diff --git a/include/rpm/rpmkeyring.h b/include/rpm/rpmkeyring.h index d0764b6f81..00f33800cb 100644 --- a/include/rpm/rpmkeyring.h +++ b/include/rpm/rpmkeyring.h @@ -16,14 +16,12 @@ extern "C" { /** \ingroup rpmkeyring * Operation mode definitions for rpmKeyringModify - * ADD: add a new key, do nothing if the key is already present - * REPLACE: add a key, replace if already present + * ADD: add a new key, merge with pre-existing key * DELETE: delete an existing key */ typedef enum rpmKeyringModifyMode_e { RPMKEYRING_ADD = 1, - RPMKEYRING_REPLACE = 2, - RPMKEYRING_DELETE = 3 + RPMKEYRING_DELETE = 2, } rpmKeyringModifyMode; diff --git a/lib/rpmts.cc b/lib/rpmts.cc index e01ddf92f9..20ecab4c25 100644 --- a/lib/rpmts.cc +++ b/lib/rpmts.cc @@ -321,7 +321,6 @@ rpmRC rpmtxnImportPubkey(rpmtxn txn, const unsigned char * pkt, size_t pktlen) rpmRC rc = RPMRC_FAIL; /* assume failure */ char *lints = NULL; rpmPubkey pubkey = NULL; - rpmPubkey oldkey = NULL; rpmKeyring keyring = NULL; int krc; @@ -353,26 +352,13 @@ rpmRC rpmtxnImportPubkey(rpmtxn txn, const unsigned char * pkt, size_t pktlen) if ((pubkey = rpmPubkeyNew(pkt, pktlen)) == NULL) goto exit; - oldkey = rpmKeyringLookupKey(keyring, pubkey); - if (oldkey) { - rpmPubkey mergedkey = NULL; - if (rpmPubkeyMerge(oldkey, pubkey, &mergedkey) != RPMRC_OK) - goto exit; - if (!mergedkey) { - rc = RPMRC_OK; /* already have key */ - goto exit; - } - rpmPubkeyFree(pubkey); - pubkey = mergedkey; - } - - krc = rpmKeyringModify(keyring, pubkey, oldkey ? RPMKEYRING_REPLACE : RPMKEYRING_ADD); + krc = rpmKeyringModify(keyring, pubkey, RPMKEYRING_ADD); if (krc < 0) goto exit; /* If we dont already have the key, make a persistent record of it */ if (krc == 0) { - rc = ts->keystore->import_key(txn, pubkey, oldkey ? 1 : 0); + rc = ts->keystore->import_key(txn, pubkey, 1); } else { rc = RPMRC_OK; /* already have key */ } @@ -380,7 +366,6 @@ rpmRC rpmtxnImportPubkey(rpmtxn txn, const unsigned char * pkt, size_t pktlen) exit: /* Clean up. */ rpmPubkeyFree(pubkey); - rpmPubkeyFree(oldkey); rpmKeyringFree(keyring); return rc; diff --git a/rpmio/rpmkeyring.cc b/rpmio/rpmkeyring.cc index 4ed4facbb9..7edbf83a77 100644 --- a/rpmio/rpmkeyring.cc +++ b/rpmio/rpmkeyring.cc @@ -120,11 +120,26 @@ rpmKeyringIterator rpmKeyringIteratorFree(rpmKeyringIterator iterator) int rpmKeyringModify(rpmKeyring keyring, rpmPubkey key, rpmKeyringModifyMode mode) { int rc = 1; /* assume already seen key */ + rpmPubkey mergedkey = NULL; if (keyring == NULL || key == NULL) return -1; - if (mode != RPMKEYRING_ADD && mode != RPMKEYRING_DELETE && mode != RPMKEYRING_REPLACE) + if (mode != RPMKEYRING_ADD && mode != RPMKEYRING_DELETE) return -1; + if (mode == RPMKEYRING_ADD) { + rpmPubkey oldkey = rpmKeyringLookupKey(keyring, key); + if (oldkey) { + if (rpmPubkeyMerge(oldkey, key, &mergedkey) != RPMRC_OK) { + rpmPubkeyFree(oldkey); + return -1; + } + if (mergedkey) { + key = mergedkey; + } + rpmPubkeyFree(oldkey); + } + } + /* check if we already have this key, but always wrlock for simplicity */ wrlock lock(keyring->mutex); auto range = keyring->keys.equal_range(key->keyid); @@ -133,7 +148,7 @@ int rpmKeyringModify(rpmKeyring keyring, rpmPubkey key, rpmKeyringModifyMode mod if (item->second->fp == key->fp) break; } - if (item != range.second && (mode == RPMKEYRING_DELETE || mode == RPMKEYRING_REPLACE)) { + if (item != range.second) { /* remove subkeys */ auto it = keyring->keys.begin(); while (it != keyring->keys.end()) { @@ -147,7 +162,8 @@ int rpmKeyringModify(rpmKeyring keyring, rpmPubkey key, rpmKeyringModifyMode mod rpmPubkeyFree(item->second); keyring->keys.erase(item); rc = 0; - } else if ((item == range.second && mode == RPMKEYRING_ADD) || mode == RPMKEYRING_REPLACE) { + } + if (mode == RPMKEYRING_ADD) { int subkeysCount = 0; rpmPubkey *subkeys = rpmGetSubkeys(key, &subkeysCount); keyring->keys.insert({key->keyid, rpmPubkeyLink(key)}); @@ -162,6 +178,8 @@ int rpmKeyringModify(rpmKeyring keyring, rpmPubkey key, rpmKeyringModifyMode mod free(subkeys); rc = 0; } + /* strip initial nref */ + rpmPubkeyFree(mergedkey); return rc; }