teknoraver / rpms / rpm

Forked from rpms/rpm 5 months ago
Clone
Blob Blame History Raw
From 9a9514e665c30554a4d72c7c79475af315b83dc3 Mon Sep 17 00:00:00 2001
Message-Id: <9a9514e665c30554a4d72c7c79475af315b83dc3.1683531413.git.pmatilai@redhat.com>
From: Panu Matilainen <pmatilai@redhat.com>
Date: Mon, 8 May 2023 09:26:46 +0300
Subject: [PATCH] Forward-port obsoleted crypto needed by current libdnf

Provide the minimum required bits to allow the old PackageKit-inherited
signature in libdnf to work until the switch to dnf5 happens, allegedly
during this release cycle.
---
 include/rpm/rpmkeyring.h |  4 ++++
 include/rpm/rpmpgp.h     | 15 ++++++++++++
 rpmio/rpmkeyring.c       | 52 ++++++++++++++++++++++++++++++++++++++++
 rpmio/rpmpgp_sequoia.c   | 11 +++++++++
 4 files changed, 82 insertions(+)

diff --git a/include/rpm/rpmkeyring.h b/include/rpm/rpmkeyring.h
index 3d8d55773..c84292ff8 100644
--- a/include/rpm/rpmkeyring.h
+++ b/include/rpm/rpmkeyring.h
@@ -101,6 +101,10 @@ char * rpmPubkeyBase64(rpmPubkey key);
  */
 pgpDigParams rpmPubkeyPgpDigParams(rpmPubkey key);
 
+/* Obsolete APIs required by libdnf, do not use */
+rpmRC rpmKeyringLookup(rpmKeyring keyring, pgpDig sig);
+pgpDig rpmPubkeyDig(rpmPubkey key);
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/include/rpm/rpmpgp.h b/include/rpm/rpmpgp.h
index 675cbad73..f83642c18 100644
--- a/include/rpm/rpmpgp.h
+++ b/include/rpm/rpmpgp.h
@@ -1225,6 +1225,21 @@ int pgpSignatureType(pgpDigParams sig);
  */
 char *pgpIdentItem(pgpDigParams digp);
 
+/* Obsolete APIs required by libdnf, do not use */
+typedef struct pgpDig_s * pgpDig;
+
+RPM_GNUC_DEPRECATED
+pgpDig pgpNewDig(void);
+
+RPM_GNUC_DEPRECATED
+pgpDig pgpFreeDig(pgpDig dig);
+
+RPM_GNUC_DEPRECATED
+pgpDigParams pgpDigGetParams(pgpDig dig, unsigned int pkttype);
+
+RPM_GNUC_DEPRECATED
+int pgpPrtPkts(const uint8_t *pkts, size_t pktlen, pgpDig dig, int printing);
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/rpmio/rpmkeyring.c b/rpmio/rpmkeyring.c
index e3eb9e6ea..464163895 100644
--- a/rpmio/rpmkeyring.c
+++ b/rpmio/rpmkeyring.c
@@ -289,3 +289,55 @@ rpmRC rpmKeyringVerifySig(rpmKeyring keyring, pgpDigParams sig, DIGEST_CTX ctx)
 
     return rc;
 }
+
+rpmRC rpmKeyringLookup(rpmKeyring keyring, pgpDig sig)
+{
+    pthread_rwlock_rdlock(&keyring->lock);
+
+    rpmRC res = RPMRC_NOKEY;
+    pgpDigParams sigp = pgpDigGetParams(sig, PGPTAG_SIGNATURE);
+    rpmPubkey key = findbySig(keyring, sigp);
+
+    if (key) {
+	/*
+ 	 * Callers expect sig to have the key data parsed into pgpDig
+ 	 * on (successful) return, sigh. No need to check for return
+ 	 * here as this is validated at rpmPubkeyNew() already.
+ 	 */
+	pgpPrtPkts(key->pkt, key->pktlen, sig, _print_pkts);
+	res = RPMRC_OK;
+    }
+
+    pthread_rwlock_unlock(&keyring->lock);
+    return res;
+}
+
+pgpDig rpmPubkeyDig(rpmPubkey key)
+{
+    pgpDig dig = NULL;
+    static unsigned char zeros[] = 
+	{ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
+    int rc;
+    if (key == NULL)
+	return NULL;
+
+    dig = pgpNewDig();
+
+    pthread_rwlock_rdlock(&key->lock);
+    rc = pgpPrtPkts(key->pkt, key->pktlen, dig, _print_pkts);
+    pthread_rwlock_unlock(&key->lock);
+
+    if (rc == 0) {
+	pgpDigParams pubp = pgpDigGetParams(dig, PGPTAG_PUBLIC_KEY);
+	if (!pubp || !memcmp(pgpDigParamsSignID(pubp), zeros, sizeof(zeros)) ||
+            pgpDigParamsCreationTime(pubp) == 0 ||
+            pgpDigParamsUserID(pubp) == NULL) {
+	    rc = -1;
+	}
+    }
+
+    if (rc)
+	dig = pgpFreeDig(dig);
+
+    return dig;
+}
diff --git a/rpmio/rpmpgp_sequoia.c b/rpmio/rpmpgp_sequoia.c
index d0b673953..0c1c848dc 100644
--- a/rpmio/rpmpgp_sequoia.c
+++ b/rpmio/rpmpgp_sequoia.c
@@ -80,3 +80,14 @@ W(int, rpmDigestUpdate, (DIGEST_CTX ctx, const void * data, size_t len),
 W(int, rpmDigestFinal,
   (DIGEST_CTX ctx, void ** datap, size_t *lenp, int asAscii),
   (ctx, datap, lenp, asAscii))
+
+// Minimal backport of APIs required by libdnf until dnf5 takes over
+W(int, pgpPrtPkts,
+  (const uint8_t *pkts, size_t pktlen, pgpDig dig, int printing),
+  (pkts, pktlen, dig, printing))
+W(pgpDig, pgpNewDig, (void), ())
+W(pgpDig, pgpFreeDig, (pgpDig dig), (dig))
+W(pgpDigParams, pgpDigGetParams,
+  (pgpDig dig, unsigned int pkttype),
+  (dig, pkttype))
+
-- 
2.40.1