]> git.saurik.com Git - apt.git/blame_incremental - methods/gpgv.cc
projects / apt.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
* slightly cosmetic change in methods/gpgv.cc
[apt.git] / methods / gpgv.cc
... / ...
CommitLineData
1#include <apt-pkg/error.h>
2#include <apt-pkg/acquire-method.h>
3#include <apt-pkg/strutl.h>
4
5#include <sys/stat.h>
6#include <unistd.h>
7#include <utime.h>
8#include <stdio.h>
9#include <fcntl.h>
10#include <errno.h>
11#include <sys/wait.h>
12#include <iostream>
13
14#define GNUPGPREFIX "[GNUPG:]"
15#define GNUPGBADSIG "[GNUPG:] BADSIG"
16#define GNUPGNOPUBKEY "[GNUPG:] NO_PUBKEY"
17#define GNUPGVALIDSIG "[GNUPG:] VALIDSIG"
18
19class GPGVMethod : public pkgAcqMethod
20{
21 private:
22 const char *VerifyGetSigners(const char *file, const char *outfile,
23 vector<string> &GoodSigners, vector<string> &BadSigners,
24 vector<string> &NoPubKeySigners);
25
26 protected:
27 virtual bool Fetch(FetchItem *Itm);
28
29 public:
30
31 GPGVMethod() : pkgAcqMethod("1.0",SingleInstance | SendConfig) {};
32};
33
34const char *GPGVMethod::VerifyGetSigners(const char *file, const char *outfile,
35 vector<string> &GoodSigners,
36 vector<string> &BadSigners,
37 vector<string> &NoPubKeySigners)
38{
39 if (_config->FindB("Debug::Acquire::gpgv", false))
40 {
41 std::cerr << "inside VerifyGetSigners" << std::endl;
42 }
43 pid_t pid;
44 int fd[2];
45 FILE *pipein;
46 int status;
47 struct stat buff;
48 string gpgvpath = _config->Find("Dir::Bin::gpg", "/usr/bin/gpgv");
49 string pubringpath = _config->Find("Apt::GPGV::TrustedKeyring", "/etc/apt/trusted.gpg");
50 if (_config->FindB("Debug::Acquire::gpgv", false))
51 {
52 std::cerr << "gpgv path: " << gpgvpath << std::endl;
53 std::cerr << "Keyring path: " << pubringpath << std::endl;
54 }
55
56 if (stat(pubringpath.c_str(), &buff) != 0)
57 return (string("Couldn't access keyring: ") + strerror(errno)).c_str();
58
59 if (pipe(fd) < 0)
60 {
61 return "Couldn't create pipe";
62 }
63
64 pid = fork();
65 if (pid < 0)
66 {
67 return (string("Couldn't spawn new process") + strerror(errno)).c_str();
68 }
69 else if (pid == 0)
70 {
71 const char *Args[400];
72 unsigned int i = 0;
73
74 Args[i++] = gpgvpath.c_str();
75 Args[i++] = "--status-fd";
76 Args[i++] = "3";
77 Args[i++] = "--keyring";
78 Args[i++] = pubringpath.c_str();
79
80 Configuration::Item const *Opts;
81 Opts = _config->Tree("Acquire::gpgv::Options");
82 if (Opts != 0)
83 {
84 Opts = Opts->Child;
85 for (; Opts != 0; Opts = Opts->Next)
86 {
87 if (Opts->Value.empty() == true)
88 continue;
89 Args[i++] = Opts->Value.c_str();
90 if(i >= 395) {
91 std::cerr << "E: Argument list from Acquire::gpgv::Options too long. Exiting." << std::endl;
92 exit(111);
93 }
94 }
95 }
96 Args[i++] = file;
97 Args[i++] = outfile;
98 Args[i++] = NULL;
99
100 if (_config->FindB("Debug::Acquire::gpgv", false))
101 {
102 std::cerr << "Preparing to exec: " << gpgvpath;
103 for(unsigned int j=0;Args[j] != NULL; j++)
104 std::cerr << Args[j] << " ";
105 std::cerr << std::endl;
106 }
107 int nullfd = open("/dev/null", O_RDONLY);
108 close(fd[0]);
109 // Redirect output to /dev/null; we read from the status fd
110 dup2(nullfd, STDOUT_FILENO);
111 dup2(nullfd, STDERR_FILENO);
112 // Redirect the pipe to the status fd (3)
113 dup2(fd[1], 3);
114
115 putenv("LANG=");
116 putenv("LC_ALL=");
117 putenv("LC_MESSAGES=");
118 execvp(gpgvpath.c_str(), (char **)Args);
119
120 exit(111);
121 }
122 close(fd[1]);
123
124 pipein = fdopen(fd[0], "r");
125
126 // Loop over the output of gpgv, and check the signatures.
127 size_t buffersize = 64;
128 char *buffer = (char *) malloc(buffersize);
129 size_t bufferoff = 0;
130 while (1)
131 {
132 int c;
133
134 // Read a line. Sigh.
135 while ((c = getc(pipein)) != EOF && c != '\n')
136 {
137 if (bufferoff == buffersize)
138 buffer = (char *) realloc(buffer, buffersize *= 2);
139 *(buffer+bufferoff) = c;
140 bufferoff++;
141 }
142 if (bufferoff == 0 && c == EOF)
143 break;
144 *(buffer+bufferoff) = '\0';
145 bufferoff = 0;
146 if (_config->FindB("Debug::Acquire::gpgv", false))
147 std::cerr << "Read: " << buffer << std::endl;
148
149 // Push the data into three separate vectors, which
150 // we later concatenate. They're kept separate so
151 // if we improve the apt method communication stuff later
152 // it will be better.
153 if (strncmp(buffer, GNUPGBADSIG, sizeof(GNUPGBADSIG)-1) == 0)
154 {
155 if (_config->FindB("Debug::Acquire::gpgv", false))
156 std::cerr << "Got BADSIG! " << std::endl;
157 BadSigners.push_back(string(buffer+sizeof(GNUPGPREFIX)));
158 }
159
160 if (strncmp(buffer, GNUPGNOPUBKEY, sizeof(GNUPGNOPUBKEY)-1) == 0)
161 {
162 if (_config->FindB("Debug::Acquire::gpgv", false))
163 std::cerr << "Got NO_PUBKEY " << std::endl;
164 NoPubKeySigners.push_back(string(buffer+sizeof(GNUPGPREFIX)));
165 }
166
167 if (strncmp(buffer, GNUPGVALIDSIG, sizeof(GNUPGVALIDSIG)-1) == 0)
168 {
169 char *sig = buffer + sizeof(GNUPGPREFIX);
170 char *p = sig + sizeof("VALIDSIG");
171 while (*p && isxdigit(*p))
172 p++;
173 *p = 0;
174 if (_config->FindB("Debug::Acquire::gpgv", false))
175 std::cerr << "Got VALIDSIG, key ID:" << sig << std::endl;
176 GoodSigners.push_back(string(sig));
177 }
178 }
179 fclose(pipein);
180
181 waitpid(pid, &status, 0);
182 if (_config->FindB("Debug::Acquire::gpgv", false))
183 {
184 std::cerr <<"gpgv exited\n";
185 }
186
187 if (WEXITSTATUS(status) == 0)
188 {
189 if (GoodSigners.empty())
190 return "Internal error: Good signature, but could not determine key fingerprint?!";
191 return NULL;
192 }
193 else if (WEXITSTATUS(status) == 1)
194 {
195 return "At least one invalid signature was encountered.";
196 }
197 else if (WEXITSTATUS(status) == 111)
198 {
199 return (string("Could not execute ") + gpgvpath +
200 string(" to verify signature (is gnupg installed?)")).c_str();
201 }
202 else
203 {
204 return "Unknown error executing gpgv";
205 }
206}
207
208bool GPGVMethod::Fetch(FetchItem *Itm)
209{
210 URI Get = Itm->Uri;
211 string Path = Get.Host + Get.Path; // To account for relative paths
212 string keyID;
213 vector<string> GoodSigners;
214 vector<string> BadSigners;
215 vector<string> NoPubKeySigners;
216
217 FetchResult Res;
218 Res.Filename = Itm->DestFile;
219 URIStart(Res);
220
221 // Run gpgv on file, extract contents and get the key ID of the signer
222 const char *msg = VerifyGetSigners(Path.c_str(), Itm->DestFile.c_str(),
223 GoodSigners, BadSigners, NoPubKeySigners);
224 if (GoodSigners.empty() || !BadSigners.empty() || !NoPubKeySigners.empty())
225 {
226 string errmsg;
227 // In this case, something bad probably happened, so we just go
228 // with what the other method gave us for an error message.
229 if (BadSigners.empty() && NoPubKeySigners.empty())
230 errmsg = msg;
231 else
232 {
233 if (!BadSigners.empty())
234 {
235 errmsg += "The following signatures were invalid:\n";
236 for (vector<string>::iterator I = BadSigners.begin();
237 I != BadSigners.end(); I++)
238 errmsg += (*I + "\n");
239 }
240 if (!NoPubKeySigners.empty())
241 {
242 errmsg += "The following signatures couldn't be verified because the public key is not available:\n";
243 for (vector<string>::iterator I = NoPubKeySigners.begin();
244 I != NoPubKeySigners.end(); I++)
245 errmsg += (*I + "\n");
246 }
247 }
248 return _error->Error(errmsg.c_str());
249 }
250
251 // Transfer the modification times
252 struct stat Buf;
253 if (stat(Path.c_str(),&Buf) != 0)
254 return _error->Errno("stat","Failed to stat %s", Path.c_str());
255
256 struct utimbuf TimeBuf;
257 TimeBuf.actime = Buf.st_atime;
258 TimeBuf.modtime = Buf.st_mtime;
259 if (utime(Itm->DestFile.c_str(),&TimeBuf) != 0)
260 return _error->Errno("utime","Failed to set modification time");
261
262 if (stat(Itm->DestFile.c_str(),&Buf) != 0)
263 return _error->Errno("stat","Failed to stat");
264
265 // Return a Done response
266 Res.LastModified = Buf.st_mtime;
267 Res.Size = Buf.st_size;
268 // Just pass the raw output up, because passing it as a real data
269 // structure is too difficult with the method stuff. We keep it
270 // as three separate vectors for future extensibility.
271 Res.GPGVOutput = GoodSigners;
272 Res.GPGVOutput.insert(Res.GPGVOutput.end(),BadSigners.begin(),BadSigners.end());
273 Res.GPGVOutput.insert(Res.GPGVOutput.end(),NoPubKeySigners.begin(),NoPubKeySigners.end());
274 URIDone(Res);
275
276 if (_config->FindB("Debug::Acquire::gpgv", false))
277 {
278 std::cerr <<"gpgv suceeded\n";
279 }
280
281 return true;
282}
283
284
285int main()
286{
287 GPGVMethod Mth;
288
289 return Mth.Run();
290}
APT (for Cydia)