found = (foundItr != ValidSigners.end());
172 std::copy(GoodSigners.begin(), GoodSigners.end(), std::back_insert_iterator<std::vector<std::string> >(NoPubKeySigners));
173 if (found)
174 {
175 // we look for GOODSIG here as well as an expired sig is a valid sig as well (but not a good one)
176 std::string const goodlongkeyid = "GOODSIG " + key.substr(24, 16);
177 bool const foundGood = std::find(GoodSigners.begin(), GoodSigners.end(), goodlongkeyid) != GoodSigners.end();
178 if (Debug == true)
179 std::clog << "Key " << key << " is valid sig, is " << goodlongkeyid << " also a good one? " << (foundGood ? "yes" : "no") << std::endl;
180 GoodSigners.clear();
181 if (foundGood)
182 {
183 GoodSigners.push_back(goodlongkeyid);
184 NoPubKeySigners.erase(std::remove(NoPubKeySigners.begin(), NoPubKeySigners.end(), goodlongkeyid), NoPubKeySigners.end());
185 }
186 }
187 else
188 GoodSigners.clear();
189 }
190
191 int status;
192 waitpid(pid, &status, 0);
193 if (Debug == true)
194 {
195 ioprintf(std::clog, "gpgv exited with status %i\n", WEXITSTATUS(status));
196 }
197
198 if (WEXITSTATUS(status) == 0)
199 {
200 if (keyIsID)
201 {
202 // gpgv will report success, but we want to enforce a certain keyring
203 // so if we haven't found the key the valid we found is in fact invalid
204 if (GoodSigners.empty())
205 return _("At least one invalid signature was encountered.");
206 }
207 else
208 {
209 if (GoodSigners.empty())
210 return _("Internal error: Good signature, but could not determine key fingerprint?!");
211 }
212 return "";
213 }
214 else if (WEXITSTATUS(status) == 1)
215 return _("At least one invalid signature was encountered.");
216 else if (WEXITSTATUS(status) == 111)
217 return _("Could not execute 'apt-key' to verify signature (is gnupg installed?)");
218 else if (WEXITSTATUS(status) == 112)
219 {
220 // acquire system checks for "NODATA" to generate GPG errors (the others are only warnings)
221 std::string errmsg;
222 //TRANSLATORS: %s is a single techy word like 'NODATA'
223 strprintf(errmsg, _("Clearsigned file isn't valid, got '%s' (does the network require authentication?)"), "NODATA");
224 return errmsg;
225 }
226 else
227 return _("Unknown error executing apt-key");
228}
229
230bool GPGVMethod::URIAcquire(std::string const &Message, FetchItem *Itm)
231{
232 URI const Get = Itm->Uri;
233 string const Path = Get.Host + Get.Path; // To account for relative paths
234 std::string const key = LookupTag(Message, "Signed-By");
235 vector<string> GoodSigners;
236 vector<string> BadSigners;
237 // a worthless signature is a expired or revoked one
238 vector<string> WorthlessSigners;
239 vector<string> NoPubKeySigners;
240
241 FetchResult Res;
242 Res.Filename = Itm->DestFile;
243 URIStart(Res);
244
245 // Run apt-key on file, extract contents and get the key ID of the signer
246 string msg = VerifyGetSigners(Path.c_str(), Itm->DestFile.c_str(), key,
247 GoodSigners, BadSigners, WorthlessSigners,
248 NoPubKeySigners);
249 if (GoodSigners.empty() || !BadSigners.empty() || !NoPubKeySigners.empty())
250 {
251 string errmsg;
252 // In this case, something bad probably happened, so we just go
253 // with what the other method gave us for an error message.
254 if (BadSigners.empty() && WorthlessSigners.empty() && NoPubKeySigners.empty())
255 errmsg = msg;
256 else
257 {
258 if (!BadSigners.empty())
259 {
260 errmsg += _("The following signatures were invalid:\n");
261 for (vector<string>::iterator I = BadSigners.begin();
262 I != BadSigners.end(); ++I)
263 errmsg += (*I + "\n");
264 }
265 if (!WorthlessSigners.empty())
266 {
267 errmsg += _("The following signatures were invalid:\n");
268 for (vector<string>::iterator I = WorthlessSigners.begin();
269 I != WorthlessSigners.end(); ++I)
270 errmsg += (*I + "\n");
271 }
272 if (!NoPubKeySigners.empty())
273 {
274 errmsg += _("The following signatures couldn't be verified because the public key is not available:\n");
275 for (vector<string>::iterator I = NoPubKeySigners.begin();
276 I != NoPubKeySigners.end(); ++I)
277 errmsg += (*I + "\n");
278 }
279 }
280 // this is only fatal if we have no good sigs or if we have at
281 // least one bad signature. good signatures and NoPubKey signatures
282 // happen easily when a file is signed with multiple signatures
283 if(GoodSigners.empty() or !BadSigners.empty())
284 return _error->Error("%s", errmsg.c_str());
285 }
286
287 // Just pass the raw output up, because passing it as a real data
288 // structure is too difficult with the method stuff. We keep it
289 // as three separate vectors for future extensibility.
290 Res.GPGVOutput = GoodSigners;
291 Res.GPGVOutput.insert(Res.GPGVOutput.end(),BadSigners.begin(),BadSigners.end());
292 Res.GPGVOutput.insert(Res.GPGVOutput.end(),NoPubKeySigners.begin(),NoPubKeySigners.end());
293 URIDone(Res);
294
295 if (_config->FindB("Debug::Acquire::gpgv", false))
296 {
297 std::clog << "apt-key succeeded\n";
298 }
299
300 return true;
301}
302
303
304int main()
305{
306 setlocale(LC_ALL, "");
307
308 GPGVMethod Mth;
309
310 return Mth.Run();
311}
APT (for Cydia)