teknoraver / rpms / rpm

Forked from rpms/rpm 4 months ago
Clone

Blame rpm-4.12.0-gpg-passphrase2.patch

Lubos Kardos 7aff53
From 0bce5fcf270711a2e077fba0fb7c5979ea007eb5 Mon Sep 17 00:00:00 2001
Lubos Kardos 7aff53
From: Lubos Kardos <lkardos@redhat.com>
Lubos Kardos 7aff53
Date: Tue, 9 Jun 2015 18:06:29 +0200
Lubos Kardos 7aff53
Subject: [PATCH 2/2] Allow gpg to get passphrase by itself.
Lubos Kardos 7aff53
Lubos Kardos 7aff53
Remove rpm asking for passphrase and then passing this passphrase
Lubos Kardos 7aff53
to gpg via file descriptor (--passphrase-fd) but provide gpg with
Lubos Kardos 7aff53
access to unredirected stdin to get passphrase directly from user.
Lubos Kardos 7aff53
Lubos Kardos 7aff53
Remove also macro %__gpg_check_password_cmd because in this new signing
Lubos Kardos 7aff53
scheme has no sense. rpm doesn't handle passphrase in any way,
Lubos Kardos 7aff53
everything is done in gpg including checking of passphrase.
Lubos Kardos 7aff53
Lubos Kardos 7aff53
We did this modification because of changes in gpg behavior. Since
Lubos Kardos 7aff53
gpg-2.1 option "--passphrase-fd" doesn't work by default, only when
Lubos Kardos 7aff53
it is explicitly allowed in gpg.conf. (rhbz:#1228234)
Lubos Kardos 7aff53
---
Lubos Kardos 7aff53
 macros.in           |  4 +--
Lubos Kardos 7aff53
 python/rpmsmodule.c |  9 +++---
Lubos Kardos 7aff53
 rpmsign.c           | 82 +++--------------------------------------------------
Lubos Kardos 7aff53
 sign/rpmgensig.c    | 67 +++++++++----------------------------------
Lubos Kardos 7aff53
 sign/rpmsign.h      |  3 +-
Lubos Kardos 7aff53
 5 files changed, 23 insertions(+), 142 deletions(-)
Lubos Kardos 7aff53
Lubos Kardos 7aff53
diff --git a/macros.in b/macros.in
Lubos Kardos 7aff53
index 414c1be..de89420 100644
Lubos Kardos 7aff53
--- a/macros.in
Lubos Kardos 7aff53
+++ b/macros.in
Lubos Kardos 7aff53
@@ -538,11 +538,9 @@ package or when debugging this package.\
Lubos Kardos 7aff53
 #	Macro(s) to hold the arguments passed to GPG/PGP for package
Lubos Kardos 7aff53
 #	signing and verification.
Lubos Kardos 7aff53
 #
Lubos Kardos 7aff53
-%__gpg_check_password_cmd	%{__gpg} \
Lubos Kardos 7aff53
-	gpg --batch --no-verbose --passphrase-fd 3 -u "%{_gpg_name}" -so -
Lubos Kardos 7aff53
 
Lubos Kardos 7aff53
 %__gpg_sign_cmd			%{__gpg} \
Lubos Kardos 7aff53
-	gpg --batch --no-verbose --no-armor --passphrase-fd 3 \
Lubos Kardos 7aff53
+	gpg --no-verbose --no-armor \
Lubos Kardos 7aff53
 	%{?_gpg_digest_algo:--digest-algo %{_gpg_digest_algo}} \
Lubos Kardos 7aff53
 	--no-secmem-warning \
Lubos Kardos 7aff53
 	-u "%{_gpg_name}" -sbo %{__signature_filename} %{__plaintext_filename}
Lubos Kardos 7aff53
diff --git a/python/rpmsmodule.c b/python/rpmsmodule.c
Lubos Kardos 7aff53
index a8289b5..0601353 100644
Lubos Kardos 7aff53
--- a/python/rpmsmodule.c
Lubos Kardos 7aff53
+++ b/python/rpmsmodule.c
Lubos Kardos 7aff53
@@ -8,19 +8,18 @@ static char rpms__doc__[] =
Lubos Kardos 7aff53
 static PyObject * addSign(PyObject * self, PyObject * args, PyObject *kwds)
Lubos Kardos 7aff53
 {
Lubos Kardos 7aff53
     const char *path = NULL;
Lubos Kardos 7aff53
-    const char *passPhrase = NULL;
Lubos Kardos 7aff53
-    char * kwlist[] = { "path", "passPhrase", "keyid", "hashalgo", NULL };
Lubos Kardos 7aff53
+    char * kwlist[] = { "path", "keyid", "hashalgo", NULL };
Lubos Kardos 7aff53
     struct rpmSignArgs sig, *sigp = NULL;
Lubos Kardos 7aff53
 
Lubos Kardos 7aff53
     memset(&sig, 0, sizeof(sig));
Lubos Kardos 7aff53
-    if (!PyArg_ParseTupleAndKeywords(args, kwds, "ss|si", kwlist,
Lubos Kardos 7aff53
-				&path, &passPhrase, &sig.keyid, &sig.hashalgo))
Lubos Kardos 7aff53
+    if (!PyArg_ParseTupleAndKeywords(args, kwds, "s|si", kwlist,
Lubos Kardos 7aff53
+				&path, &sig.keyid, &sig.hashalgo))
Lubos Kardos 7aff53
 	return NULL;
Lubos Kardos 7aff53
 
Lubos Kardos 7aff53
     if (sig.keyid || sig.hashalgo)
Lubos Kardos 7aff53
 	sigp = &sig;
Lubos Kardos 7aff53
 
Lubos Kardos 7aff53
-    return PyBool_FromLong(rpmPkgSign(path, sigp, passPhrase) == 0);
Lubos Kardos 7aff53
+    return PyBool_FromLong(rpmPkgSign(path, sigp) == 0);
Lubos Kardos 7aff53
 }
Lubos Kardos 7aff53
 
Lubos Kardos 7aff53
 static PyObject * delSign(PyObject * self, PyObject * args, PyObject *kwds)
Lubos Kardos 7aff53
diff --git a/rpmsign.c b/rpmsign.c
Lubos Kardos 7aff53
index b8e5598..9b93e39 100644
Lubos Kardos 7aff53
--- a/rpmsign.c
Lubos Kardos 7aff53
+++ b/rpmsign.c
Lubos Kardos 7aff53
@@ -41,72 +41,6 @@ static struct poptOption optionsTable[] = {
Lubos Kardos 7aff53
     POPT_TABLEEND
Lubos Kardos 7aff53
 };
Lubos Kardos 7aff53
 
Lubos Kardos 7aff53
-static int checkPassPhrase(const char * passPhrase)
Lubos Kardos 7aff53
-{
Lubos Kardos 7aff53
-    int passPhrasePipe[2];
Lubos Kardos 7aff53
-    int pid, status;
Lubos Kardos 7aff53
-    int rc = -1;
Lubos Kardos 7aff53
-    int xx;
Lubos Kardos 7aff53
-
Lubos Kardos 7aff53
-    if (passPhrase == NULL)
Lubos Kardos 7aff53
-	return -1;
Lubos Kardos 7aff53
-
Lubos Kardos 7aff53
-    passPhrasePipe[0] = passPhrasePipe[1] = 0;
Lubos Kardos 7aff53
-    if (pipe(passPhrasePipe))
Lubos Kardos 7aff53
-	return -1;
Lubos Kardos 7aff53
-
Lubos Kardos 7aff53
-    pid = fork();
Lubos Kardos 7aff53
-    if (pid < 0) {
Lubos Kardos 7aff53
-	close(passPhrasePipe[0]);
Lubos Kardos 7aff53
-	close(passPhrasePipe[1]);
Lubos Kardos 7aff53
-	return -1;
Lubos Kardos 7aff53
-    }
Lubos Kardos 7aff53
-
Lubos Kardos 7aff53
-    if (pid == 0) {
Lubos Kardos 7aff53
-	char * cmd, * gpg_path;
Lubos Kardos 7aff53
-	char *const *av;
Lubos Kardos 7aff53
-	int fdno;
Lubos Kardos 7aff53
-
Lubos Kardos 7aff53
-	close(STDIN_FILENO);
Lubos Kardos 7aff53
-	close(STDOUT_FILENO);
Lubos Kardos 7aff53
-	close(passPhrasePipe[1]);
Lubos Kardos 7aff53
-	if ((fdno = open("/dev/null", O_RDONLY)) != STDIN_FILENO) {
Lubos Kardos 7aff53
-	    xx = dup2(fdno, STDIN_FILENO);
Lubos Kardos 7aff53
-	    close(fdno);
Lubos Kardos 7aff53
-	}
Lubos Kardos 7aff53
-	if ((fdno = open("/dev/null", O_WRONLY)) != STDOUT_FILENO) {
Lubos Kardos 7aff53
-	    xx = dup2(fdno, STDOUT_FILENO);
Lubos Kardos 7aff53
-	    close(fdno);
Lubos Kardos 7aff53
-	}
Lubos Kardos 7aff53
-	xx = dup2(passPhrasePipe[0], 3);
Lubos Kardos 7aff53
-
Lubos Kardos 7aff53
-	unsetenv("MALLOC_CHECK_");
Lubos Kardos 7aff53
-	gpg_path = rpmExpand("%{?_gpg_path}", NULL);
Lubos Kardos 7aff53
-
Lubos Kardos 7aff53
-	if (!rstreq(gpg_path, ""))
Lubos Kardos 7aff53
-	    setenv("GNUPGHOME", gpg_path, 1);
Lubos Kardos 7aff53
-	
Lubos Kardos 7aff53
-	cmd = rpmExpand("%{?__gpg_check_password_cmd}", NULL);
Lubos Kardos 7aff53
-	rc = poptParseArgvString(cmd, NULL, (const char ***)&av;;
Lubos Kardos 7aff53
-	if (xx >= 0 && rc == 0) {
Lubos Kardos 7aff53
-	    rc = execve(av[0], av+1, environ);
Lubos Kardos 7aff53
-	    fprintf(stderr, _("Could not exec %s: %s\n"), "gpg",
Lubos Kardos 7aff53
-			strerror(errno));
Lubos Kardos 7aff53
-	}
Lubos Kardos 7aff53
-	_exit(EXIT_FAILURE);
Lubos Kardos 7aff53
-    }
Lubos Kardos 7aff53
-
Lubos Kardos 7aff53
-    close(passPhrasePipe[0]);
Lubos Kardos 7aff53
-    xx = write(passPhrasePipe[1], passPhrase, strlen(passPhrase));
Lubos Kardos 7aff53
-    xx = write(passPhrasePipe[1], "\n", 1);
Lubos Kardos 7aff53
-    close(passPhrasePipe[1]);
Lubos Kardos 7aff53
-
Lubos Kardos 7aff53
-    if (xx >= 0 && waitpid(pid, &status, 0) >= 0)
Lubos Kardos 7aff53
-	rc = (WIFEXITED(status) && WEXITSTATUS(status) == 0) ? 0 : 1;
Lubos Kardos 7aff53
-
Lubos Kardos 7aff53
-    return rc;
Lubos Kardos 7aff53
-}
Lubos Kardos 7aff53
-
Lubos Kardos 7aff53
 /* TODO: permit overriding macro setup on the command line */
Lubos Kardos 7aff53
 static int doSign(poptContext optCon)
Lubos Kardos 7aff53
 {
Lubos Kardos 7aff53
@@ -119,18 +53,10 @@ static int doSign(poptContext optCon)
Lubos Kardos 7aff53
 	goto exit;
Lubos Kardos 7aff53
     }
Lubos Kardos 7aff53
 
Lubos Kardos 7aff53
-    /* XXX FIXME: eliminate obsolete getpass() usage */
Lubos Kardos 7aff53
-    passPhrase = getpass(_("Enter pass phrase: "));
Lubos Kardos 7aff53
-    passPhrase = (passPhrase != NULL) ? rstrdup(passPhrase) : NULL;
Lubos Kardos 7aff53
-    if (checkPassPhrase(passPhrase) == 0) {
Lubos Kardos 7aff53
-	const char *arg;
Lubos Kardos 7aff53
-	fprintf(stderr, _("Pass phrase is good.\n"));
Lubos Kardos 7aff53
-	rc = 0;
Lubos Kardos 7aff53
-	while ((arg = poptGetArg(optCon)) != NULL) {
Lubos Kardos 7aff53
-	    rc += rpmPkgSign(arg, NULL, passPhrase);
Lubos Kardos 7aff53
-	}
Lubos Kardos 7aff53
-    } else {
Lubos Kardos 7aff53
-	fprintf(stderr, _("Pass phrase check failed or gpg key expired\n"));
Lubos Kardos 7aff53
+    const char *arg;
Lubos Kardos 7aff53
+    rc = 0;
Lubos Kardos 7aff53
+    while ((arg = poptGetArg(optCon)) != NULL) {
Lubos Kardos 7aff53
+	rc += rpmPkgSign(arg, NULL);
Lubos Kardos 7aff53
     }
Lubos Kardos 7aff53
 
Lubos Kardos 7aff53
 exit:
Lubos Kardos 7aff53
diff --git a/sign/rpmgensig.c b/sign/rpmgensig.c
Lubos Kardos 7aff53
index 9691f0d..24bf39e 100644
Lubos Kardos 7aff53
--- a/sign/rpmgensig.c
Lubos Kardos 7aff53
+++ b/sign/rpmgensig.c
Lubos Kardos 7aff53
@@ -245,11 +245,9 @@ exit:
Lubos Kardos 7aff53
     return rc;
Lubos Kardos 7aff53
 }
Lubos Kardos 7aff53
 
Lubos Kardos 7aff53
-static int runGPG(sigTarget sigt, const char *sigfile, const char * passPhrase)
Lubos Kardos 7aff53
+static int runGPG(sigTarget sigt, const char *sigfile)
Lubos Kardos 7aff53
 {
Lubos Kardos 7aff53
     int pid = 0, status;
Lubos Kardos 7aff53
-    int inpipe[2];
Lubos Kardos 7aff53
-    FILE * fpipe = NULL;
Lubos Kardos 7aff53
     FD_t fnamedPipe = NULL;
Lubos Kardos 7aff53
     char *namedPipeName = NULL;
Lubos Kardos 7aff53
     unsigned char buf[BUFSIZ];
Lubos Kardos 7aff53
@@ -258,12 +256,6 @@ static int runGPG(sigTarget sigt, const char *sigfile, const char * passPhrase)
Lubos Kardos 7aff53
     rpm_loff_t size;
Lubos Kardos 7aff53
     int rc = 1; /* assume failure */
Lubos Kardos 7aff53
 
Lubos Kardos 7aff53
-    inpipe[0] = inpipe[1] = 0;
Lubos Kardos 7aff53
-    if (pipe(inpipe) < 0) {
Lubos Kardos 7aff53
-	rpmlog(RPMLOG_ERR, _("Couldn't create pipe for signing: %m"));
Lubos Kardos 7aff53
-	goto exit;
Lubos Kardos 7aff53
-    }
Lubos Kardos 7aff53
-
Lubos Kardos 7aff53
     namedPipeName = mkTempFifo();
Lubos Kardos 7aff53
 
Lubos Kardos 7aff53
     addMacro(NULL, "__plaintext_filename", NULL, namedPipeName, -1);
Lubos Kardos 7aff53
@@ -274,9 +266,6 @@ static int runGPG(sigTarget sigt, const char *sigfile, const char * passPhrase)
Lubos Kardos 7aff53
 	char *cmd = NULL;
Lubos Kardos 7aff53
 	const char *gpg_path = rpmExpand("%{?_gpg_path}", NULL);
Lubos Kardos 7aff53
 
Lubos Kardos 7aff53
-	(void) dup2(inpipe[0], 3);
Lubos Kardos 7aff53
-	(void) close(inpipe[1]);
Lubos Kardos 7aff53
-
Lubos Kardos 7aff53
 	if (gpg_path && *gpg_path != '\0')
Lubos Kardos 7aff53
 	    (void) setenv("GNUPGHOME", gpg_path, 1);
Lubos Kardos 7aff53
 	(void) setenv("LC_ALL", "C", 1);
Lubos Kardos 7aff53
@@ -295,23 +284,6 @@ static int runGPG(sigTarget sigt, const char *sigfile, const char * passPhrase)
Lubos Kardos 7aff53
     delMacro(NULL, "__plaintext_filename");
Lubos Kardos 7aff53
     delMacro(NULL, "__signature_filename");
Lubos Kardos 7aff53
 
Lubos Kardos 7aff53
-    (void) close(inpipe[0]);
Lubos Kardos 7aff53
-    inpipe[0] = 0;
Lubos Kardos 7aff53
-
Lubos Kardos 7aff53
-    fpipe = fdopen(inpipe[1], "w");
Lubos Kardos 7aff53
-    if (!fpipe) {
Lubos Kardos 7aff53
-	rpmlog(RPMLOG_ERR, _("fdopen failed\n"));
Lubos Kardos 7aff53
-	goto exit;
Lubos Kardos 7aff53
-    }
Lubos Kardos 7aff53
-    inpipe[1] = 0;
Lubos Kardos 7aff53
-
Lubos Kardos 7aff53
-    if (fprintf(fpipe, "%s\n", (passPhrase ? passPhrase : "")) < 0) {
Lubos Kardos 7aff53
-	rpmlog(RPMLOG_ERR, _("Could not write to pipe\n"));
Lubos Kardos 7aff53
-	goto exit;
Lubos Kardos 7aff53
-    }
Lubos Kardos 7aff53
-    (void) fclose(fpipe);
Lubos Kardos 7aff53
-    fpipe = NULL;
Lubos Kardos 7aff53
-
Lubos Kardos 7aff53
     fnamedPipe = Fopen(namedPipeName, "w");
Lubos Kardos 7aff53
     if (!fnamedPipe) {
Lubos Kardos 7aff53
 	rpmlog(RPMLOG_ERR, _("Fopen failed\n"));
Lubos Kardos 7aff53
@@ -352,14 +324,6 @@ static int runGPG(sigTarget sigt, const char *sigfile, const char * passPhrase)
Lubos Kardos 7aff53
     }
Lubos Kardos 7aff53
 
Lubos Kardos 7aff53
 exit:
Lubos Kardos 7aff53
-    if (fpipe)
Lubos Kardos 7aff53
-	fclose(fpipe);
Lubos Kardos 7aff53
-
Lubos Kardos 7aff53
-    if (inpipe[0])
Lubos Kardos 7aff53
-	close(inpipe[0]);
Lubos Kardos 7aff53
-
Lubos Kardos 7aff53
-    if (inpipe[1])
Lubos Kardos 7aff53
-	close(inpipe[1]);
Lubos Kardos 7aff53
 
Lubos Kardos 7aff53
     if (fnamedPipe)
Lubos Kardos 7aff53
 	Fclose(fnamedPipe);
Lubos Kardos 7aff53
@@ -383,8 +347,7 @@ exit:
Lubos Kardos 7aff53
  * @param passPhrase	private key pass phrase
Lubos Kardos 7aff53
  * @return		0 on success, 1 on failure
Lubos Kardos 7aff53
  */
Lubos Kardos 7aff53
-static int makeGPGSignature(Header sigh, int ishdr, sigTarget sigt,
Lubos Kardos 7aff53
-			    const char * passPhrase)
Lubos Kardos 7aff53
+static int makeGPGSignature(Header sigh, int ishdr, sigTarget sigt)
Lubos Kardos 7aff53
 {
Lubos Kardos 7aff53
     char * sigfile = rstrscat(NULL, sigt->fileName, ".sig", NULL);
Lubos Kardos 7aff53
     struct stat st;
Lubos Kardos 7aff53
@@ -392,7 +355,7 @@ static int makeGPGSignature(Header sigh, int ishdr, sigTarget sigt,
Lubos Kardos 7aff53
     size_t pktlen = 0;
Lubos Kardos 7aff53
     int rc = 1; /* assume failure */
Lubos Kardos 7aff53
 
Lubos Kardos 7aff53
-    if (runGPG(sigt, sigfile, passPhrase))
Lubos Kardos 7aff53
+    if (runGPG(sigt, sigfile))
Lubos Kardos 7aff53
 	goto exit;
Lubos Kardos 7aff53
 
Lubos Kardos 7aff53
     if (stat(sigfile, &st)) {
Lubos Kardos 7aff53
@@ -431,16 +394,15 @@ exit:
Lubos Kardos 7aff53
     return rc;
Lubos Kardos 7aff53
 }
Lubos Kardos 7aff53
 
Lubos Kardos 7aff53
-static int rpmGenSignature(Header sigh, sigTarget sigt1, sigTarget sigt2,
Lubos Kardos 7aff53
-			    const char * passPhrase)
Lubos Kardos 7aff53
+static int rpmGenSignature(Header sigh, sigTarget sigt1, sigTarget sigt2)
Lubos Kardos 7aff53
 {
Lubos Kardos 7aff53
     int ret;
Lubos Kardos 7aff53
 
Lubos Kardos 7aff53
-    ret = makeGPGSignature(sigh, 0, sigt1, passPhrase);
Lubos Kardos 7aff53
+    ret = makeGPGSignature(sigh, 0, sigt1);
Lubos Kardos 7aff53
     if (ret)
Lubos Kardos 7aff53
 	goto exit;
Lubos Kardos 7aff53
 
Lubos Kardos 7aff53
-    ret = makeGPGSignature(sigh, 1, sigt2, passPhrase);
Lubos Kardos 7aff53
+    ret = makeGPGSignature(sigh, 1, sigt2);
Lubos Kardos 7aff53
     if (ret)
Lubos Kardos 7aff53
 	goto exit;
Lubos Kardos 7aff53
 exit:
Lubos Kardos 7aff53
@@ -486,8 +448,7 @@ static int sameSignature(rpmTagVal sigtag, Header h1, Header h2)
Lubos Kardos 7aff53
     return (rc == 0);
Lubos Kardos 7aff53
 }
Lubos Kardos 7aff53
 
Lubos Kardos 7aff53
-static int replaceSignature(Header sigh, sigTarget sigt1, sigTarget sigt2,
Lubos Kardos 7aff53
-			    const char *passPhrase)
Lubos Kardos 7aff53
+static int replaceSignature(Header sigh, sigTarget sigt1, sigTarget sigt2)
Lubos Kardos 7aff53
 {
Lubos Kardos 7aff53
     /* Grab a copy of the header so we can compare the result */
Lubos Kardos 7aff53
     Header oldsigh = headerCopy(sigh);
Lubos Kardos 7aff53
@@ -500,7 +461,7 @@ static int replaceSignature(Header sigh, sigTarget sigt1, sigTarget sigt2,
Lubos Kardos 7aff53
      * rpmGenSignature() internals parse the actual signing result and 
Lubos Kardos 7aff53
      * adds appropriate tags for DSA/RSA.
Lubos Kardos 7aff53
      */
Lubos Kardos 7aff53
-    if (rpmGenSignature(sigh, sigt1, sigt2, passPhrase) == 0) {
Lubos Kardos 7aff53
+    if (rpmGenSignature(sigh, sigt1, sigt2) == 0) {
Lubos Kardos 7aff53
 	/* Lets see what we got and whether its the same signature as before */
Lubos Kardos 7aff53
 	rpmTagVal sigtag = headerIsEntry(sigh, RPMSIGTAG_DSA) ?
Lubos Kardos 7aff53
 					RPMSIGTAG_DSA : RPMSIGTAG_RSA;
Lubos Kardos 7aff53
@@ -517,10 +478,9 @@ static int replaceSignature(Header sigh, sigTarget sigt1, sigTarget sigt2,
Lubos Kardos 7aff53
  * Create/modify elements in signature header.
Lubos Kardos 7aff53
  * @param rpm		path to package
Lubos Kardos 7aff53
  * @param deleting	adding or deleting signature?
Lubos Kardos 7aff53
- * @param passPhrase	passPhrase (ignored when deleting)
Lubos Kardos 7aff53
  * @return		0 on success, -1 on error
Lubos Kardos 7aff53
  */
Lubos Kardos 7aff53
-static int rpmSign(const char *rpm, int deleting, const char *passPhrase)
Lubos Kardos 7aff53
+static int rpmSign(const char *rpm, int deleting)
Lubos Kardos 7aff53
 {
Lubos Kardos 7aff53
     FD_t fd = NULL;
Lubos Kardos 7aff53
     FD_t ofd = NULL;
Lubos Kardos 7aff53
@@ -605,7 +565,7 @@ static int rpmSign(const char *rpm, int deleting, const char *passPhrase)
Lubos Kardos 7aff53
 	sigt2 = sigt1;
Lubos Kardos 7aff53
 	sigt2.size = headerSizeof(h, HEADER_MAGIC_YES);
Lubos Kardos 7aff53
 
Lubos Kardos 7aff53
-	res = replaceSignature(sigh, &sigt1, &sigt2, passPhrase);
Lubos Kardos 7aff53
+	res = replaceSignature(sigh, &sigt1, &sigt2);
Lubos Kardos 7aff53
 	if (res != 0) {
Lubos Kardos 7aff53
 	    if (res == 1) {
Lubos Kardos 7aff53
 		rpmlog(RPMLOG_WARNING,
Lubos Kardos 7aff53
@@ -722,8 +682,7 @@ exit:
Lubos Kardos 7aff53
     return res;
Lubos Kardos 7aff53
 }
Lubos Kardos 7aff53
 
Lubos Kardos 7aff53
-int rpmPkgSign(const char *path,
Lubos Kardos 7aff53
-		const struct rpmSignArgs * args, const char *passPhrase)
Lubos Kardos 7aff53
+int rpmPkgSign(const char *path, const struct rpmSignArgs * args)
Lubos Kardos 7aff53
 {
Lubos Kardos 7aff53
     int rc;
Lubos Kardos 7aff53
 
Lubos Kardos 7aff53
@@ -739,7 +698,7 @@ int rpmPkgSign(const char *path,
Lubos Kardos 7aff53
 	}
Lubos Kardos 7aff53
     }
Lubos Kardos 7aff53
 
Lubos Kardos 7aff53
-    rc = rpmSign(path, 0, passPhrase);
Lubos Kardos 7aff53
+    rc = rpmSign(path, 0);
Lubos Kardos 7aff53
 
Lubos Kardos 7aff53
     if (args) {
Lubos Kardos 7aff53
 	if (args->hashalgo) {
Lubos Kardos 7aff53
@@ -755,5 +714,5 @@ int rpmPkgSign(const char *path,
Lubos Kardos 7aff53
 
Lubos Kardos 7aff53
 int rpmPkgDelSign(const char *path)
Lubos Kardos 7aff53
 {
Lubos Kardos 7aff53
-    return rpmSign(path, 1, NULL);
Lubos Kardos 7aff53
+    return rpmSign(path, 1);
Lubos Kardos 7aff53
 }
Lubos Kardos 7aff53
diff --git a/sign/rpmsign.h b/sign/rpmsign.h
Lubos Kardos 7aff53
index 15b3e0f..e161aff 100644
Lubos Kardos 7aff53
--- a/sign/rpmsign.h
Lubos Kardos 7aff53
+++ b/sign/rpmsign.h
Lubos Kardos 7aff53
@@ -21,8 +21,7 @@ struct rpmSignArgs {
Lubos Kardos 7aff53
  * @param passPhrase	passphrase for the signing key
Lubos Kardos 7aff53
  * @return		0 on success
Lubos Kardos 7aff53
  */
Lubos Kardos 7aff53
-int rpmPkgSign(const char *path,
Lubos Kardos 7aff53
-	       const struct rpmSignArgs * args, const char *passPhrase);
Lubos Kardos 7aff53
+int rpmPkgSign(const char *path, const struct rpmSignArgs * args);
Lubos Kardos 7aff53
 
Lubos Kardos 7aff53
 /** \ingroup rpmsign
Lubos Kardos 7aff53
  * Delete signature(s) from a package
Lubos Kardos 7aff53
-- 
Lubos Kardos 7aff53
1.9.3
Lubos Kardos 7aff53