|
Lubos Kardos |
7aff53 |
From 0bce5fcf270711a2e077fba0fb7c5979ea007eb5 Mon Sep 17 00:00:00 2001
|
|
Lubos Kardos |
7aff53 |
From: Lubos Kardos <lkardos@redhat.com>
|
|
Lubos Kardos |
7aff53 |
Date: Tue, 9 Jun 2015 18:06:29 +0200
|
|
Lubos Kardos |
7aff53 |
Subject: [PATCH 2/2] Allow gpg to get passphrase by itself.
|
|
Lubos Kardos |
7aff53 |
|
|
Lubos Kardos |
7aff53 |
Remove rpm asking for passphrase and then passing this passphrase
|
|
Lubos Kardos |
7aff53 |
to gpg via file descriptor (--passphrase-fd) but provide gpg with
|
|
Lubos Kardos |
7aff53 |
access to unredirected stdin to get passphrase directly from user.
|
|
Lubos Kardos |
7aff53 |
|
|
Lubos Kardos |
7aff53 |
Remove also macro %__gpg_check_password_cmd because in this new signing
|
|
Lubos Kardos |
7aff53 |
scheme has no sense. rpm doesn't handle passphrase in any way,
|
|
Lubos Kardos |
7aff53 |
everything is done in gpg including checking of passphrase.
|
|
Lubos Kardos |
7aff53 |
|
|
Lubos Kardos |
7aff53 |
We did this modification because of changes in gpg behavior. Since
|
|
Lubos Kardos |
7aff53 |
gpg-2.1 option "--passphrase-fd" doesn't work by default, only when
|
|
Lubos Kardos |
7aff53 |
it is explicitly allowed in gpg.conf. (rhbz:#1228234)
|
|
Lubos Kardos |
7aff53 |
---
|
|
Lubos Kardos |
7aff53 |
macros.in | 4 +--
|
|
Lubos Kardos |
7aff53 |
python/rpmsmodule.c | 9 +++---
|
|
Lubos Kardos |
7aff53 |
rpmsign.c | 82 +++--------------------------------------------------
|
|
Lubos Kardos |
7aff53 |
sign/rpmgensig.c | 67 +++++++++----------------------------------
|
|
Lubos Kardos |
7aff53 |
sign/rpmsign.h | 3 +-
|
|
Lubos Kardos |
7aff53 |
5 files changed, 23 insertions(+), 142 deletions(-)
|
|
Lubos Kardos |
7aff53 |
|
|
Lubos Kardos |
7aff53 |
diff --git a/macros.in b/macros.in
|
|
Lubos Kardos |
7aff53 |
index 414c1be..de89420 100644
|
|
Lubos Kardos |
7aff53 |
--- a/macros.in
|
|
Lubos Kardos |
7aff53 |
+++ b/macros.in
|
|
Lubos Kardos |
7aff53 |
@@ -538,11 +538,9 @@ package or when debugging this package.\
|
|
Lubos Kardos |
7aff53 |
# Macro(s) to hold the arguments passed to GPG/PGP for package
|
|
Lubos Kardos |
7aff53 |
# signing and verification.
|
|
Lubos Kardos |
7aff53 |
#
|
|
Lubos Kardos |
7aff53 |
-%__gpg_check_password_cmd %{__gpg} \
|
|
Lubos Kardos |
7aff53 |
- gpg --batch --no-verbose --passphrase-fd 3 -u "%{_gpg_name}" -so -
|
|
Lubos Kardos |
7aff53 |
|
|
Lubos Kardos |
7aff53 |
%__gpg_sign_cmd %{__gpg} \
|
|
Lubos Kardos |
7aff53 |
- gpg --batch --no-verbose --no-armor --passphrase-fd 3 \
|
|
Lubos Kardos |
7aff53 |
+ gpg --no-verbose --no-armor \
|
|
Lubos Kardos |
7aff53 |
%{?_gpg_digest_algo:--digest-algo %{_gpg_digest_algo}} \
|
|
Lubos Kardos |
7aff53 |
--no-secmem-warning \
|
|
Lubos Kardos |
7aff53 |
-u "%{_gpg_name}" -sbo %{__signature_filename} %{__plaintext_filename}
|
|
Lubos Kardos |
7aff53 |
diff --git a/python/rpmsmodule.c b/python/rpmsmodule.c
|
|
Lubos Kardos |
7aff53 |
index a8289b5..0601353 100644
|
|
Lubos Kardos |
7aff53 |
--- a/python/rpmsmodule.c
|
|
Lubos Kardos |
7aff53 |
+++ b/python/rpmsmodule.c
|
|
Lubos Kardos |
7aff53 |
@@ -8,19 +8,18 @@ static char rpms__doc__[] =
|
|
Lubos Kardos |
7aff53 |
static PyObject * addSign(PyObject * self, PyObject * args, PyObject *kwds)
|
|
Lubos Kardos |
7aff53 |
{
|
|
Lubos Kardos |
7aff53 |
const char *path = NULL;
|
|
Lubos Kardos |
7aff53 |
- const char *passPhrase = NULL;
|
|
Lubos Kardos |
7aff53 |
- char * kwlist[] = { "path", "passPhrase", "keyid", "hashalgo", NULL };
|
|
Lubos Kardos |
7aff53 |
+ char * kwlist[] = { "path", "keyid", "hashalgo", NULL };
|
|
Lubos Kardos |
7aff53 |
struct rpmSignArgs sig, *sigp = NULL;
|
|
Lubos Kardos |
7aff53 |
|
|
Lubos Kardos |
7aff53 |
memset(&sig, 0, sizeof(sig));
|
|
Lubos Kardos |
7aff53 |
- if (!PyArg_ParseTupleAndKeywords(args, kwds, "ss|si", kwlist,
|
|
Lubos Kardos |
7aff53 |
- &path, &passPhrase, &sig.keyid, &sig.hashalgo))
|
|
Lubos Kardos |
7aff53 |
+ if (!PyArg_ParseTupleAndKeywords(args, kwds, "s|si", kwlist,
|
|
Lubos Kardos |
7aff53 |
+ &path, &sig.keyid, &sig.hashalgo))
|
|
Lubos Kardos |
7aff53 |
return NULL;
|
|
Lubos Kardos |
7aff53 |
|
|
Lubos Kardos |
7aff53 |
if (sig.keyid || sig.hashalgo)
|
|
Lubos Kardos |
7aff53 |
sigp = &sig;
|
|
Lubos Kardos |
7aff53 |
|
|
Lubos Kardos |
7aff53 |
- return PyBool_FromLong(rpmPkgSign(path, sigp, passPhrase) == 0);
|
|
Lubos Kardos |
7aff53 |
+ return PyBool_FromLong(rpmPkgSign(path, sigp) == 0);
|
|
Lubos Kardos |
7aff53 |
}
|
|
Lubos Kardos |
7aff53 |
|
|
Lubos Kardos |
7aff53 |
static PyObject * delSign(PyObject * self, PyObject * args, PyObject *kwds)
|
|
Lubos Kardos |
7aff53 |
diff --git a/rpmsign.c b/rpmsign.c
|
|
Lubos Kardos |
7aff53 |
index b8e5598..9b93e39 100644
|
|
Lubos Kardos |
7aff53 |
--- a/rpmsign.c
|
|
Lubos Kardos |
7aff53 |
+++ b/rpmsign.c
|
|
Lubos Kardos |
7aff53 |
@@ -41,72 +41,6 @@ static struct poptOption optionsTable[] = {
|
|
Lubos Kardos |
7aff53 |
POPT_TABLEEND
|
|
Lubos Kardos |
7aff53 |
};
|
|
Lubos Kardos |
7aff53 |
|
|
Lubos Kardos |
7aff53 |
-static int checkPassPhrase(const char * passPhrase)
|
|
Lubos Kardos |
7aff53 |
-{
|
|
Lubos Kardos |
7aff53 |
- int passPhrasePipe[2];
|
|
Lubos Kardos |
7aff53 |
- int pid, status;
|
|
Lubos Kardos |
7aff53 |
- int rc = -1;
|
|
Lubos Kardos |
7aff53 |
- int xx;
|
|
Lubos Kardos |
7aff53 |
-
|
|
Lubos Kardos |
7aff53 |
- if (passPhrase == NULL)
|
|
Lubos Kardos |
7aff53 |
- return -1;
|
|
Lubos Kardos |
7aff53 |
-
|
|
Lubos Kardos |
7aff53 |
- passPhrasePipe[0] = passPhrasePipe[1] = 0;
|
|
Lubos Kardos |
7aff53 |
- if (pipe(passPhrasePipe))
|
|
Lubos Kardos |
7aff53 |
- return -1;
|
|
Lubos Kardos |
7aff53 |
-
|
|
Lubos Kardos |
7aff53 |
- pid = fork();
|
|
Lubos Kardos |
7aff53 |
- if (pid < 0) {
|
|
Lubos Kardos |
7aff53 |
- close(passPhrasePipe[0]);
|
|
Lubos Kardos |
7aff53 |
- close(passPhrasePipe[1]);
|
|
Lubos Kardos |
7aff53 |
- return -1;
|
|
Lubos Kardos |
7aff53 |
- }
|
|
Lubos Kardos |
7aff53 |
-
|
|
Lubos Kardos |
7aff53 |
- if (pid == 0) {
|
|
Lubos Kardos |
7aff53 |
- char * cmd, * gpg_path;
|
|
Lubos Kardos |
7aff53 |
- char *const *av;
|
|
Lubos Kardos |
7aff53 |
- int fdno;
|
|
Lubos Kardos |
7aff53 |
-
|
|
Lubos Kardos |
7aff53 |
- close(STDIN_FILENO);
|
|
Lubos Kardos |
7aff53 |
- close(STDOUT_FILENO);
|
|
Lubos Kardos |
7aff53 |
- close(passPhrasePipe[1]);
|
|
Lubos Kardos |
7aff53 |
- if ((fdno = open("/dev/null", O_RDONLY)) != STDIN_FILENO) {
|
|
Lubos Kardos |
7aff53 |
- xx = dup2(fdno, STDIN_FILENO);
|
|
Lubos Kardos |
7aff53 |
- close(fdno);
|
|
Lubos Kardos |
7aff53 |
- }
|
|
Lubos Kardos |
7aff53 |
- if ((fdno = open("/dev/null", O_WRONLY)) != STDOUT_FILENO) {
|
|
Lubos Kardos |
7aff53 |
- xx = dup2(fdno, STDOUT_FILENO);
|
|
Lubos Kardos |
7aff53 |
- close(fdno);
|
|
Lubos Kardos |
7aff53 |
- }
|
|
Lubos Kardos |
7aff53 |
- xx = dup2(passPhrasePipe[0], 3);
|
|
Lubos Kardos |
7aff53 |
-
|
|
Lubos Kardos |
7aff53 |
- unsetenv("MALLOC_CHECK_");
|
|
Lubos Kardos |
7aff53 |
- gpg_path = rpmExpand("%{?_gpg_path}", NULL);
|
|
Lubos Kardos |
7aff53 |
-
|
|
Lubos Kardos |
7aff53 |
- if (!rstreq(gpg_path, ""))
|
|
Lubos Kardos |
7aff53 |
- setenv("GNUPGHOME", gpg_path, 1);
|
|
Lubos Kardos |
7aff53 |
-
|
|
Lubos Kardos |
7aff53 |
- cmd = rpmExpand("%{?__gpg_check_password_cmd}", NULL);
|
|
Lubos Kardos |
7aff53 |
- rc = poptParseArgvString(cmd, NULL, (const char ***)&av;;
|
|
Lubos Kardos |
7aff53 |
- if (xx >= 0 && rc == 0) {
|
|
Lubos Kardos |
7aff53 |
- rc = execve(av[0], av+1, environ);
|
|
Lubos Kardos |
7aff53 |
- fprintf(stderr, _("Could not exec %s: %s\n"), "gpg",
|
|
Lubos Kardos |
7aff53 |
- strerror(errno));
|
|
Lubos Kardos |
7aff53 |
- }
|
|
Lubos Kardos |
7aff53 |
- _exit(EXIT_FAILURE);
|
|
Lubos Kardos |
7aff53 |
- }
|
|
Lubos Kardos |
7aff53 |
-
|
|
Lubos Kardos |
7aff53 |
- close(passPhrasePipe[0]);
|
|
Lubos Kardos |
7aff53 |
- xx = write(passPhrasePipe[1], passPhrase, strlen(passPhrase));
|
|
Lubos Kardos |
7aff53 |
- xx = write(passPhrasePipe[1], "\n", 1);
|
|
Lubos Kardos |
7aff53 |
- close(passPhrasePipe[1]);
|
|
Lubos Kardos |
7aff53 |
-
|
|
Lubos Kardos |
7aff53 |
- if (xx >= 0 && waitpid(pid, &status, 0) >= 0)
|
|
Lubos Kardos |
7aff53 |
- rc = (WIFEXITED(status) && WEXITSTATUS(status) == 0) ? 0 : 1;
|
|
Lubos Kardos |
7aff53 |
-
|
|
Lubos Kardos |
7aff53 |
- return rc;
|
|
Lubos Kardos |
7aff53 |
-}
|
|
Lubos Kardos |
7aff53 |
-
|
|
Lubos Kardos |
7aff53 |
/* TODO: permit overriding macro setup on the command line */
|
|
Lubos Kardos |
7aff53 |
static int doSign(poptContext optCon)
|
|
Lubos Kardos |
7aff53 |
{
|
|
Lubos Kardos |
7aff53 |
@@ -119,18 +53,10 @@ static int doSign(poptContext optCon)
|
|
Lubos Kardos |
7aff53 |
goto exit;
|
|
Lubos Kardos |
7aff53 |
}
|
|
Lubos Kardos |
7aff53 |
|
|
Lubos Kardos |
7aff53 |
- /* XXX FIXME: eliminate obsolete getpass() usage */
|
|
Lubos Kardos |
7aff53 |
- passPhrase = getpass(_("Enter pass phrase: "));
|
|
Lubos Kardos |
7aff53 |
- passPhrase = (passPhrase != NULL) ? rstrdup(passPhrase) : NULL;
|
|
Lubos Kardos |
7aff53 |
- if (checkPassPhrase(passPhrase) == 0) {
|
|
Lubos Kardos |
7aff53 |
- const char *arg;
|
|
Lubos Kardos |
7aff53 |
- fprintf(stderr, _("Pass phrase is good.\n"));
|
|
Lubos Kardos |
7aff53 |
- rc = 0;
|
|
Lubos Kardos |
7aff53 |
- while ((arg = poptGetArg(optCon)) != NULL) {
|
|
Lubos Kardos |
7aff53 |
- rc += rpmPkgSign(arg, NULL, passPhrase);
|
|
Lubos Kardos |
7aff53 |
- }
|
|
Lubos Kardos |
7aff53 |
- } else {
|
|
Lubos Kardos |
7aff53 |
- fprintf(stderr, _("Pass phrase check failed or gpg key expired\n"));
|
|
Lubos Kardos |
7aff53 |
+ const char *arg;
|
|
Lubos Kardos |
7aff53 |
+ rc = 0;
|
|
Lubos Kardos |
7aff53 |
+ while ((arg = poptGetArg(optCon)) != NULL) {
|
|
Lubos Kardos |
7aff53 |
+ rc += rpmPkgSign(arg, NULL);
|
|
Lubos Kardos |
7aff53 |
}
|
|
Lubos Kardos |
7aff53 |
|
|
Lubos Kardos |
7aff53 |
exit:
|
|
Lubos Kardos |
7aff53 |
diff --git a/sign/rpmgensig.c b/sign/rpmgensig.c
|
|
Lubos Kardos |
7aff53 |
index 9691f0d..24bf39e 100644
|
|
Lubos Kardos |
7aff53 |
--- a/sign/rpmgensig.c
|
|
Lubos Kardos |
7aff53 |
+++ b/sign/rpmgensig.c
|
|
Lubos Kardos |
7aff53 |
@@ -245,11 +245,9 @@ exit:
|
|
Lubos Kardos |
7aff53 |
return rc;
|
|
Lubos Kardos |
7aff53 |
}
|
|
Lubos Kardos |
7aff53 |
|
|
Lubos Kardos |
7aff53 |
-static int runGPG(sigTarget sigt, const char *sigfile, const char * passPhrase)
|
|
Lubos Kardos |
7aff53 |
+static int runGPG(sigTarget sigt, const char *sigfile)
|
|
Lubos Kardos |
7aff53 |
{
|
|
Lubos Kardos |
7aff53 |
int pid = 0, status;
|
|
Lubos Kardos |
7aff53 |
- int inpipe[2];
|
|
Lubos Kardos |
7aff53 |
- FILE * fpipe = NULL;
|
|
Lubos Kardos |
7aff53 |
FD_t fnamedPipe = NULL;
|
|
Lubos Kardos |
7aff53 |
char *namedPipeName = NULL;
|
|
Lubos Kardos |
7aff53 |
unsigned char buf[BUFSIZ];
|
|
Lubos Kardos |
7aff53 |
@@ -258,12 +256,6 @@ static int runGPG(sigTarget sigt, const char *sigfile, const char * passPhrase)
|
|
Lubos Kardos |
7aff53 |
rpm_loff_t size;
|
|
Lubos Kardos |
7aff53 |
int rc = 1; /* assume failure */
|
|
Lubos Kardos |
7aff53 |
|
|
Lubos Kardos |
7aff53 |
- inpipe[0] = inpipe[1] = 0;
|
|
Lubos Kardos |
7aff53 |
- if (pipe(inpipe) < 0) {
|
|
Lubos Kardos |
7aff53 |
- rpmlog(RPMLOG_ERR, _("Couldn't create pipe for signing: %m"));
|
|
Lubos Kardos |
7aff53 |
- goto exit;
|
|
Lubos Kardos |
7aff53 |
- }
|
|
Lubos Kardos |
7aff53 |
-
|
|
Lubos Kardos |
7aff53 |
namedPipeName = mkTempFifo();
|
|
Lubos Kardos |
7aff53 |
|
|
Lubos Kardos |
7aff53 |
addMacro(NULL, "__plaintext_filename", NULL, namedPipeName, -1);
|
|
Lubos Kardos |
7aff53 |
@@ -274,9 +266,6 @@ static int runGPG(sigTarget sigt, const char *sigfile, const char * passPhrase)
|
|
Lubos Kardos |
7aff53 |
char *cmd = NULL;
|
|
Lubos Kardos |
7aff53 |
const char *gpg_path = rpmExpand("%{?_gpg_path}", NULL);
|
|
Lubos Kardos |
7aff53 |
|
|
Lubos Kardos |
7aff53 |
- (void) dup2(inpipe[0], 3);
|
|
Lubos Kardos |
7aff53 |
- (void) close(inpipe[1]);
|
|
Lubos Kardos |
7aff53 |
-
|
|
Lubos Kardos |
7aff53 |
if (gpg_path && *gpg_path != '\0')
|
|
Lubos Kardos |
7aff53 |
(void) setenv("GNUPGHOME", gpg_path, 1);
|
|
Lubos Kardos |
7aff53 |
(void) setenv("LC_ALL", "C", 1);
|
|
Lubos Kardos |
7aff53 |
@@ -295,23 +284,6 @@ static int runGPG(sigTarget sigt, const char *sigfile, const char * passPhrase)
|
|
Lubos Kardos |
7aff53 |
delMacro(NULL, "__plaintext_filename");
|
|
Lubos Kardos |
7aff53 |
delMacro(NULL, "__signature_filename");
|
|
Lubos Kardos |
7aff53 |
|
|
Lubos Kardos |
7aff53 |
- (void) close(inpipe[0]);
|
|
Lubos Kardos |
7aff53 |
- inpipe[0] = 0;
|
|
Lubos Kardos |
7aff53 |
-
|
|
Lubos Kardos |
7aff53 |
- fpipe = fdopen(inpipe[1], "w");
|
|
Lubos Kardos |
7aff53 |
- if (!fpipe) {
|
|
Lubos Kardos |
7aff53 |
- rpmlog(RPMLOG_ERR, _("fdopen failed\n"));
|
|
Lubos Kardos |
7aff53 |
- goto exit;
|
|
Lubos Kardos |
7aff53 |
- }
|
|
Lubos Kardos |
7aff53 |
- inpipe[1] = 0;
|
|
Lubos Kardos |
7aff53 |
-
|
|
Lubos Kardos |
7aff53 |
- if (fprintf(fpipe, "%s\n", (passPhrase ? passPhrase : "")) < 0) {
|
|
Lubos Kardos |
7aff53 |
- rpmlog(RPMLOG_ERR, _("Could not write to pipe\n"));
|
|
Lubos Kardos |
7aff53 |
- goto exit;
|
|
Lubos Kardos |
7aff53 |
- }
|
|
Lubos Kardos |
7aff53 |
- (void) fclose(fpipe);
|
|
Lubos Kardos |
7aff53 |
- fpipe = NULL;
|
|
Lubos Kardos |
7aff53 |
-
|
|
Lubos Kardos |
7aff53 |
fnamedPipe = Fopen(namedPipeName, "w");
|
|
Lubos Kardos |
7aff53 |
if (!fnamedPipe) {
|
|
Lubos Kardos |
7aff53 |
rpmlog(RPMLOG_ERR, _("Fopen failed\n"));
|
|
Lubos Kardos |
7aff53 |
@@ -352,14 +324,6 @@ static int runGPG(sigTarget sigt, const char *sigfile, const char * passPhrase)
|
|
Lubos Kardos |
7aff53 |
}
|
|
Lubos Kardos |
7aff53 |
|
|
Lubos Kardos |
7aff53 |
exit:
|
|
Lubos Kardos |
7aff53 |
- if (fpipe)
|
|
Lubos Kardos |
7aff53 |
- fclose(fpipe);
|
|
Lubos Kardos |
7aff53 |
-
|
|
Lubos Kardos |
7aff53 |
- if (inpipe[0])
|
|
Lubos Kardos |
7aff53 |
- close(inpipe[0]);
|
|
Lubos Kardos |
7aff53 |
-
|
|
Lubos Kardos |
7aff53 |
- if (inpipe[1])
|
|
Lubos Kardos |
7aff53 |
- close(inpipe[1]);
|
|
Lubos Kardos |
7aff53 |
|
|
Lubos Kardos |
7aff53 |
if (fnamedPipe)
|
|
Lubos Kardos |
7aff53 |
Fclose(fnamedPipe);
|
|
Lubos Kardos |
7aff53 |
@@ -383,8 +347,7 @@ exit:
|
|
Lubos Kardos |
7aff53 |
* @param passPhrase private key pass phrase
|
|
Lubos Kardos |
7aff53 |
* @return 0 on success, 1 on failure
|
|
Lubos Kardos |
7aff53 |
*/
|
|
Lubos Kardos |
7aff53 |
-static int makeGPGSignature(Header sigh, int ishdr, sigTarget sigt,
|
|
Lubos Kardos |
7aff53 |
- const char * passPhrase)
|
|
Lubos Kardos |
7aff53 |
+static int makeGPGSignature(Header sigh, int ishdr, sigTarget sigt)
|
|
Lubos Kardos |
7aff53 |
{
|
|
Lubos Kardos |
7aff53 |
char * sigfile = rstrscat(NULL, sigt->fileName, ".sig", NULL);
|
|
Lubos Kardos |
7aff53 |
struct stat st;
|
|
Lubos Kardos |
7aff53 |
@@ -392,7 +355,7 @@ static int makeGPGSignature(Header sigh, int ishdr, sigTarget sigt,
|
|
Lubos Kardos |
7aff53 |
size_t pktlen = 0;
|
|
Lubos Kardos |
7aff53 |
int rc = 1; /* assume failure */
|
|
Lubos Kardos |
7aff53 |
|
|
Lubos Kardos |
7aff53 |
- if (runGPG(sigt, sigfile, passPhrase))
|
|
Lubos Kardos |
7aff53 |
+ if (runGPG(sigt, sigfile))
|
|
Lubos Kardos |
7aff53 |
goto exit;
|
|
Lubos Kardos |
7aff53 |
|
|
Lubos Kardos |
7aff53 |
if (stat(sigfile, &st)) {
|
|
Lubos Kardos |
7aff53 |
@@ -431,16 +394,15 @@ exit:
|
|
Lubos Kardos |
7aff53 |
return rc;
|
|
Lubos Kardos |
7aff53 |
}
|
|
Lubos Kardos |
7aff53 |
|
|
Lubos Kardos |
7aff53 |
-static int rpmGenSignature(Header sigh, sigTarget sigt1, sigTarget sigt2,
|
|
Lubos Kardos |
7aff53 |
- const char * passPhrase)
|
|
Lubos Kardos |
7aff53 |
+static int rpmGenSignature(Header sigh, sigTarget sigt1, sigTarget sigt2)
|
|
Lubos Kardos |
7aff53 |
{
|
|
Lubos Kardos |
7aff53 |
int ret;
|
|
Lubos Kardos |
7aff53 |
|
|
Lubos Kardos |
7aff53 |
- ret = makeGPGSignature(sigh, 0, sigt1, passPhrase);
|
|
Lubos Kardos |
7aff53 |
+ ret = makeGPGSignature(sigh, 0, sigt1);
|
|
Lubos Kardos |
7aff53 |
if (ret)
|
|
Lubos Kardos |
7aff53 |
goto exit;
|
|
Lubos Kardos |
7aff53 |
|
|
Lubos Kardos |
7aff53 |
- ret = makeGPGSignature(sigh, 1, sigt2, passPhrase);
|
|
Lubos Kardos |
7aff53 |
+ ret = makeGPGSignature(sigh, 1, sigt2);
|
|
Lubos Kardos |
7aff53 |
if (ret)
|
|
Lubos Kardos |
7aff53 |
goto exit;
|
|
Lubos Kardos |
7aff53 |
exit:
|
|
Lubos Kardos |
7aff53 |
@@ -486,8 +448,7 @@ static int sameSignature(rpmTagVal sigtag, Header h1, Header h2)
|
|
Lubos Kardos |
7aff53 |
return (rc == 0);
|
|
Lubos Kardos |
7aff53 |
}
|
|
Lubos Kardos |
7aff53 |
|
|
Lubos Kardos |
7aff53 |
-static int replaceSignature(Header sigh, sigTarget sigt1, sigTarget sigt2,
|
|
Lubos Kardos |
7aff53 |
- const char *passPhrase)
|
|
Lubos Kardos |
7aff53 |
+static int replaceSignature(Header sigh, sigTarget sigt1, sigTarget sigt2)
|
|
Lubos Kardos |
7aff53 |
{
|
|
Lubos Kardos |
7aff53 |
/* Grab a copy of the header so we can compare the result */
|
|
Lubos Kardos |
7aff53 |
Header oldsigh = headerCopy(sigh);
|
|
Lubos Kardos |
7aff53 |
@@ -500,7 +461,7 @@ static int replaceSignature(Header sigh, sigTarget sigt1, sigTarget sigt2,
|
|
Lubos Kardos |
7aff53 |
* rpmGenSignature() internals parse the actual signing result and
|
|
Lubos Kardos |
7aff53 |
* adds appropriate tags for DSA/RSA.
|
|
Lubos Kardos |
7aff53 |
*/
|
|
Lubos Kardos |
7aff53 |
- if (rpmGenSignature(sigh, sigt1, sigt2, passPhrase) == 0) {
|
|
Lubos Kardos |
7aff53 |
+ if (rpmGenSignature(sigh, sigt1, sigt2) == 0) {
|
|
Lubos Kardos |
7aff53 |
/* Lets see what we got and whether its the same signature as before */
|
|
Lubos Kardos |
7aff53 |
rpmTagVal sigtag = headerIsEntry(sigh, RPMSIGTAG_DSA) ?
|
|
Lubos Kardos |
7aff53 |
RPMSIGTAG_DSA : RPMSIGTAG_RSA;
|
|
Lubos Kardos |
7aff53 |
@@ -517,10 +478,9 @@ static int replaceSignature(Header sigh, sigTarget sigt1, sigTarget sigt2,
|
|
Lubos Kardos |
7aff53 |
* Create/modify elements in signature header.
|
|
Lubos Kardos |
7aff53 |
* @param rpm path to package
|
|
Lubos Kardos |
7aff53 |
* @param deleting adding or deleting signature?
|
|
Lubos Kardos |
7aff53 |
- * @param passPhrase passPhrase (ignored when deleting)
|
|
Lubos Kardos |
7aff53 |
* @return 0 on success, -1 on error
|
|
Lubos Kardos |
7aff53 |
*/
|
|
Lubos Kardos |
7aff53 |
-static int rpmSign(const char *rpm, int deleting, const char *passPhrase)
|
|
Lubos Kardos |
7aff53 |
+static int rpmSign(const char *rpm, int deleting)
|
|
Lubos Kardos |
7aff53 |
{
|
|
Lubos Kardos |
7aff53 |
FD_t fd = NULL;
|
|
Lubos Kardos |
7aff53 |
FD_t ofd = NULL;
|
|
Lubos Kardos |
7aff53 |
@@ -605,7 +565,7 @@ static int rpmSign(const char *rpm, int deleting, const char *passPhrase)
|
|
Lubos Kardos |
7aff53 |
sigt2 = sigt1;
|
|
Lubos Kardos |
7aff53 |
sigt2.size = headerSizeof(h, HEADER_MAGIC_YES);
|
|
Lubos Kardos |
7aff53 |
|
|
Lubos Kardos |
7aff53 |
- res = replaceSignature(sigh, &sigt1, &sigt2, passPhrase);
|
|
Lubos Kardos |
7aff53 |
+ res = replaceSignature(sigh, &sigt1, &sigt2);
|
|
Lubos Kardos |
7aff53 |
if (res != 0) {
|
|
Lubos Kardos |
7aff53 |
if (res == 1) {
|
|
Lubos Kardos |
7aff53 |
rpmlog(RPMLOG_WARNING,
|
|
Lubos Kardos |
7aff53 |
@@ -722,8 +682,7 @@ exit:
|
|
Lubos Kardos |
7aff53 |
return res;
|
|
Lubos Kardos |
7aff53 |
}
|
|
Lubos Kardos |
7aff53 |
|
|
Lubos Kardos |
7aff53 |
-int rpmPkgSign(const char *path,
|
|
Lubos Kardos |
7aff53 |
- const struct rpmSignArgs * args, const char *passPhrase)
|
|
Lubos Kardos |
7aff53 |
+int rpmPkgSign(const char *path, const struct rpmSignArgs * args)
|
|
Lubos Kardos |
7aff53 |
{
|
|
Lubos Kardos |
7aff53 |
int rc;
|
|
Lubos Kardos |
7aff53 |
|
|
Lubos Kardos |
7aff53 |
@@ -739,7 +698,7 @@ int rpmPkgSign(const char *path,
|
|
Lubos Kardos |
7aff53 |
}
|
|
Lubos Kardos |
7aff53 |
}
|
|
Lubos Kardos |
7aff53 |
|
|
Lubos Kardos |
7aff53 |
- rc = rpmSign(path, 0, passPhrase);
|
|
Lubos Kardos |
7aff53 |
+ rc = rpmSign(path, 0);
|
|
Lubos Kardos |
7aff53 |
|
|
Lubos Kardos |
7aff53 |
if (args) {
|
|
Lubos Kardos |
7aff53 |
if (args->hashalgo) {
|
|
Lubos Kardos |
7aff53 |
@@ -755,5 +714,5 @@ int rpmPkgSign(const char *path,
|
|
Lubos Kardos |
7aff53 |
|
|
Lubos Kardos |
7aff53 |
int rpmPkgDelSign(const char *path)
|
|
Lubos Kardos |
7aff53 |
{
|
|
Lubos Kardos |
7aff53 |
- return rpmSign(path, 1, NULL);
|
|
Lubos Kardos |
7aff53 |
+ return rpmSign(path, 1);
|
|
Lubos Kardos |
7aff53 |
}
|
|
Lubos Kardos |
7aff53 |
diff --git a/sign/rpmsign.h b/sign/rpmsign.h
|
|
Lubos Kardos |
7aff53 |
index 15b3e0f..e161aff 100644
|
|
Lubos Kardos |
7aff53 |
--- a/sign/rpmsign.h
|
|
Lubos Kardos |
7aff53 |
+++ b/sign/rpmsign.h
|
|
Lubos Kardos |
7aff53 |
@@ -21,8 +21,7 @@ struct rpmSignArgs {
|
|
Lubos Kardos |
7aff53 |
* @param passPhrase passphrase for the signing key
|
|
Lubos Kardos |
7aff53 |
* @return 0 on success
|
|
Lubos Kardos |
7aff53 |
*/
|
|
Lubos Kardos |
7aff53 |
-int rpmPkgSign(const char *path,
|
|
Lubos Kardos |
7aff53 |
- const struct rpmSignArgs * args, const char *passPhrase);
|
|
Lubos Kardos |
7aff53 |
+int rpmPkgSign(const char *path, const struct rpmSignArgs * args);
|
|
Lubos Kardos |
7aff53 |
|
|
Lubos Kardos |
7aff53 |
/** \ingroup rpmsign
|
|
Lubos Kardos |
7aff53 |
* Delete signature(s) from a package
|
|
Lubos Kardos |
7aff53 |
--
|
|
Lubos Kardos |
7aff53 |
1.9.3
|
|
Lubos Kardos |
7aff53 |
|