1 /* checksig.c: verify the signature of an RPM */
12 #include "signature.h"
15 int doReSign(int add, char *passPhrase, char **argv)
19 unsigned short sigtype;
20 char *rpm, sigtarget[1024];
22 unsigned char buffer[8192];
28 if ((fd = open(rpm, O_RDONLY, 0644)) < 0) {
29 fprintf(stderr, "%s: Open failed\n", rpm);
32 if (readLead(fd, &lead)) {
33 fprintf(stderr, "%s: readLead failed\n", rpm);
36 if (lead.major == 1) {
37 fprintf(stderr, "%s: Can't sign v1.0 RPM\n", rpm);
40 if (lead.major == 2) {
41 fprintf(stderr, "%s: Can't re-sign v2.0 RPM\n", rpm);
44 if (rpmReadSignature(fd, &sig, lead.signature_type)) {
45 fprintf(stderr, "%s: rpmReadSignature failed\n", rpm);
48 if (add != ADD_SIGNATURE) {
49 rpmFreeSignature(sig);
52 /* Write the rest to a temp file */
53 strcpy(sigtarget, tempnam(rpmGetVar(RPMVAR_TMPPATH), "rpmsigtarget"));
54 ofd = open(sigtarget, O_WRONLY|O_CREAT|O_TRUNC, 0644);
55 while ((count = read(fd, buffer, sizeof(buffer))) > 0) {
57 perror("Couldn't read the header/archive");
62 if (write(ofd, buffer, count) < 0) {
63 perror("Couldn't write header/archive to temp file");
72 /* Start writing the new RPM */
73 sprintf(tmprpm, "%s.tmp", rpm);
74 ofd = open(tmprpm, O_WRONLY|O_CREAT|O_TRUNC, 0644);
75 lead.signature_type = RPMSIG_HEADERSIG;
76 if (writeLead(ofd, &lead)) {
77 perror("writeLead()");
84 /* Generate the signature */
85 sigtype = rpmLookupSignatureType();
86 rpmMessage(RPMMESS_VERBOSE, "Generating signature: %d\n", sigtype);
87 if (add != ADD_SIGNATURE) {
88 sig = rpmNewSignature();
89 rpmAddSignature(sig, sigtarget, RPMSIGTAG_SIZE, passPhrase);
90 rpmAddSignature(sig, sigtarget, RPMSIGTAG_MD5, passPhrase);
93 rpmAddSignature(sig, sigtarget, sigtype, passPhrase);
95 if (rpmWriteSignature(ofd, sig)) {
99 rpmFreeSignature(sig);
102 rpmFreeSignature(sig);
104 /* Append the header and archive */
105 fd = open(sigtarget, O_RDONLY);
106 while ((count = read(fd, buffer, sizeof(buffer))) > 0) {
108 perror("Couldn't read sigtarget");
115 if (write(ofd, buffer, count) < 0) {
116 perror("Couldn't write package");
128 /* Move it in to place */
136 int doCheckSig(int flags, char **argv)
138 int fd, ofd, res, res2, res3, missingKeys;
141 char result[1024], sigtarget[1024];
142 unsigned char buffer[8192];
144 HeaderIterator sigIter;
145 int_32 tag, type, count;
151 if ((fd = open(rpm, O_RDONLY, 0644)) < 0) {
152 fprintf(stderr, "%s: Open failed\n", rpm);
156 if (readLead(fd, &lead)) {
157 fprintf(stderr, "%s: readLead failed\n", rpm);
161 if (lead.major == 1) {
162 fprintf(stderr, "%s: No signature available (v1.0 RPM)\n", rpm);
166 if (rpmReadSignature(fd, &sig, lead.signature_type)) {
167 fprintf(stderr, "%s: rpmReadSignature failed\n", rpm);
172 fprintf(stderr, "%s: No signature available\n", rpm);
176 /* Write the rest to a temp file */
177 strcpy(sigtarget, tempnam(rpmGetVar(RPMVAR_TMPPATH), "rpmsigtarget"));
178 ofd = open(sigtarget, O_WRONLY|O_CREAT|O_TRUNC, 0644);
179 while ((count = read(fd, buffer, sizeof(buffer))) > 0) {
181 perror("Couldn't read the header/archive");
186 if (write(ofd, buffer, count) < 0) {
187 fprintf(stderr, "Unable to write %s", sigtarget);
197 sigIter = headerInitIterator(sig);
200 if (rpmIsVerbose()) {
201 sprintf(buffer, "%s:\n", rpm);
203 sprintf(buffer, "%s: ", rpm);
205 while (headerNextIterator(sigIter, &tag, &type, &ptr, &count)) {
206 if ((tag == RPMSIGTAG_PGP) && !(flags & CHECKSIG_PGP))
208 else if ((tag == RPMSIGTAG_MD5 ||
209 tag == RPMSIGTAG_LEMD5_2 ||
210 tag == RPMSIGTAG_LEMD5_1)
211 && !(flags & CHECKSIG_MD5))
214 if ((res3 = rpmVerifySignature(sigtarget, tag, ptr, count,
216 if (rpmIsVerbose()) {
217 strcat(buffer, result);
222 strcat(buffer, "SIZE ");
226 case RPMSIGTAG_LEMD5_1:
227 case RPMSIGTAG_LEMD5_2:
228 strcat(buffer, "MD5 ");
232 if (res3 == RPMSIG_NOKEY) {
233 /* Do not consedier this a failure */
234 strcat(buffer, "(PGP) ");
237 strcat(buffer, "PGP ");
242 strcat(buffer, "!!! ");
247 if (rpmIsVerbose()) {
248 strcat(buffer, result);
252 strcat(buffer, "size ");
255 case RPMSIGTAG_LEMD5_1:
256 case RPMSIGTAG_LEMD5_2:
257 strcat(buffer, "md5 ");
260 strcat(buffer, "pgp ");
263 strcat(buffer, "??? ");
268 headerFreeIterator(sigIter);
273 if (rpmIsVerbose()) {
274 fprintf(stderr, "%s", buffer);
276 fprintf(stderr, "%sNOT OK%s\n", buffer,
277 missingKeys ? " (MISSING KEYS)" : "");
280 if (rpmIsVerbose()) {
281 printf("%s", buffer);
283 printf("%sOK%s\n", buffer,
284 missingKeys ? " (MISSING KEYS)" : "");