Skip to content

Commit

Permalink
Handle subkeys in rpmKeyringModify
Browse files Browse the repository at this point in the history
Remove all other subkey handling code

Inline the remaining few lines of keyringAdd in keystore.cc

This slightly changes the DEBUG messages as the keyring does not have
access to the origin of the keys. So rpmtsLoadKeyringFrom* still gives
the location the keys came from while the keyring only lists the
fingerprint of the primary keys and the number for the sub keys.

This changes the return value of rpmKeystoreLoad to the number of
primary keys and no longer accounts for the subkeys.

Subkeys are covered by multiple test already - including merging a newer
key. So this does not add additional tests.

Resolves: rpm-software-management#3350
  • Loading branch information
ffesti committed Oct 24, 2024
1 parent 50615f5 commit 1ad8f79
Show file tree
Hide file tree
Showing 3 changed files with 29 additions and 36 deletions.
34 changes: 8 additions & 26 deletions lib/keystore.cc
Original file line number Diff line number Diff line change
Expand Up @@ -27,30 +27,6 @@ enum {
KEYRING_FS = 2,
};

static int keyringAdd(rpmKeyring keyring, rpmPubkey key, const char *name)
{
int nkeys = 0;
if (rpmKeyringAddKey(keyring, key) == 0) {
nkeys++;
rpmlog(RPMLOG_DEBUG, "added key %s to keyring\n", name);

int subkeysCount = 0;
rpmPubkey *subkeys = rpmGetSubkeys(key, &subkeysCount);
for (int i = 0; i < subkeysCount; i++) {
rpmPubkey subkey = subkeys[i];

if (rpmKeyringAddKey(keyring, subkey) == 0) {
rpmlog(RPMLOG_DEBUG,
"added subkey %d of main key %s to keyring\n", i, name);
nkeys++;
}
rpmPubkeyFree(subkey);
}
free(subkeys);
}
return nkeys;
}

static int rpmtsLoadKeyringFromFiles(rpmts ts, rpmKeyring keyring)
{
ARGV_t files = NULL;
Expand All @@ -72,7 +48,10 @@ static int rpmtsLoadKeyringFromFiles(rpmts ts, rpmKeyring keyring)
continue;
}

nkeys += keyringAdd(keyring, key, *f);
if (rpmKeyringAddKey(keyring, key) == 0) {
rpmlog(RPMLOG_DEBUG, "Loaded key %s\n", *f);
nkeys++;
}
rpmPubkeyFree(key);
}
exit:
Expand Down Expand Up @@ -183,7 +162,10 @@ static int rpmtsLoadKeyringFromDB(rpmts ts, rpmKeyring keyring)
rpmPubkey key = rpmPubkeyNew(pkt, pktlen);

if (key) {
nkeys += keyringAdd(keyring, key, nevr);
if (rpmKeyringAddKey(keyring, key) == 0) {
rpmlog(RPMLOG_DEBUG, "Loaded key %s\n", nevr);
nkeys++;
}
rpmPubkeyFree(key);
}
free(pkt);
Expand Down
11 changes: 1 addition & 10 deletions lib/rpmts.cc
Original file line number Diff line number Diff line change
Expand Up @@ -291,11 +291,9 @@ rpmRC rpmtxnImportPubkey(rpmtxn txn, const unsigned char * pkt, size_t pktlen)
rpmRC rc = RPMRC_FAIL; /* assume failure */
char *lints = NULL;
rpmPubkey pubkey = NULL;
rpmPubkey *subkeys = NULL;
rpmPubkey oldkey = NULL;
int subkeysCount = 0;
rpmKeyring keyring = NULL;
int krc, i;
int krc;

if (txn == NULL)
return rc;
Expand Down Expand Up @@ -337,14 +335,10 @@ rpmRC rpmtxnImportPubkey(rpmtxn txn, const unsigned char * pkt, size_t pktlen)
rpmPubkeyFree(pubkey);
pubkey = mergedkey;
}
if ((subkeys = rpmGetSubkeys(pubkey, &subkeysCount)) == NULL)
goto exit;

krc = rpmKeyringModify(keyring, pubkey, oldkey ? RPMKEYRING_REPLACE : RPMKEYRING_ADD);
if (krc < 0)
goto exit;
for (i = 0; i < subkeysCount; i++)
rpmKeyringModify(keyring, subkeys[i], oldkey ? RPMKEYRING_REPLACE : RPMKEYRING_ADD);

/* If we dont already have the key, make a persistent record of it */
if (krc == 0) {
Expand All @@ -356,9 +350,6 @@ rpmRC rpmtxnImportPubkey(rpmtxn txn, const unsigned char * pkt, size_t pktlen)
exit:
/* Clean up. */
rpmPubkeyFree(pubkey);
for (i = 0; i < subkeysCount; i++)
rpmPubkeyFree(subkeys[i]);
free(subkeys);
rpmPubkeyFree(oldkey);

rpmKeyringFree(keyring);
Expand Down
20 changes: 20 additions & 0 deletions rpmio/rpmkeyring.cc
Original file line number Diff line number Diff line change
Expand Up @@ -134,11 +134,31 @@ int rpmKeyringModify(rpmKeyring keyring, rpmPubkey key, rpmKeyringModifyMode mod
break;
}
if (item != range.second && (mode == RPMKEYRING_DELETE || mode == RPMKEYRING_REPLACE)) {
/* remove sub keys */
for (auto it = keyring->keys.begin(); it != keyring->keys.end();) {
if (it->second->primarykey == item->second) {
rpmPubkeyFree(it->second);
it = keyring->keys.erase(it);
} else {
++it;
}
}
rpmPubkeyFree(item->second);
keyring->keys.erase(item);
rc = 0;
} else if ((item == range.second && mode == RPMKEYRING_ADD) || mode == RPMKEYRING_REPLACE) {
int subkeysCount = 0;
rpmPubkey *subkeys = rpmGetSubkeys(key, &subkeysCount);
keyring->keys.insert({key->keyid, rpmPubkeyLink(key)});
rpmlog(RPMLOG_DEBUG, "added key %s to keyring\n", rpmPubkeyFingerprintAsHex(key));
/* add subkeys */
for (int i = 0; i < subkeysCount; i++) {
rpmPubkey subkey = subkeys[i];
keyring->keys.insert({subkey->keyid, subkey});
rpmlog(RPMLOG_DEBUG,
"added subkey %d of main key %s to keyring\n", i, rpmPubkeyFingerprintAsHex(key));
}
free(subkeys);
rc = 0;
}

Expand Down

0 comments on commit 1ad8f79

Please sign in to comment.