]>
git.saurik.com Git - apt.git/blob - methods/gpgv.cc
24e945b2c3c772d4dfc62d7a024b930302de4a94
1 #include <apt-pkg/error.h>
2 #include <apt-pkg/acquire-method.h>
3 #include <apt-pkg/strutl.h>
14 #define GNUPGPREFIX "[GNUPG:]"
15 #define GNUPGBADSIG "[GNUPG:] BADSIG"
16 #define GNUPGNOPUBKEY "[GNUPG:] NO_PUBKEY"
17 #define GNUPGVALIDSIG "[GNUPG:] VALIDSIG"
19 class GPGVMethod
: public pkgAcqMethod
22 const char *VerifyGetSigners(const char *file
, const char *outfile
,
23 vector
<string
> &GoodSigners
, vector
<string
> &BadSigners
,
24 vector
<string
> &NoPubKeySigners
);
27 virtual bool Fetch(FetchItem
*Itm
);
31 GPGVMethod() : pkgAcqMethod("1.0",SingleInstance
| SendConfig
) {};
34 const char *GPGVMethod::VerifyGetSigners(const char *file
, const char *outfile
,
35 vector
<string
> &GoodSigners
,
36 vector
<string
> &BadSigners
,
37 vector
<string
> &NoPubKeySigners
)
39 if (_config
->FindB("Debug::Acquire::gpgv", false))
41 std::cerr
<< "inside VerifyGetSigners" << std::endl
;
48 string gpgvpath
= _config
->Find("Dir::Bin::gpg", "/usr/bin/gpgv");
49 string pubringpath
= _config
->Find("APT::GPGV::TrustedKeyring", "/etc/apt/trusted.gpg");
50 if (_config
->FindB("Debug::Acquire::gpgv", false))
52 std::cerr
<< "gpgv path: " << gpgvpath
<< std::endl
;
53 std::cerr
<< "Keyring path: " << pubringpath
<< std::endl
;
56 if (stat(pubringpath
.c_str(), &buff
) != 0)
57 return (string("Couldn't access keyring: ") + strerror(errno
)).c_str();
61 return "Couldn't create pipe";
67 return (string("Couldn't spawn new process") + strerror(errno
)).c_str();
71 const char *Args
[400];
74 Args
[i
++] = gpgvpath
.c_str();
75 Args
[i
++] = "--status-fd";
77 Args
[i
++] = "--keyring";
78 Args
[i
++] = pubringpath
.c_str();
80 Configuration::Item
const *Opts
;
81 Opts
= _config
->Tree("Acquire::gpgv::Options");
85 for (; Opts
!= 0; Opts
= Opts
->Next
)
87 if (Opts
->Value
.empty() == true)
89 Args
[i
++] = Opts
->Value
.c_str();
91 std::cerr
<< "E: Argument list from Acquire::gpgv::Options too long. Exiting." << std::endl
;
100 if (_config
->FindB("Debug::Acquire::gpgv", false))
102 std::cerr
<< "Preparing to exec: " << gpgvpath
;
103 for(unsigned int j
=0;Args
[j
] != NULL
; j
++)
104 std::cerr
<< " " << Args
[j
];
105 std::cerr
<< std::endl
;
107 int nullfd
= open("/dev/null", O_RDONLY
);
109 // Redirect output to /dev/null; we read from the status fd
110 dup2(nullfd
, STDOUT_FILENO
);
111 dup2(nullfd
, STDERR_FILENO
);
112 // Redirect the pipe to the status fd (3)
117 putenv("LC_MESSAGES=");
118 execvp(gpgvpath
.c_str(), (char **)Args
);
124 pipein
= fdopen(fd
[0], "r");
126 // Loop over the output of gpgv, and check the signatures.
127 size_t buffersize
= 64;
128 char *buffer
= (char *) malloc(buffersize
);
129 size_t bufferoff
= 0;
134 // Read a line. Sigh.
135 while ((c
= getc(pipein
)) != EOF
&& c
!= '\n')
137 if (bufferoff
== buffersize
)
138 buffer
= (char *) realloc(buffer
, buffersize
*= 2);
139 *(buffer
+bufferoff
) = c
;
142 if (bufferoff
== 0 && c
== EOF
)
144 *(buffer
+bufferoff
) = '\0';
146 if (_config
->FindB("Debug::Acquire::gpgv", false))
147 std::cerr
<< "Read: " << buffer
<< std::endl
;
149 // Push the data into three separate vectors, which
150 // we later concatenate. They're kept separate so
151 // if we improve the apt method communication stuff later
152 // it will be better.
153 if (strncmp(buffer
, GNUPGBADSIG
, sizeof(GNUPGBADSIG
)-1) == 0)
155 if (_config
->FindB("Debug::Acquire::gpgv", false))
156 std::cerr
<< "Got BADSIG! " << std::endl
;
157 BadSigners
.push_back(string(buffer
+sizeof(GNUPGPREFIX
)));
160 if (strncmp(buffer
, GNUPGNOPUBKEY
, sizeof(GNUPGNOPUBKEY
)-1) == 0)
162 if (_config
->FindB("Debug::Acquire::gpgv", false))
163 std::cerr
<< "Got NO_PUBKEY " << std::endl
;
164 NoPubKeySigners
.push_back(string(buffer
+sizeof(GNUPGPREFIX
)));
167 if (strncmp(buffer
, GNUPGVALIDSIG
, sizeof(GNUPGVALIDSIG
)-1) == 0)
169 char *sig
= buffer
+ sizeof(GNUPGPREFIX
);
170 char *p
= sig
+ sizeof("VALIDSIG");
171 while (*p
&& isxdigit(*p
))
174 if (_config
->FindB("Debug::Acquire::gpgv", false))
175 std::cerr
<< "Got VALIDSIG, key ID:" << sig
<< std::endl
;
176 GoodSigners
.push_back(string(sig
));
181 waitpid(pid
, &status
, 0);
182 if (_config
->FindB("Debug::Acquire::gpgv", false))
184 std::cerr
<<"gpgv exited\n";
187 if (WEXITSTATUS(status
) == 0)
189 if (GoodSigners
.empty())
190 return "Internal error: Good signature, but could not determine key fingerprint?!";
193 else if (WEXITSTATUS(status
) == 1)
195 return "At least one invalid signature was encountered.";
197 else if (WEXITSTATUS(status
) == 111)
199 return (string("Could not execute ") + gpgvpath
+
200 string(" to verify signature (is gnupg installed?)")).c_str();
204 return "Unknown error executing gpgv";
208 bool GPGVMethod::Fetch(FetchItem
*Itm
)
211 string Path
= Get
.Host
+ Get
.Path
; // To account for relative paths
213 vector
<string
> GoodSigners
;
214 vector
<string
> BadSigners
;
215 vector
<string
> NoPubKeySigners
;
218 Res
.Filename
= Itm
->DestFile
;
221 // Run gpgv on file, extract contents and get the key ID of the signer
222 const char *msg
= VerifyGetSigners(Path
.c_str(), Itm
->DestFile
.c_str(),
223 GoodSigners
, BadSigners
, NoPubKeySigners
);
224 if (GoodSigners
.empty() || !BadSigners
.empty() || !NoPubKeySigners
.empty())
227 // In this case, something bad probably happened, so we just go
228 // with what the other method gave us for an error message.
229 if (BadSigners
.empty() && NoPubKeySigners
.empty())
233 if (!BadSigners
.empty())
235 errmsg
+= "The following signatures were invalid:\n";
236 for (vector
<string
>::iterator I
= BadSigners
.begin();
237 I
!= BadSigners
.end(); I
++)
238 errmsg
+= (*I
+ "\n");
240 if (!NoPubKeySigners
.empty())
242 errmsg
+= "The following signatures couldn't be verified because the public key is not available:\n";
243 for (vector
<string
>::iterator I
= NoPubKeySigners
.begin();
244 I
!= NoPubKeySigners
.end(); I
++)
245 errmsg
+= (*I
+ "\n");
248 return _error
->Error(errmsg
.c_str());
251 // Transfer the modification times
253 if (stat(Path
.c_str(),&Buf
) != 0)
254 return _error
->Errno("stat","Failed to stat %s", Path
.c_str());
256 struct utimbuf TimeBuf
;
257 TimeBuf
.actime
= Buf
.st_atime
;
258 TimeBuf
.modtime
= Buf
.st_mtime
;
259 if (utime(Itm
->DestFile
.c_str(),&TimeBuf
) != 0)
260 return _error
->Errno("utime","Failed to set modification time");
262 if (stat(Itm
->DestFile
.c_str(),&Buf
) != 0)
263 return _error
->Errno("stat","Failed to stat");
265 // Return a Done response
266 Res
.LastModified
= Buf
.st_mtime
;
267 Res
.Size
= Buf
.st_size
;
268 // Just pass the raw output up, because passing it as a real data
269 // structure is too difficult with the method stuff. We keep it
270 // as three separate vectors for future extensibility.
271 Res
.GPGVOutput
= GoodSigners
;
272 Res
.GPGVOutput
.insert(Res
.GPGVOutput
.end(),BadSigners
.begin(),BadSigners
.end());
273 Res
.GPGVOutput
.insert(Res
.GPGVOutput
.end(),NoPubKeySigners
.begin(),NoPubKeySigners
.end());
276 if (_config
->FindB("Debug::Acquire::gpgv", false))
278 std::cerr
<<"gpgv suceeded\n";