]> git.saurik.com Git - apt.git/blob - methods/gpgv.cc
Allow empty Reason-Phase in the Status-Lines, which is allowed by rtf
[apt.git] / methods / gpgv.cc
1 #include <apt-pkg/error.h>
2 #include <apt-pkg/acquire-method.h>
3 #include <apt-pkg/strutl.h>
4 #include <apti18n.h>
5
6 #include <sys/stat.h>
7 #include <unistd.h>
8 #include <utime.h>
9 #include <stdio.h>
10 #include <fcntl.h>
11 #include <errno.h>
12 #include <sys/wait.h>
13 #include <iostream>
14 #include <sstream>
15
16 #define GNUPGPREFIX "[GNUPG:]"
17 #define GNUPGBADSIG "[GNUPG:] BADSIG"
18 #define GNUPGNOPUBKEY "[GNUPG:] NO_PUBKEY"
19 #define GNUPGVALIDSIG "[GNUPG:] VALIDSIG"
20 #define GNUPGGOODSIG "[GNUPG:] GOODSIG"
21 #define GNUPGKEYEXPIRED "[GNUPG:] KEYEXPIRED"
22 #define GNUPGREVKEYSIG "[GNUPG:] REVKEYSIG"
23 #define GNUPGNODATA "[GNUPG:] NODATA"
24
25 class GPGVMethod : public pkgAcqMethod
26 {
27 private:
28 string VerifyGetSigners(const char *file, const char *outfile,
29 vector<string> &GoodSigners,
30 vector<string> &BadSigners,
31 vector<string> &WorthlessSigners,
32 vector<string> &NoPubKeySigners);
33
34 protected:
35 virtual bool Fetch(FetchItem *Itm);
36
37 public:
38
39 GPGVMethod() : pkgAcqMethod("1.0",SingleInstance | SendConfig) {};
40 };
41
42 string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile,
43 vector<string> &GoodSigners,
44 vector<string> &BadSigners,
45 vector<string> &WorthlessSigners,
46 vector<string> &NoPubKeySigners)
47 {
48 // setup a (empty) stringstream for formating the return value
49 std::stringstream ret;
50 ret.str("");
51
52 if (_config->FindB("Debug::Acquire::gpgv", false))
53 {
54 std::cerr << "inside VerifyGetSigners" << std::endl;
55 }
56 pid_t pid;
57 int fd[2];
58 FILE *pipein;
59 int status;
60 struct stat buff;
61 string gpgvpath = _config->Find("Dir::Bin::gpg", "/usr/bin/gpgv");
62 string pubringpath = _config->Find("APT::GPGV::TrustedKeyring", "/etc/apt/trusted.gpg");
63 if (_config->FindB("Debug::Acquire::gpgv", false))
64 {
65 std::cerr << "gpgv path: " << gpgvpath << std::endl;
66 std::cerr << "Keyring path: " << pubringpath << std::endl;
67 }
68
69 if (stat(pubringpath.c_str(), &buff) != 0)
70 {
71 ioprintf(ret, _("Couldn't access keyring: '%s'"), strerror(errno));
72 return ret.str();
73 }
74 if (pipe(fd) < 0)
75 {
76 return "Couldn't create pipe";
77 }
78
79 pid = fork();
80 if (pid < 0)
81 {
82 return string("Couldn't spawn new process") + strerror(errno);
83 }
84 else if (pid == 0)
85 {
86 const char *Args[400];
87 unsigned int i = 0;
88
89 Args[i++] = gpgvpath.c_str();
90 Args[i++] = "--status-fd";
91 Args[i++] = "3";
92 Args[i++] = "--ignore-time-conflict";
93 Args[i++] = "--keyring";
94 Args[i++] = pubringpath.c_str();
95
96 Configuration::Item const *Opts;
97 Opts = _config->Tree("Acquire::gpgv::Options");
98 if (Opts != 0)
99 {
100 Opts = Opts->Child;
101 for (; Opts != 0; Opts = Opts->Next)
102 {
103 if (Opts->Value.empty() == true)
104 continue;
105 Args[i++] = Opts->Value.c_str();
106 if(i >= 395) {
107 std::cerr << _("E: Argument list from Acquire::gpgv::Options too long. Exiting.") << std::endl;
108 exit(111);
109 }
110 }
111 }
112 Args[i++] = file;
113 Args[i++] = outfile;
114 Args[i++] = NULL;
115
116 if (_config->FindB("Debug::Acquire::gpgv", false))
117 {
118 std::cerr << "Preparing to exec: " << gpgvpath;
119 for(unsigned int j=0;Args[j] != NULL; j++)
120 std::cerr << " " << Args[j];
121 std::cerr << std::endl;
122 }
123 int nullfd = open("/dev/null", O_RDONLY);
124 close(fd[0]);
125 // Redirect output to /dev/null; we read from the status fd
126 dup2(nullfd, STDOUT_FILENO);
127 dup2(nullfd, STDERR_FILENO);
128 // Redirect the pipe to the status fd (3)
129 dup2(fd[1], 3);
130
131 putenv((char *)"LANG=");
132 putenv((char *)"LC_ALL=");
133 putenv((char *)"LC_MESSAGES=");
134 execvp(gpgvpath.c_str(), (char **)Args);
135
136 exit(111);
137 }
138 close(fd[1]);
139
140 pipein = fdopen(fd[0], "r");
141
142 // Loop over the output of gpgv, and check the signatures.
143 size_t buffersize = 64;
144 char *buffer = (char *) malloc(buffersize);
145 size_t bufferoff = 0;
146 while (1)
147 {
148 int c;
149
150 // Read a line. Sigh.
151 while ((c = getc(pipein)) != EOF && c != '\n')
152 {
153 if (bufferoff == buffersize)
154 buffer = (char *) realloc(buffer, buffersize *= 2);
155 *(buffer+bufferoff) = c;
156 bufferoff++;
157 }
158 if (bufferoff == 0 && c == EOF)
159 break;
160 *(buffer+bufferoff) = '\0';
161 bufferoff = 0;
162 if (_config->FindB("Debug::Acquire::gpgv", false))
163 std::cerr << "Read: " << buffer << std::endl;
164
165 // Push the data into three separate vectors, which
166 // we later concatenate. They're kept separate so
167 // if we improve the apt method communication stuff later
168 // it will be better.
169 if (strncmp(buffer, GNUPGBADSIG, sizeof(GNUPGBADSIG)-1) == 0)
170 {
171 if (_config->FindB("Debug::Acquire::gpgv", false))
172 std::cerr << "Got BADSIG! " << std::endl;
173 BadSigners.push_back(string(buffer+sizeof(GNUPGPREFIX)));
174 }
175
176 if (strncmp(buffer, GNUPGNOPUBKEY, sizeof(GNUPGNOPUBKEY)-1) == 0)
177 {
178 if (_config->FindB("Debug::Acquire::gpgv", false))
179 std::cerr << "Got NO_PUBKEY " << std::endl;
180 NoPubKeySigners.push_back(string(buffer+sizeof(GNUPGPREFIX)));
181 }
182 if (strncmp(buffer, GNUPGNODATA, sizeof(GNUPGBADSIG)-1) == 0)
183 {
184 if (_config->FindB("Debug::Acquire::gpgv", false))
185 std::cerr << "Got NODATA! " << std::endl;
186 BadSigners.push_back(string(buffer+sizeof(GNUPGPREFIX)));
187 }
188 if (strncmp(buffer, GNUPGKEYEXPIRED, sizeof(GNUPGKEYEXPIRED)-1) == 0)
189 {
190 if (_config->FindB("Debug::Acquire::gpgv", false))
191 std::cerr << "Got KEYEXPIRED! " << std::endl;
192 WorthlessSigners.push_back(string(buffer+sizeof(GNUPGPREFIX)));
193 }
194 if (strncmp(buffer, GNUPGREVKEYSIG, sizeof(GNUPGREVKEYSIG)-1) == 0)
195 {
196 if (_config->FindB("Debug::Acquire::gpgv", false))
197 std::cerr << "Got REVKEYSIG! " << std::endl;
198 WorthlessSigners.push_back(string(buffer+sizeof(GNUPGPREFIX)));
199 }
200 if (strncmp(buffer, GNUPGGOODSIG, sizeof(GNUPGGOODSIG)-1) == 0)
201 {
202 char *sig = buffer + sizeof(GNUPGPREFIX);
203 char *p = sig + sizeof("GOODSIG");
204 while (*p && isxdigit(*p))
205 p++;
206 *p = 0;
207 if (_config->FindB("Debug::Acquire::gpgv", false))
208 std::cerr << "Got GOODSIG, key ID:" << sig << std::endl;
209 GoodSigners.push_back(string(sig));
210 }
211 }
212 fclose(pipein);
213
214 waitpid(pid, &status, 0);
215 if (_config->FindB("Debug::Acquire::gpgv", false))
216 {
217 std::cerr << "gpgv exited\n";
218 }
219
220 if (WEXITSTATUS(status) == 0)
221 {
222 if (GoodSigners.empty())
223 return _("Internal error: Good signature, but could not determine key fingerprint?!");
224 return "";
225 }
226 else if (WEXITSTATUS(status) == 1)
227 {
228 return _("At least one invalid signature was encountered.");
229 }
230 else if (WEXITSTATUS(status) == 111)
231 {
232 ioprintf(ret, _("Could not execute '%s' to verify signature (is gpgv installed?)"), gpgvpath.c_str());
233 return ret.str();
234 }
235 else
236 {
237 return _("Unknown error executing gpgv");
238 }
239 }
240
241 bool GPGVMethod::Fetch(FetchItem *Itm)
242 {
243 URI Get = Itm->Uri;
244 string Path = Get.Host + Get.Path; // To account for relative paths
245 string keyID;
246 vector<string> GoodSigners;
247 vector<string> BadSigners;
248 // a worthless signature is a expired or revoked one
249 vector<string> WorthlessSigners;
250 vector<string> NoPubKeySigners;
251
252 FetchResult Res;
253 Res.Filename = Itm->DestFile;
254 URIStart(Res);
255
256 // Run gpgv on file, extract contents and get the key ID of the signer
257 string msg = VerifyGetSigners(Path.c_str(), Itm->DestFile.c_str(),
258 GoodSigners, BadSigners, WorthlessSigners,
259 NoPubKeySigners);
260 if (GoodSigners.empty() || !BadSigners.empty() || !NoPubKeySigners.empty())
261 {
262 string errmsg;
263 // In this case, something bad probably happened, so we just go
264 // with what the other method gave us for an error message.
265 if (BadSigners.empty() && WorthlessSigners.empty() && NoPubKeySigners.empty())
266 errmsg = msg;
267 else
268 {
269 if (!BadSigners.empty())
270 {
271 errmsg += _("The following signatures were invalid:\n");
272 for (vector<string>::iterator I = BadSigners.begin();
273 I != BadSigners.end(); I++)
274 errmsg += (*I + "\n");
275 }
276 if (!WorthlessSigners.empty())
277 {
278 errmsg += _("The following signatures were invalid:\n");
279 for (vector<string>::iterator I = WorthlessSigners.begin();
280 I != WorthlessSigners.end(); I++)
281 errmsg += (*I + "\n");
282 }
283 if (!NoPubKeySigners.empty())
284 {
285 errmsg += _("The following signatures couldn't be verified because the public key is not available:\n");
286 for (vector<string>::iterator I = NoPubKeySigners.begin();
287 I != NoPubKeySigners.end(); I++)
288 errmsg += (*I + "\n");
289 }
290 }
291 // this is only fatal if we have no good sigs or if we have at
292 // least one bad signature. good signatures and NoPubKey signatures
293 // happen easily when a file is signed with multiple signatures
294 if(GoodSigners.empty() or !BadSigners.empty())
295 return _error->Error("%s", errmsg.c_str());
296 }
297
298 // Just pass the raw output up, because passing it as a real data
299 // structure is too difficult with the method stuff. We keep it
300 // as three separate vectors for future extensibility.
301 Res.GPGVOutput = GoodSigners;
302 Res.GPGVOutput.insert(Res.GPGVOutput.end(),BadSigners.begin(),BadSigners.end());
303 Res.GPGVOutput.insert(Res.GPGVOutput.end(),NoPubKeySigners.begin(),NoPubKeySigners.end());
304 URIDone(Res);
305
306 if (_config->FindB("Debug::Acquire::gpgv", false))
307 {
308 std::cerr << "gpgv succeeded\n";
309 }
310
311 return true;
312 }
313
314
315 int main()
316 {
317 setlocale(LC_ALL, "");
318
319 GPGVMethod Mth;
320
321 return Mth.Run();
322 }