Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Pass rpmPubkey instance to rpmtxnDeletePubkey #3374

Merged
merged 4 commits into from
Oct 15, 2024

Conversation

ffesti
Copy link
Contributor

@ffesti ffesti commented Oct 14, 2024

This is a follow up to #3369 and #3368.

The new cliMatchPubkeys() will become handy for #3366, too

@ffesti ffesti requested a review from a team as a code owner October 14, 2024 11:35
@ffesti ffesti requested review from dmnks and removed request for a team October 14, 2024 11:35
@@ -359,7 +360,7 @@ rpmRC rpmtxnImportPubkey(rpmtxn txn, const unsigned char * pkt, size_t pktlen);
* RPMRC_NOKEY on invalid keyid
* RPMRC_FAIL on other failure
*/
rpmRC rpmtxnDeletePubkey(rpmtxn txn, const char *keyid);
rpmRC rpmtxnDeletePubkey(rpmtxn txn, rpmPubkey key);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm okay with adding an alternative API for this that takes a pubkey, and I'm okay with using this name for it even, but don't remove the version that takes a fingerprint. I explained why in the PR that added it.

Copy link
Member

@pmatilai pmatilai Oct 14, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually, scratch that.

Going forward, it is a requirement for rpmkeys (and the library part) to be able to delete keys without being able to construct a pubkey out of it. I've seen enough crypto related failures in the last few years that this is just non-negotiable. But, with what we have now, we have to load it into the keyring first anyhow. So okay for changing the argument to rpmPubkey, we'll add another interface around the lower-level keystore later, once we have that and an iterator for the contents.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK, this here is the minimal approach. It keeps the old function as rpmtxnDeletePubkeyByID. We can smush this into a different shape once we now what to do in the backend.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, but see #3375 (comment) - I drop my case on the fingerprint/keyid API - been insisting on it for what is a wrong reason.

@@ -290,3 +291,61 @@ int rpmcliVerifySignatures(rpmts ts, ARGV_const_t argv)
rpmKeyringFree(keyring);
return res;
}

int cliMatchPubkeys(rpmts ts, ARGV_const_t args, int callback(rpmPubkey, void*), void * userdata)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's keep this baby inside rpmkeys for now.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This kinda needs rpmIsValidHex whihc currently is internal only. Sure that's no reason to add this to the API. Still it needs some sort of solution.

Copy link
Member

@pmatilai pmatilai Oct 14, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A low-cost workaround is to drop RPM_GNUC_INTERNAL from rpmIsValidHex(). It'll show up in the library ABI but is basically uncallable because it doesn't have a public header, and pretty harmless as such. We have quite a few such items, for similar reasons.

It'll just need an extra directive for rpmkeys in the cmake file to allow it to include from lib/, see rpmlua/rpmgraph for examples on that.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I just added my own loop there. Yes, it is sortof duplicated code. But fiddling around with compiler directives doesn't really reduce the complexity either.

@ffesti ffesti force-pushed the deletekey branch 2 times, most recently from 9291345 to 5101c63 Compare October 14, 2024 13:25
* @param key public key
* @return RPMRC_OK on success
* RPMRC_NOTFOUND if key not found
* RPMRC_NOKEY on invalid keyid
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You can drop the NOKEY return, if it takes a pubkey then we already know it's a key.
Getting rid of that ugly kludge NOKEY == INVALID mapping is actually another reason to just drop the ByID variant.

Make the output consistent and use RPMLOG_ERR
Get this in sync with rpm --delete for now.
Pass in rpmts instead of only a keyring
Move userdata pointer to end of signature and make it optional
Check for invalid character
Use the matchingKeys() in rpmkeys to acquire those rpmPubkey instances.

Use EXIT_FAILURE as exit code for rpmkeys --delete instead of the
count of errors.
@pmatilai pmatilai merged commit 1181544 into rpm-software-management:master Oct 15, 2024
1 check passed
@ffesti ffesti deleted the deletekey branch October 15, 2024 12:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants