Skip to content

Commit

Permalink
Merge the keys directly in the keyring
Browse files Browse the repository at this point in the history 
Simplify the code by only suppporting RPMKEYRING_ADD and
RPMKEYRING_DELETE. Always do the right thing. API users can use a
combination of DELETE and ADD if they really need REPLACE.
  • Loading branch information
@ffesti @pmatilai
ffesti authored and pmatilai committed Jan 22, 2025
1 parent aec3d1d commit 23d6474
Show file tree
Hide file tree
Showing 3 changed files with 25 additions and 24 deletions.
6 changes: 2 additions & 4 deletions include/rpm/rpmkeyring.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,14 +16,12 @@ extern "C" {

/** \ingroup rpmkeyring
* Operation mode definitions for rpmKeyringModify
* ADD: add a new key, do nothing if the key is already present
* REPLACE: add a key, replace if already present
* ADD: add a new key, merge with pre-existing key
* DELETE: delete an existing key
*/
typedef enum rpmKeyringModifyMode_e {
RPMKEYRING_ADD = 1,
RPMKEYRING_REPLACE = 2,
RPMKEYRING_DELETE = 3
RPMKEYRING_DELETE = 2,
} rpmKeyringModifyMode;


Expand Down
19 changes: 2 additions & 17 deletions lib/rpmts.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -321,7 +321,6 @@ rpmRC rpmtxnImportPubkey(rpmtxn txn, const unsigned char * pkt, size_t pktlen)
rpmRC rc = RPMRC_FAIL; /* assume failure */
char *lints = NULL;
rpmPubkey pubkey = NULL;
rpmPubkey oldkey = NULL;
rpmKeyring keyring = NULL;
int krc;

Expand Down Expand Up @@ -353,34 +352,20 @@ rpmRC rpmtxnImportPubkey(rpmtxn txn, const unsigned char * pkt, size_t pktlen)
if ((pubkey = rpmPubkeyNew(pkt, pktlen)) == NULL)
goto exit;

oldkey = rpmKeyringLookupKey(keyring, pubkey);
if (oldkey) {
rpmPubkey mergedkey = NULL;
if (rpmPubkeyMerge(oldkey, pubkey, &mergedkey) != RPMRC_OK)
goto exit;
if (!mergedkey) {
rc = RPMRC_OK; /* already have key */
goto exit;
}
rpmPubkeyFree(pubkey);
pubkey = mergedkey;
}

krc = rpmKeyringModify(keyring, pubkey, oldkey ? RPMKEYRING_REPLACE : RPMKEYRING_ADD);
krc = rpmKeyringModify(keyring, pubkey, RPMKEYRING_ADD);
if (krc < 0)
goto exit;

/* If we dont already have the key, make a persistent record of it */
if (krc == 0) {
rc = ts->keystore->import_key(txn, pubkey, oldkey ? 1 : 0);
rc = ts->keystore->import_key(txn, pubkey, 1);
} else {
rc = RPMRC_OK; /* already have key */
}

exit:
/* Clean up. */
rpmPubkeyFree(pubkey);
rpmPubkeyFree(oldkey);

rpmKeyringFree(keyring);
return rc;
Expand Down
24 changes: 21 additions & 3 deletions rpmio/rpmkeyring.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -120,11 +120,26 @@ rpmKeyringIterator rpmKeyringIteratorFree(rpmKeyringIterator iterator)
int rpmKeyringModify(rpmKeyring keyring, rpmPubkey key, rpmKeyringModifyMode mode)
{
int rc = 1; /* assume already seen key */
rpmPubkey mergedkey = NULL;
if (keyring == NULL || key == NULL)
return -1;
if (mode != RPMKEYRING_ADD && mode != RPMKEYRING_DELETE && mode != RPMKEYRING_REPLACE)
if (mode != RPMKEYRING_ADD && mode != RPMKEYRING_DELETE)
return -1;

if (mode == RPMKEYRING_ADD) {
rpmPubkey oldkey = rpmKeyringLookupKey(keyring, key);
if (oldkey) {
if (rpmPubkeyMerge(oldkey, key, &mergedkey) != RPMRC_OK) {
rpmPubkeyFree(oldkey);
return -1;
}
if (mergedkey) {
key = mergedkey;
}
rpmPubkeyFree(oldkey);
}
}

/* check if we already have this key, but always wrlock for simplicity */
wrlock lock(keyring->mutex);
auto range = keyring->keys.equal_range(key->keyid);
Expand All @@ -133,7 +148,7 @@ int rpmKeyringModify(rpmKeyring keyring, rpmPubkey key, rpmKeyringModifyMode mod
if (item->second->fp == key->fp)
break;
}
if (item != range.second && (mode == RPMKEYRING_DELETE || mode == RPMKEYRING_REPLACE)) {
if (item != range.second) {
/* remove subkeys */
auto it = keyring->keys.begin();
while (it != keyring->keys.end()) {
Expand All @@ -147,7 +162,8 @@ int rpmKeyringModify(rpmKeyring keyring, rpmPubkey key, rpmKeyringModifyMode mod
rpmPubkeyFree(item->second);
keyring->keys.erase(item);
rc = 0;
} else if ((item == range.second && mode == RPMKEYRING_ADD) || mode == RPMKEYRING_REPLACE) {
}
if (mode == RPMKEYRING_ADD) {
int subkeysCount = 0;
rpmPubkey *subkeys = rpmGetSubkeys(key, &subkeysCount);
keyring->keys.insert({key->keyid, rpmPubkeyLink(key)});
Expand All @@ -162,6 +178,8 @@ int rpmKeyringModify(rpmKeyring keyring, rpmPubkey key, rpmKeyringModifyMode mod
free(subkeys);
rc = 0;
}
/* strip initial nref */
rpmPubkeyFree(mergedkey);

return rc;
}
Expand Down

0 comments on commit 23d6474

Please sign in to comment.