From c0e43f81f45c20c3e4718d2c131e49860658ac8e Mon Sep 17 00:00:00 2001 From: Florian Festi Date: Thu, 24 Oct 2024 14:13:05 +0200 Subject: [PATCH] Handle subkeys in rpmKeyringModify Remove all other subkey handling code Inline the remaining few lines of keyringAdd in keystore.cc This slightly changes the DEBUG messages as the keyring does not have access to the origin of the keys. So rpmtsLoadKeyringFrom* still gives the location the keys came from while the keyring only lists the fingerprint of the primary keys and the number for the sub keys. This changes the return value of rpmKeystoreLoad to the number of primary keys and no longer accounts for the subkeys. Subkeys are covered by multiple test already - including merging a newer key. So this does not add additional tests. Resolves: #3350 --- lib/keystore.cc | 34 ++++++++-------------------------- lib/rpmts.cc | 11 +---------- rpmio/rpmkeyring.cc | 21 +++++++++++++++++++++ 3 files changed, 30 insertions(+), 36 deletions(-) diff --git a/lib/keystore.cc b/lib/keystore.cc index e393341f0a..d464ffad51 100644 --- a/lib/keystore.cc +++ b/lib/keystore.cc @@ -27,30 +27,6 @@ enum { KEYRING_FS = 2, }; -static int keyringAdd(rpmKeyring keyring, rpmPubkey key, const char *name) -{ - int nkeys = 0; - if (rpmKeyringAddKey(keyring, key) == 0) { - nkeys++; - rpmlog(RPMLOG_DEBUG, "added key %s to keyring\n", name); - - int subkeysCount = 0; - rpmPubkey *subkeys = rpmGetSubkeys(key, &subkeysCount); - for (int i = 0; i < subkeysCount; i++) { - rpmPubkey subkey = subkeys[i]; - - if (rpmKeyringAddKey(keyring, subkey) == 0) { - rpmlog(RPMLOG_DEBUG, - "added subkey %d of main key %s to keyring\n", i, name); - nkeys++; - } - rpmPubkeyFree(subkey); - } - free(subkeys); - } - return nkeys; -} - static int rpmtsLoadKeyringFromFiles(rpmts ts, rpmKeyring keyring) { ARGV_t files = NULL; @@ -72,7 +48,10 @@ static int rpmtsLoadKeyringFromFiles(rpmts ts, rpmKeyring keyring) continue; } - nkeys += keyringAdd(keyring, key, *f); + if (rpmKeyringAddKey(keyring, key) == 0) { + rpmlog(RPMLOG_DEBUG, "Loaded key %s\n", *f); + nkeys++; + } rpmPubkeyFree(key); } exit: @@ -183,7 +162,10 @@ static int rpmtsLoadKeyringFromDB(rpmts ts, rpmKeyring keyring) rpmPubkey key = rpmPubkeyNew(pkt, pktlen); if (key) { - nkeys += keyringAdd(keyring, key, nevr); + if (rpmKeyringAddKey(keyring, key) == 0) { + rpmlog(RPMLOG_DEBUG, "Loaded key %s\n", nevr); + nkeys++; + } rpmPubkeyFree(key); } free(pkt); diff --git a/lib/rpmts.cc b/lib/rpmts.cc index 4d2fe079cf..ebaa354e09 100644 --- a/lib/rpmts.cc +++ b/lib/rpmts.cc @@ -291,11 +291,9 @@ rpmRC rpmtxnImportPubkey(rpmtxn txn, const unsigned char * pkt, size_t pktlen) rpmRC rc = RPMRC_FAIL; /* assume failure */ char *lints = NULL; rpmPubkey pubkey = NULL; - rpmPubkey *subkeys = NULL; rpmPubkey oldkey = NULL; - int subkeysCount = 0; rpmKeyring keyring = NULL; - int krc, i; + int krc; if (txn == NULL) return rc; @@ -337,14 +335,10 @@ rpmRC rpmtxnImportPubkey(rpmtxn txn, const unsigned char * pkt, size_t pktlen) rpmPubkeyFree(pubkey); pubkey = mergedkey; } - if ((subkeys = rpmGetSubkeys(pubkey, &subkeysCount)) == NULL) - goto exit; krc = rpmKeyringModify(keyring, pubkey, oldkey ? RPMKEYRING_REPLACE : RPMKEYRING_ADD); if (krc < 0) goto exit; - for (i = 0; i < subkeysCount; i++) - rpmKeyringModify(keyring, subkeys[i], oldkey ? RPMKEYRING_REPLACE : RPMKEYRING_ADD); /* If we dont already have the key, make a persistent record of it */ if (krc == 0) { @@ -356,9 +350,6 @@ rpmRC rpmtxnImportPubkey(rpmtxn txn, const unsigned char * pkt, size_t pktlen) exit: /* Clean up. */ rpmPubkeyFree(pubkey); - for (i = 0; i < subkeysCount; i++) - rpmPubkeyFree(subkeys[i]); - free(subkeys); rpmPubkeyFree(oldkey); rpmKeyringFree(keyring); diff --git a/rpmio/rpmkeyring.cc b/rpmio/rpmkeyring.cc index fcf9fe3218..4ed4facbb9 100644 --- a/rpmio/rpmkeyring.cc +++ b/rpmio/rpmkeyring.cc @@ -134,11 +134,32 @@ int rpmKeyringModify(rpmKeyring keyring, rpmPubkey key, rpmKeyringModifyMode mod break; } if (item != range.second && (mode == RPMKEYRING_DELETE || mode == RPMKEYRING_REPLACE)) { + /* remove subkeys */ + auto it = keyring->keys.begin(); + while (it != keyring->keys.end()) { + if (it->second->primarykey == item->second) { + rpmPubkeyFree(it->second); + it = keyring->keys.erase(it); + } else { + ++it; + } + } rpmPubkeyFree(item->second); keyring->keys.erase(item); rc = 0; } else if ((item == range.second && mode == RPMKEYRING_ADD) || mode == RPMKEYRING_REPLACE) { + int subkeysCount = 0; + rpmPubkey *subkeys = rpmGetSubkeys(key, &subkeysCount); keyring->keys.insert({key->keyid, rpmPubkeyLink(key)}); + rpmlog(RPMLOG_DEBUG, "added key %s to keyring\n", rpmPubkeyFingerprintAsHex(key)); + /* add subkeys */ + for (int i = 0; i < subkeysCount; i++) { + rpmPubkey subkey = subkeys[i]; + keyring->keys.insert({subkey->keyid, subkey}); + rpmlog(RPMLOG_DEBUG, + "added subkey %d of main key %s to keyring\n", i, rpmPubkeyFingerprintAsHex(key)); + } + free(subkeys); rc = 0; }