]> git.saurik.com Git - apt.git/blob - methods/gpgv.cc
DropPrivs: Move the re-set uid/gid thing to the end of the function
[apt.git] / methods / gpgv.cc
1 #include <config.h>
2
3 #include <apt-pkg/acquire-method.h>
4 #include <apt-pkg/configuration.h>
5 #include <apt-pkg/error.h>
6 #include <apt-pkg/gpgv.h>
7 #include <apt-pkg/strutl.h>
8 #include <apt-pkg/fileutl.h>
9
10 #include <ctype.h>
11 #include <errno.h>
12 #include <stddef.h>
13 #include <stdio.h>
14 #include <stdlib.h>
15 #include <string.h>
16 #include <sys/wait.h>
17 #include <unistd.h>
18 #include <iostream>
19 #include <string>
20 #include <vector>
21
22 #include <apti18n.h>
23
24 using std::string;
25 using std::vector;
26
27 #define GNUPGPREFIX "[GNUPG:]"
28 #define GNUPGBADSIG "[GNUPG:] BADSIG"
29 #define GNUPGNOPUBKEY "[GNUPG:] NO_PUBKEY"
30 #define GNUPGVALIDSIG "[GNUPG:] VALIDSIG"
31 #define GNUPGGOODSIG "[GNUPG:] GOODSIG"
32 #define GNUPGKEYEXPIRED "[GNUPG:] KEYEXPIRED"
33 #define GNUPGREVKEYSIG "[GNUPG:] REVKEYSIG"
34 #define GNUPGNODATA "[GNUPG:] NODATA"
35
36 class GPGVMethod : public pkgAcqMethod
37 {
38 private:
39 string VerifyGetSigners(const char *file, const char *outfile,
40 vector<string> &GoodSigners,
41 vector<string> &BadSigners,
42 vector<string> &WorthlessSigners,
43 vector<string> &NoPubKeySigners);
44
45 protected:
46 virtual bool Fetch(FetchItem *Itm);
47
48 public:
49
50 GPGVMethod() : pkgAcqMethod("1.0",SingleInstance | SendConfig) {};
51 };
52
53 string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile,
54 vector<string> &GoodSigners,
55 vector<string> &BadSigners,
56 vector<string> &WorthlessSigners,
57 vector<string> &NoPubKeySigners)
58 {
59 bool const Debug = _config->FindB("Debug::Acquire::gpgv", false);
60
61 if (Debug == true)
62 std::clog << "inside VerifyGetSigners" << std::endl;
63
64 int fd[2];
65
66 if (pipe(fd) < 0)
67 return "Couldn't create pipe";
68
69 pid_t pid = fork();
70 if (pid < 0)
71 return string("Couldn't spawn new process") + strerror(errno);
72 else if (pid == 0)
73 ExecGPGV(outfile, file, 3, fd);
74 close(fd[1]);
75
76 FILE *pipein = fdopen(fd[0], "r");
77
78 // Loop over the output of gpgv, and check the signatures.
79 size_t buffersize = 64;
80 char *buffer = (char *) malloc(buffersize);
81 size_t bufferoff = 0;
82 while (1)
83 {
84 int c;
85
86 // Read a line. Sigh.
87 while ((c = getc(pipein)) != EOF && c != '\n')
88 {
89 if (bufferoff == buffersize)
90 {
91 char* newBuffer = (char *) realloc(buffer, buffersize *= 2);
92 if (newBuffer == NULL)
93 {
94 free(buffer);
95 return "Couldn't allocate a buffer big enough for reading";
96 }
97 buffer = newBuffer;
98 }
99 *(buffer+bufferoff) = c;
100 bufferoff++;
101 }
102 if (bufferoff == 0 && c == EOF)
103 break;
104 *(buffer+bufferoff) = '\0';
105 bufferoff = 0;
106 if (Debug == true)
107 std::clog << "Read: " << buffer << std::endl;
108
109 // Push the data into three separate vectors, which
110 // we later concatenate. They're kept separate so
111 // if we improve the apt method communication stuff later
112 // it will be better.
113 if (strncmp(buffer, GNUPGBADSIG, sizeof(GNUPGBADSIG)-1) == 0)
114 {
115 if (Debug == true)
116 std::clog << "Got BADSIG! " << std::endl;
117 BadSigners.push_back(string(buffer+sizeof(GNUPGPREFIX)));
118 }
119
120 if (strncmp(buffer, GNUPGNOPUBKEY, sizeof(GNUPGNOPUBKEY)-1) == 0)
121 {
122 if (Debug == true)
123 std::clog << "Got NO_PUBKEY " << std::endl;
124 NoPubKeySigners.push_back(string(buffer+sizeof(GNUPGPREFIX)));
125 }
126 if (strncmp(buffer, GNUPGNODATA, sizeof(GNUPGBADSIG)-1) == 0)
127 {
128 if (Debug == true)
129 std::clog << "Got NODATA! " << std::endl;
130 BadSigners.push_back(string(buffer+sizeof(GNUPGPREFIX)));
131 }
132 if (strncmp(buffer, GNUPGKEYEXPIRED, sizeof(GNUPGKEYEXPIRED)-1) == 0)
133 {
134 if (Debug == true)
135 std::clog << "Got KEYEXPIRED! " << std::endl;
136 WorthlessSigners.push_back(string(buffer+sizeof(GNUPGPREFIX)));
137 }
138 if (strncmp(buffer, GNUPGREVKEYSIG, sizeof(GNUPGREVKEYSIG)-1) == 0)
139 {
140 if (Debug == true)
141 std::clog << "Got REVKEYSIG! " << std::endl;
142 WorthlessSigners.push_back(string(buffer+sizeof(GNUPGPREFIX)));
143 }
144 if (strncmp(buffer, GNUPGGOODSIG, sizeof(GNUPGGOODSIG)-1) == 0)
145 {
146 char *sig = buffer + sizeof(GNUPGPREFIX);
147 char *p = sig + sizeof("GOODSIG");
148 while (*p && isxdigit(*p))
149 p++;
150 *p = 0;
151 if (Debug == true)
152 std::clog << "Got GOODSIG, key ID:" << sig << std::endl;
153 GoodSigners.push_back(string(sig));
154 }
155 }
156 fclose(pipein);
157 free(buffer);
158
159 int status;
160 waitpid(pid, &status, 0);
161 if (Debug == true)
162 {
163 std::clog << "gpgv exited\n";
164 }
165
166 if (WEXITSTATUS(status) == 0)
167 {
168 if (GoodSigners.empty())
169 return _("Internal error: Good signature, but could not determine key fingerprint?!");
170 return "";
171 }
172 else if (WEXITSTATUS(status) == 1)
173 return _("At least one invalid signature was encountered.");
174 else if (WEXITSTATUS(status) == 111)
175 return _("Could not execute 'gpgv' to verify signature (is gpgv installed?)");
176 else if (WEXITSTATUS(status) == 112)
177 {
178 // acquire system checks for "NODATA" to generate GPG errors (the others are only warnings)
179 std::string errmsg;
180 //TRANSLATORS: %s is a single techy word like 'NODATA'
181 strprintf(errmsg, _("Clearsigned file isn't valid, got '%s' (does the network require authentication?)"), "NODATA");
182 return errmsg;
183 }
184 else
185 return _("Unknown error executing gpgv");
186 }
187
188 bool GPGVMethod::Fetch(FetchItem *Itm)
189 {
190 URI Get = Itm->Uri;
191 string Path = Get.Host + Get.Path; // To account for relative paths
192 string keyID;
193 vector<string> GoodSigners;
194 vector<string> BadSigners;
195 // a worthless signature is a expired or revoked one
196 vector<string> WorthlessSigners;
197 vector<string> NoPubKeySigners;
198
199 FetchResult Res;
200 Res.Filename = Itm->DestFile;
201 URIStart(Res);
202
203 // Run gpgv on file, extract contents and get the key ID of the signer
204 string msg = VerifyGetSigners(Path.c_str(), Itm->DestFile.c_str(),
205 GoodSigners, BadSigners, WorthlessSigners,
206 NoPubKeySigners);
207 if (GoodSigners.empty() || !BadSigners.empty() || !NoPubKeySigners.empty())
208 {
209 string errmsg;
210 // In this case, something bad probably happened, so we just go
211 // with what the other method gave us for an error message.
212 if (BadSigners.empty() && WorthlessSigners.empty() && NoPubKeySigners.empty())
213 errmsg = msg;
214 else
215 {
216 if (!BadSigners.empty())
217 {
218 errmsg += _("The following signatures were invalid:\n");
219 for (vector<string>::iterator I = BadSigners.begin();
220 I != BadSigners.end(); ++I)
221 errmsg += (*I + "\n");
222 }
223 if (!WorthlessSigners.empty())
224 {
225 errmsg += _("The following signatures were invalid:\n");
226 for (vector<string>::iterator I = WorthlessSigners.begin();
227 I != WorthlessSigners.end(); ++I)
228 errmsg += (*I + "\n");
229 }
230 if (!NoPubKeySigners.empty())
231 {
232 errmsg += _("The following signatures couldn't be verified because the public key is not available:\n");
233 for (vector<string>::iterator I = NoPubKeySigners.begin();
234 I != NoPubKeySigners.end(); ++I)
235 errmsg += (*I + "\n");
236 }
237 }
238 // this is only fatal if we have no good sigs or if we have at
239 // least one bad signature. good signatures and NoPubKey signatures
240 // happen easily when a file is signed with multiple signatures
241 if(GoodSigners.empty() or !BadSigners.empty())
242 return _error->Error("%s", errmsg.c_str());
243 }
244
245 // Just pass the raw output up, because passing it as a real data
246 // structure is too difficult with the method stuff. We keep it
247 // as three separate vectors for future extensibility.
248 Res.GPGVOutput = GoodSigners;
249 Res.GPGVOutput.insert(Res.GPGVOutput.end(),BadSigners.begin(),BadSigners.end());
250 Res.GPGVOutput.insert(Res.GPGVOutput.end(),NoPubKeySigners.begin(),NoPubKeySigners.end());
251 URIDone(Res);
252
253 if (_config->FindB("Debug::Acquire::gpgv", false))
254 {
255 std::clog << "gpgv succeeded\n";
256 }
257
258 return true;
259 }
260
261
262 int main()
263 {
264 setlocale(LC_ALL, "");
265
266 GPGVMethod Mth;
267
268 Mth.DropPrivsOrDie();
269
270 return Mth.Run();
271 }