methods/gpgv.cc

   1 #include <config.h>
   2
   3 #include <apt-pkg/acquire-method.h>
   4 #include <apt-pkg/configuration.h>
   5 #include <apt-pkg/error.h>
   6 #include <apt-pkg/gpgv.h>
   7 #include <apt-pkg/strutl.h>
   8 #include <apt-pkg/fileutl.h>
   9
  10 #include <ctype.h>
  11 #include <errno.h>
  12 #include <stddef.h>
  13 #include <stdio.h>
  14 #include <stdlib.h>
  15 #include <string.h>
  16 #include <sys/wait.h>
  17 #include <unistd.h>
  18 #include <iostream>
  19 #include <string>
  20 #include <vector>
  21
  22 #include <apti18n.h>
  23
  24 using std::string;
  25 using std::vector;
  26
  27 #define GNUPGPREFIX "[GNUPG:]"
  28 #define GNUPGBADSIG "[GNUPG:] BADSIG"
  29 #define GNUPGNOPUBKEY "[GNUPG:] NO_PUBKEY"
  30 #define GNUPGVALIDSIG "[GNUPG:] VALIDSIG"
  31 #define GNUPGGOODSIG "[GNUPG:] GOODSIG"
  32 #define GNUPGKEYEXPIRED "[GNUPG:] KEYEXPIRED"
  33 #define GNUPGREVKEYSIG "[GNUPG:] REVKEYSIG"
  34 #define GNUPGNODATA "[GNUPG:] NODATA"
  35
  36 class GPGVMethod : public pkgAcqMethod
  37 {
  38    private:
  39    string VerifyGetSigners(const char *file, const char *outfile,
  40                                 std::string const &key,
  41                                 vector<string> &GoodSigners,
  42                                 vector<string> &BadSigners,
  43                                 vector<string> &WorthlessSigners,
  44                                 vector<string> &NoPubKeySigners);
  45
  46    protected:
  47    virtual bool URIAcquire(std::string const &Message, FetchItem *Itm);
  48    virtual bool Configuration(string Message);
  49    public:
  50
  51    GPGVMethod() : pkgAcqMethod("1.0",SingleInstance | SendConfig) {};
  52 };
  53
  54 bool GPGVMethod::Configuration(string Message)
  55 {
  56    if (pkgAcqMethod::Configuration(Message) == false)
  57       return false;
  58
  59    DropPrivsOrDie();
  60
  61    return true;
  62 }
  63
  64 string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile,
  65                                          std::string const &key,
  66                                          vector<string> &GoodSigners,
  67                                          vector<string> &BadSigners,
  68                                          vector<string> &WorthlessSigners,
  69                                          vector<string> &NoPubKeySigners)
  70 {
  71    bool const Debug = _config->FindB("Debug::Acquire::gpgv", false);
  72
  73    if (Debug == true)
  74       std::clog << "inside VerifyGetSigners" << std::endl;
  75
  76    int fd[2];
  77
  78    if (pipe(fd) < 0)
  79       return "Couldn't create pipe";
  80
  81    pid_t pid = fork();
  82    if (pid < 0)
  83       return string("Couldn't spawn new process") + strerror(errno);
  84    else if (pid == 0)
  85       ExecGPGV(outfile, file, 3, fd, key);
  86    close(fd[1]);
  87
  88    FILE *pipein = fdopen(fd[0], "r");
  89
  90    // Loop over the output of apt-key (which really is gnupg), and check the signatures.
  91    size_t buffersize = 0;
  92    char *buffer = NULL;
  93    while (1)
  94    {
  95       if (getline(&buffer, &buffersize, pipein) == -1)
  96          break;
  97       if (Debug == true)
  98          std::clog << "Read: " << buffer << std::endl;
  99
 100       // Push the data into three separate vectors, which
 101       // we later concatenate.  They're kept separate so
 102       // if we improve the apt method communication stuff later
 103       // it will be better.
 104       if (strncmp(buffer, GNUPGBADSIG, sizeof(GNUPGBADSIG)-1) == 0)
 105       {
 106          if (Debug == true)
 107             std::clog << "Got BADSIG! " << std::endl;
 108          BadSigners.push_back(string(buffer+sizeof(GNUPGPREFIX)));
 109       }
 110
 111       if (strncmp(buffer, GNUPGNOPUBKEY, sizeof(GNUPGNOPUBKEY)-1) == 0)
 112       {
 113          if (Debug == true)
 114             std::clog << "Got NO_PUBKEY " << std::endl;
 115          NoPubKeySigners.push_back(string(buffer+sizeof(GNUPGPREFIX)));
 116       }
 117       if (strncmp(buffer, GNUPGNODATA, sizeof(GNUPGBADSIG)-1) == 0)
 118       {
 119          if (Debug == true)
 120             std::clog << "Got NODATA! " << std::endl;
 121          BadSigners.push_back(string(buffer+sizeof(GNUPGPREFIX)));
 122       }
 123       if (strncmp(buffer, GNUPGKEYEXPIRED, sizeof(GNUPGKEYEXPIRED)-1) == 0)
 124       {
 125          if (Debug == true)
 126             std::clog << "Got KEYEXPIRED! " << std::endl;
 127          WorthlessSigners.push_back(string(buffer+sizeof(GNUPGPREFIX)));
 128       }
 129       if (strncmp(buffer, GNUPGREVKEYSIG, sizeof(GNUPGREVKEYSIG)-1) == 0)
 130       {
 131          if (Debug == true)
 132             std::clog << "Got REVKEYSIG! " << std::endl;
 133          WorthlessSigners.push_back(string(buffer+sizeof(GNUPGPREFIX)));
 134       }
 135       if (strncmp(buffer, GNUPGGOODSIG, sizeof(GNUPGGOODSIG)-1) == 0)
 136       {
 137          char *sig = buffer + sizeof(GNUPGPREFIX);
 138          char *p = sig + sizeof("GOODSIG");
 139          while (*p && isxdigit(*p))
 140             p++;
 141          *p = 0;
 142          if (Debug == true)
 143             std::clog << "Got GOODSIG, key ID:" << sig << std::endl;
 144          GoodSigners.push_back(string(sig));
 145       }
 146    }
 147    fclose(pipein);
 148    free(buffer);
 149
 150    int status;
 151    waitpid(pid, &status, 0);
 152    if (Debug == true)
 153    {
 154       ioprintf(std::clog, "gpgv exited with status %i\n", WEXITSTATUS(status));
 155    }
 156
 157    if (WEXITSTATUS(status) == 0)
 158    {
 159       if (GoodSigners.empty())
 160          return _("Internal error: Good signature, but could not determine key fingerprint?!");
 161       return "";
 162    }
 163    else if (WEXITSTATUS(status) == 1)
 164       return _("At least one invalid signature was encountered.");
 165    else if (WEXITSTATUS(status) == 111)
 166       return _("Could not execute 'apt-key' to verify signature (is gnupg installed?)");
 167    else if (WEXITSTATUS(status) == 112)
 168    {
 169       // acquire system checks for "NODATA" to generate GPG errors (the others are only warnings)
 170       std::string errmsg;
 171       //TRANSLATORS: %s is a single techy word like 'NODATA'
 172       strprintf(errmsg, _("Clearsigned file isn't valid, got '%s' (does the network require authentication?)"), "NODATA");
 173       return errmsg;
 174    }
 175    else
 176       return _("Unknown error executing apt-key");
 177 }
 178
 179 bool GPGVMethod::URIAcquire(std::string const &Message, FetchItem *Itm)
 180 {
 181    URI const Get = Itm->Uri;
 182    string const Path = Get.Host + Get.Path; // To account for relative paths
 183    std::string const key = LookupTag(Message, "Signed-By");
 184    vector<string> GoodSigners;
 185    vector<string> BadSigners;
 186    // a worthless signature is a expired or revoked one
 187    vector<string> WorthlessSigners;
 188    vector<string> NoPubKeySigners;
 189
 190    FetchResult Res;
 191    Res.Filename = Itm->DestFile;
 192    URIStart(Res);
 193
 194    // Run apt-key on file, extract contents and get the key ID of the signer
 195    string msg = VerifyGetSigners(Path.c_str(), Itm->DestFile.c_str(), key,
 196                                  GoodSigners, BadSigners, WorthlessSigners,
 197                                  NoPubKeySigners);
 198    if (GoodSigners.empty() || !BadSigners.empty() || !NoPubKeySigners.empty())
 199    {
 200       string errmsg;
 201       // In this case, something bad probably happened, so we just go
 202       // with what the other method gave us for an error message.
 203       if (BadSigners.empty() && WorthlessSigners.empty() && NoPubKeySigners.empty())
 204          errmsg = msg;
 205       else
 206       {
 207          if (!BadSigners.empty())
 208          {
 209             errmsg += _("The following signatures were invalid:\n");
 210             for (vector<string>::iterator I = BadSigners.begin();
 211                  I != BadSigners.end(); ++I)
 212                errmsg += (*I + "\n");
 213          }
 214          if (!WorthlessSigners.empty())
 215          {
 216             errmsg += _("The following signatures were invalid:\n");
 217             for (vector<string>::iterator I = WorthlessSigners.begin();
 218                  I != WorthlessSigners.end(); ++I)
 219                errmsg += (*I + "\n");
 220          }
 221          if (!NoPubKeySigners.empty())
 222          {
 223              errmsg += _("The following signatures couldn't be verified because the public key is not available:\n");
 224             for (vector<string>::iterator I = NoPubKeySigners.begin();
 225                  I != NoPubKeySigners.end(); ++I)
 226                errmsg += (*I + "\n");
 227          }
 228       }
 229       // this is only fatal if we have no good sigs or if we have at
 230       // least one bad signature. good signatures and NoPubKey signatures
 231       // happen easily when a file is signed with multiple signatures
 232       if(GoodSigners.empty() or !BadSigners.empty())
 233          return _error->Error("%s", errmsg.c_str());
 234    }
 235
 236    // Just pass the raw output up, because passing it as a real data
 237    // structure is too difficult with the method stuff.  We keep it
 238    // as three separate vectors for future extensibility.
 239    Res.GPGVOutput = GoodSigners;
 240    Res.GPGVOutput.insert(Res.GPGVOutput.end(),BadSigners.begin(),BadSigners.end());
 241    Res.GPGVOutput.insert(Res.GPGVOutput.end(),NoPubKeySigners.begin(),NoPubKeySigners.end());
 242    URIDone(Res);
 243
 244    if (_config->FindB("Debug::Acquire::gpgv", false))
 245    {
 246       std::clog << "apt-key succeeded\n";
 247    }
 248
 249    return true;
 250 }
 251
 252
 253 int main()
 254 {
 255    setlocale(LC_ALL, "");
 256
 257    GPGVMethod Mth;
 258
 259    return Mth.Run();
 260 }