michal-grzedzicki / rpms / rpm

Forked from rpms/rpm 4 months ago
Clone
5523e9
diff -up rpm-4.11.3/lib/rpmchecksig.c.orig rpm-4.11.3/lib/rpmchecksig.c
5523e9
--- rpm-4.11.3/lib/rpmchecksig.c.orig	2013-11-22 11:31:31.000000000 +0100
5523e9
+++ rpm-4.11.3/lib/rpmchecksig.c	2017-03-15 18:18:20.688251955 +0100
5523e9
@@ -242,8 +242,8 @@ static void formatResult(rpmTagVal sigta
5523e9
     free(msg);
5523e9
 }
5523e9
 
5523e9
-static int rpmpkgVerifySigs(rpmKeyring keyring, rpmQueryFlags flags,
5523e9
-			   FD_t fd, const char *fn)
5523e9
+int rpmpkgVerifySigs(rpmKeyring keyring, rpmQueryFlags flags, FD_t fd,
5523e9
+                     const char *fn)
5523e9
 {
5523e9
 
5523e9
     char *buf = NULL;
5523e9
diff -up rpm-4.11.3/lib/rpmcli.h.orig rpm-4.11.3/lib/rpmcli.h
5523e9
--- rpm-4.11.3/lib/rpmcli.h.orig	2014-02-05 14:04:02.000000000 +0100
5523e9
+++ rpm-4.11.3/lib/rpmcli.h	2017-03-15 18:18:20.689251950 +0100
5523e9
@@ -254,6 +254,17 @@ int showVerifyPackage(QVA_t qva, rpmts t
5523e9
  */
5523e9
 int rpmVerifySignatures(QVA_t qva, rpmts ts, FD_t fd, const char * fn);
5523e9
 
5523e9
+/**
5523e9
+ * Check package and header signatures.
5523e9
+ * @param keyring	keyring handle
5523e9
+ * @param flags		flags to control what to verify
5523e9
+ * @param fd		package file handle
5523e9
+ * @param fn		package file name
5523e9
+ * @return		0 on success, 1 on failure
5523e9
+ */
5523e9
+int rpmpkgVerifySigs(rpmKeyring keyring, rpmQueryFlags flags, FD_t fd,
5523e9
+                     const char *fn);
5523e9
+
5523e9
 /** \ingroup rpmcli
5523e9
  * Verify package install.
5523e9
  * @todo hack: RPMQV_ALL can pass char ** arglist = NULL, not char * arg. Union?
5523e9
diff -up rpm-4.11.3/python/rpmts-py.c.orig rpm-4.11.3/python/rpmts-py.c
5523e9
--- rpm-4.11.3/python/rpmts-py.c.orig	2014-02-05 14:04:02.000000000 +0100
5523e9
+++ rpm-4.11.3/python/rpmts-py.c	2017-03-15 18:18:20.689251950 +0100
5523e9
@@ -7,6 +7,8 @@
5523e9
 #include <rpm/rpmpgp.h>
5523e9
 #include <rpm/rpmdb.h>
5523e9
 #include <rpm/rpmbuild.h>
5523e9
+#include <rpm/rpmcli.h>
5523e9
+#include <rpm/rpmkeyring.h>
5523e9
 
5523e9
 #include "header-py.h"
5523e9
 #include "rpmds-py.h"	/* XXX for rpmdsNew */
5523e9
@@ -671,6 +672,24 @@ exit:
5523e9
     return mio;
5523e9
 }
5523e9
 
5523e9
+static PyObject *
5523e9
+rpmts_VerifySigs(rpmtsObject * s, PyObject * args)
5523e9
+{
5523e9
+    rpmfdObject *fdo = NULL;
5523e9
+    char *fn = NULL;
5523e9
+    rpmQueryFlags flags = (VERIFY_DIGEST|VERIFY_SIGNATURE);
5523e9
+    int rc = 1;
5523e9
+
5523e9
+    if (!PyArg_ParseTuple(args, "O&s|i:VerifySigs", rpmfdFromPyObject, &fdo,
5523e9
+                          &fn, &flags))
5523e9
+        return NULL;
5523e9
+
5523e9
+    rpmKeyring keyring = rpmtsGetKeyring(s->ts, 1);
5523e9
+    rc = rpmpkgVerifySigs(keyring, flags, rpmfdGetFd(fdo), fn);
5523e9
+    rpmKeyringFree(keyring);
5523e9
+    return PyBool_FromLong(rc == 0);
5523e9
+}
5523e9
+
5523e9
 static struct PyMethodDef rpmts_methods[] = {
5523e9
  {"addInstall",	(PyCFunction) rpmts_AddInstall,	METH_VARARGS,
5523e9
 	NULL },
5523e9
@@ -729,6 +748,14 @@ Remove all elements from the transaction
5523e9
  {"dbIndex",     (PyCFunction) rpmts_index,	METH_VARARGS|METH_KEYWORDS,
5523e9
 "ts.dbIndex(TagN) -> ii\n\
5523e9
 - Create a key iterator for the default transaction rpmdb.\n" },
5523e9
+ {"_verifySigs",         (PyCFunction) rpmts_VerifySigs, METH_VARARGS,
5523e9
+  "ts._verifySigs(fdno, fn, [flags]) -- Verify package signature\n\n"
5523e9
+  "Returns True if it verifies, False otherwise.\n\n"
5523e9
+  "Args:\n"
5523e9
+  "  fdno  : file descriptor of the package to verify\n"
5523e9
+  "  fn    : package file name (just for logging purposes)\n"
5523e9
+  "  flags : bitfield to control what to verify\n"
5523e9
+  "          (default is rpm.VERIFY_SIGNATURE | rpm.VERIFY_DIGEST)"},
5523e9
     {NULL,		NULL}		/* sentinel */
5523e9
 };
5523e9