2 * \file lib/signature.c
5 /* signature.c - RPM signature functions */
9 * Things have been cleaned up wrt PGP. We can now handle
10 * signatures of any length (which means you can use any
11 * size key you like). We also honor PGPPATH finally.
16 #if HAVE_ASM_BYTEORDER_H
17 #include <asm/byteorder.h>
21 #include <rpmmacro.h> /* XXX for rpmGetPath() */
23 #include "misc.h" /* XXX for dosetenv() and makeTempFile() */
25 #include "signature.h"
28 /*@access Header@*/ /* XXX compared with NULL */
29 /*@access FD_t@*/ /* XXX compared with NULL */
31 int rpmLookupSignatureType(int action)
33 static int disabled = 0;
37 case RPMLOOKUPSIG_DISABLE:
40 case RPMLOOKUPSIG_ENABLE:
43 case RPMLOOKUPSIG_QUERY:
46 { const char *name = rpmExpand("%{_signature}", NULL);
47 if (!(name && *name != '%'))
49 else if (!xstrcasecmp(name, "none"))
51 else if (!xstrcasecmp(name, "pgp"))
53 else if (!xstrcasecmp(name, "pgp5")) /* XXX legacy */
55 else if (!xstrcasecmp(name, "gpg"))
58 rc = -1; /* Invalid %_signature spec in macro file */
65 /* rpmDetectPGPVersion() returns the absolute path to the "pgp" */
66 /* executable of the requested version, or NULL when none found. */
68 const char * rpmDetectPGPVersion(pgpVersion * pgpVer)
70 /* Actually this should support having more then one pgp version. */
71 /* At the moment only one version is possible since we only */
72 /* have one %_pgpbin and one %_pgp_path. */
74 static pgpVersion saved_pgp_version = PGP_UNKNOWN;
75 const char *pgpbin = rpmGetPath("%{_pgpbin}", NULL);
77 if (saved_pgp_version == PGP_UNKNOWN) {
81 if (!(pgpbin && pgpbin[0] != '%')) {
82 pgpbin = _free(pgpbin);
83 saved_pgp_version = -1;
86 pgpvbin = (char *)alloca(strlen(pgpbin) + sizeof("v"));
87 (void)stpcpy(stpcpy(pgpvbin, pgpbin), "v");
89 if (stat(pgpvbin, &st) == 0)
90 saved_pgp_version = PGP_5;
91 else if (stat(pgpbin, &st) == 0)
92 saved_pgp_version = PGP_2;
94 saved_pgp_version = PGP_NOTDETECTED;
98 *pgpVer = saved_pgp_version;
103 * Check package size.
104 * @todo rpmio: use fdSize rather than fstat(2) to get file size.
105 * @param fd package file handle
106 * @param siglen signature header size
107 * @param pad signature padding
108 * @param datalen length of header+payload
109 * @return rpmRC return code
111 static inline rpmRC checkSize(FD_t fd, int siglen, int pad, int datalen)
112 /*@modifies fileSystem @*/
117 if (fstat(Fileno(fd), &st))
120 if (!S_ISREG(st.st_mode)) {
121 rpmMessage(RPMMESS_DEBUG,
122 _("file is not regular -- skipping size check\n"));
126 rc = (((sizeof(struct rpmlead) + siglen + pad + datalen) - st.st_size)
127 ? RPMRC_BADSIZE : RPMRC_OK);
129 rpmMessage((rc == RPMRC_OK ? RPMMESS_DEBUG : RPMMESS_WARNING),
130 _("Expected size: %12d = lead(%d)+sigs(%d)+pad(%d)+data(%d)\n"),
131 (int)sizeof(struct rpmlead)+siglen+pad+datalen,
132 (int)sizeof(struct rpmlead), siglen, pad, datalen);
133 rpmMessage((rc == RPMRC_OK ? RPMMESS_DEBUG : RPMMESS_WARNING),
134 _(" Actual size: %12d\n"), (int)st.st_size);
139 rpmRC rpmReadSignature(FD_t fd, Header * headerp, sigType sig_type)
146 rpmRC rc = RPMRC_FAIL; /* assume failure */
153 case RPMSIGTYPE_NONE:
154 rpmMessage(RPMMESS_DEBUG, _("No signature\n"));
157 case RPMSIGTYPE_PGP262_1024:
158 rpmMessage(RPMMESS_DEBUG, _("Old PGP signature\n"));
159 /* These are always 256 bytes */
160 if (timedRead(fd, buf, 256) != 256)
163 (void) headerAddEntry(h, RPMSIGTAG_PGP, RPM_BIN_TYPE, buf, 152);
167 case RPMSIGTYPE_MD5_PGP:
168 rpmError(RPMERR_BADSIGTYPE,
169 _("Old (internal-only) signature! How did you get that!?\n"));
171 case RPMSIGTYPE_HEADERSIG:
172 case RPMSIGTYPE_DISABLE:
173 /* This is a new style signature */
174 h = headerRead(fd, HEADER_MAGIC_YES);
179 sigSize = headerSizeof(h, HEADER_MAGIC_YES);
181 /* XXX Legacy headers have a HEADER_IMAGE tag added. */
182 if (headerIsEntry(h, RPMTAG_HEADERIMAGE))
183 sigSize -= (16 + 16);
185 pad = (8 - (sigSize % 8)) % 8; /* 8-byte pad */
186 if (sig_type == RPMSIGTYPE_HEADERSIG) {
187 if (! headerGetEntry(h, RPMSIGTAG_SIZE, &type,
188 (void **)&archSize, &count))
190 rc = checkSize(fd, sigSize, pad, *archSize);
192 if (pad && timedRead(fd, buf, pad) != pad)
193 rc = RPMRC_SHORTREAD;
199 if (headerp && rc == 0)
207 int rpmWriteSignature(FD_t fd, Header h)
209 static byte buf[8] = "\000\000\000\000\000\000\000\000";
213 rc = headerWrite(fd, h, HEADER_MAGIC_YES);
217 sigSize = headerSizeof(h, HEADER_MAGIC_YES);
218 pad = (8 - (sigSize % 8)) % 8;
220 if (Fwrite(buf, sizeof(buf[0]), pad, fd) != pad)
223 rpmMessage(RPMMESS_DEBUG, _("Signature: size(%d)+pad(%d)\n"), sigSize, pad);
227 Header rpmNewSignature(void)
229 Header h = headerNew();
233 Header rpmFreeSignature(Header h)
235 return headerFree(h);
238 static int makePGPSignature(const char * file, /*@out@*/ void ** sig,
239 /*@out@*/ int_32 * size, /*@null@*/ const char * passPhrase)
240 /*@modifies *sig, *size, fileSystem @*/
242 char * sigfile = alloca(1024);
247 (void) stpcpy( stpcpy(sigfile, file), ".sig");
249 inpipe[0] = inpipe[1] = 0;
252 if (!(pid = fork())) {
253 const char *pgp_path = rpmExpand("%{_pgp_path}", NULL);
254 const char *name = rpmExpand("+myname=\"%{_pgp_name}\"", NULL);
258 (void) close(STDIN_FILENO);
259 (void) dup2(inpipe[0], 3);
260 (void) close(inpipe[1]);
262 (void) dosetenv("PGPPASSFD", "3", 1);
263 if (pgp_path && *pgp_path != '%')
264 (void) dosetenv("PGPPATH", pgp_path, 1);
266 /* dosetenv("PGPPASS", passPhrase, 1); */
268 if ((path = rpmDetectPGPVersion(&pgpVer)) != NULL) {
271 (void) execlp(path, "pgp", "+batchmode=on", "+verbose=0", "+armor=off",
272 name, "-sb", file, sigfile, NULL);
275 (void) execlp(path,"pgps", "+batchmode=on", "+verbose=0", "+armor=off",
276 name, "-b", file, "-o", sigfile, NULL);
279 case PGP_NOTDETECTED:
283 rpmError(RPMERR_EXEC, _("Couldn't exec pgp (%s)\n"),
284 (path ? path : NULL));
288 (void) close(inpipe[0]);
290 (void) write(inpipe[1], passPhrase, strlen(passPhrase));
291 (void) write(inpipe[1], "\n", 1);
292 (void) close(inpipe[1]);
294 (void)waitpid(pid, &status, 0);
295 if (!WIFEXITED(status) || WEXITSTATUS(status)) {
296 rpmError(RPMERR_SIGGEN, _("pgp failed\n"));
300 if (stat(sigfile, &st)) {
301 /* PGP failed to write signature */
302 if (sigfile) (void) unlink(sigfile); /* Just in case */
303 rpmError(RPMERR_SIGGEN, _("pgp failed to write signature\n"));
308 rpmMessage(RPMMESS_DEBUG, _("PGP sig size: %d\n"), *size);
309 *sig = xmalloc(*size);
313 fd = Fopen(sigfile, "r.fdio");
314 if (fd != NULL && !Ferror(fd)) {
315 rc = timedRead(fd, *sig, *size);
316 if (sigfile) (void) unlink(sigfile);
321 rpmError(RPMERR_SIGGEN, _("unable to read the signature\n"));
326 rpmMessage(RPMMESS_DEBUG, _("Got %d bytes of PGP sig\n"), *size);
331 /* This is an adaptation of the makePGPSignature function to use GPG instead
332 * of PGP to create signatures. I think I've made all the changes necessary,
333 * but this could be a good place to start looking if errors in GPG signature
336 static int makeGPGSignature(const char * file, /*@out@*/ void ** sig,
337 /*@out@*/ int_32 * size, /*@null@*/ const char * passPhrase)
338 /*@modifies *sig, *size, fileSystem @*/
340 char * sigfile = alloca(1024);
346 (void) stpcpy( stpcpy(sigfile, file), ".sig");
348 inpipe[0] = inpipe[1] = 0;
351 if (!(pid = fork())) {
352 const char *gpg_path = rpmExpand("%{_gpg_path}", NULL);
353 const char *name = rpmExpand("%{_gpg_name}", NULL);
355 (void) close(STDIN_FILENO);
356 (void) dup2(inpipe[0], 3);
357 (void) close(inpipe[1]);
359 if (gpg_path && *gpg_path != '%')
360 (void) dosetenv("GNUPGHOME", gpg_path, 1);
361 (void) execlp("gpg", "gpg",
362 "--batch", "--no-verbose", "--no-armor", "--passphrase-fd", "3",
363 "-u", name, "-sbo", sigfile, file,
365 rpmError(RPMERR_EXEC, _("Couldn't exec gpg\n"));
369 fpipe = fdopen(inpipe[1], "w");
370 (void) close(inpipe[0]);
372 fprintf(fpipe, "%s\n", (passPhrase ? passPhrase : ""));
373 (void) fclose(fpipe);
376 (void)waitpid(pid, &status, 0);
377 if (!WIFEXITED(status) || WEXITSTATUS(status)) {
378 rpmError(RPMERR_SIGGEN, _("gpg failed\n"));
382 if (stat(sigfile, &st)) {
383 /* GPG failed to write signature */
384 if (sigfile) (void) unlink(sigfile); /* Just in case */
385 rpmError(RPMERR_SIGGEN, _("gpg failed to write signature\n"));
390 rpmMessage(RPMMESS_DEBUG, _("GPG sig size: %d\n"), *size);
391 *sig = xmalloc(*size);
395 fd = Fopen(sigfile, "r.fdio");
396 if (fd != NULL && !Ferror(fd)) {
397 rc = timedRead(fd, *sig, *size);
398 if (sigfile) (void) unlink(sigfile);
403 rpmError(RPMERR_SIGGEN, _("unable to read the signature\n"));
408 rpmMessage(RPMMESS_DEBUG, _("Got %d bytes of GPG sig\n"), *size);
413 int rpmAddSignature(Header h, const char * file, int_32 sigTag,
414 const char *passPhrase)
424 (void) stat(file, &st);
427 (void) headerAddEntry(h, RPMSIGTAG_SIZE, RPM_INT32_TYPE, &size, 1);
430 ret = mdbinfile(file, buf);
432 (void) headerAddEntry(h, sigTag, RPM_BIN_TYPE, buf, 16);
434 case RPMSIGTAG_PGP5: /* XXX legacy */
436 rpmMessage(RPMMESS_VERBOSE, _("Generating signature using PGP.\n"));
437 ret = makePGPSignature(file, &sig, &size, passPhrase);
439 (void) headerAddEntry(h, sigTag, RPM_BIN_TYPE, sig, size);
442 rpmMessage(RPMMESS_VERBOSE, _("Generating signature using GPG.\n"));
443 ret = makeGPGSignature(file, &sig, &size, passPhrase);
445 (void) headerAddEntry(h, sigTag, RPM_BIN_TYPE, sig, size);
452 static rpmVerifySignatureReturn
453 verifySizeSignature(const char * datafile, int_32 size, /*@out@*/ char * result)
454 /*@modifies *result, fileSystem @*/
458 (void) stat(datafile, &st);
459 if (size != st.st_size) {
460 sprintf(result, "Header+Archive size mismatch.\n"
461 "Expected %d, saw %d.\n",
462 size, (int)st.st_size);
466 sprintf(result, "Header+Archive size OK: %d bytes\n", size);
470 #define X(_x) (unsigned)((_x) & 0xff)
472 static rpmVerifySignatureReturn
473 verifyMD5Signature(const char * datafile, const byte * sig,
474 /*@out@*/ char * result, md5func fn)
475 /*@modifies *result, fileSystem @*/
479 memset(md5sum, 0, sizeof(md5sum));
480 (void) fn(datafile, md5sum);
481 if (memcmp(md5sum, sig, 16)) {
482 sprintf(result, "MD5 sum mismatch\n"
483 "Expected: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x"
484 "%02x%02x%02x%02x%02x\n"
485 "Saw : %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x"
486 "%02x%02x%02x%02x%02x\n",
487 X(sig[0]), X(sig[1]), X(sig[2]), X(sig[3]),
488 X(sig[4]), X(sig[5]), X(sig[6]), X(sig[7]),
489 X(sig[8]), X(sig[9]), X(sig[10]), X(sig[11]),
490 X(sig[12]), X(sig[13]), X(sig[14]), X(sig[15]),
491 X(md5sum[0]), X(md5sum[1]), X(md5sum[2]), X(md5sum[3]),
492 X(md5sum[4]), X(md5sum[5]), X(md5sum[6]), X(md5sum[7]),
493 X(md5sum[8]), X(md5sum[9]), X(md5sum[10]), X(md5sum[11]),
494 X(md5sum[12]), X(md5sum[13]), X(md5sum[14]), X(md5sum[15]) );
498 sprintf(result, "MD5 sum OK: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x"
499 "%02x%02x%02x%02x%02x\n",
500 X(md5sum[0]), X(md5sum[1]), X(md5sum[2]), X(md5sum[3]),
501 X(md5sum[4]), X(md5sum[5]), X(md5sum[6]), X(md5sum[7]),
502 X(md5sum[8]), X(md5sum[9]), X(md5sum[10]), X(md5sum[11]),
503 X(md5sum[12]), X(md5sum[13]), X(md5sum[14]), X(md5sum[15]) );
508 static rpmVerifySignatureReturn
509 verifyPGPSignature(const char * datafile, const void * sig, int count,
510 /*@out@*/ char * result)
511 /*@modifies *result, fileSystem @*/
513 int pid, status, outpipe[2];
514 /*@only@*/ /*@null@*/ const char * sigfile = NULL;
521 /* What version do we have? */
522 if ((path = rpmDetectPGPVersion(&pgpVer)) == NULL) {
524 rpmError(RPMERR_EXEC,
525 _("Could not run pgp. Use --nopgp to skip PGP checks.\n"));
530 * Sad but true: pgp-5.0 returns exit value of 0 on bad signature.
531 * Instead we have to use the text output to detect a bad signature.
536 /* Write out the signature */
538 { const char *tmppath = rpmGetPath("%{_tmppath}", NULL);
539 sigfile = tempnam(tmppath, "rpmsig");
540 tmppath = _free(tmppath);
542 sfd = Fopen(sigfile, "w.fdio");
543 if (sfd != NULL && !Ferror(sfd)) {
544 (void) Fwrite(sig, sizeof(char), count, sfd);
549 if (!makeTempFile(NULL, &sigfile, &sfd)) {
550 (void) Fwrite(sig, sizeof(char), count, sfd);
560 outpipe[0] = outpipe[1] = 0;
561 (void) pipe(outpipe);
563 if (!(pid = fork())) {
564 const char *pgp_path = rpmExpand("%{_pgp_path}", NULL);
566 (void) close(outpipe[0]);
567 (void) close(STDOUT_FILENO); /* XXX unnecessary */
568 (void) dup2(outpipe[1], STDOUT_FILENO);
570 if (pgp_path && *pgp_path != '%')
571 (void) dosetenv("PGPPATH", pgp_path, 1);
575 /* Some output (in particular "This signature applies to */
576 /* another message") is _always_ written to stderr; we */
577 /* want to catch that output, so dup stdout to stderr: */
578 { int save_stderr = dup(2);
580 (void) execlp(path, "pgpv", "+batchmode=on", "+verbose=0",
581 /* Write "Good signature..." to stdout: */
582 "+OutputInformationFD=1",
583 /* Write "WARNING: ... is not trusted to... to stdout: */
584 "+OutputWarningFD=1",
585 sigfile, "-o", datafile, NULL);
586 /* Restore stderr so we can print the error message below. */
587 (void) dup2(save_stderr, 2);
588 (void) close(save_stderr);
591 (void) execlp(path, "pgp", "+batchmode=on", "+verbose=0",
592 sigfile, datafile, NULL);
595 case PGP_NOTDETECTED:
599 rpmError(RPMERR_EXEC,
600 _("Could not run pgp. Use --nopgp to skip PGP checks.\n"));
604 (void) close(outpipe[1]);
605 file = fdopen(outpipe[0], "r");
608 while (fgets(buf, 1024, file)) {
609 if (strncmp("File '", buf, 6) &&
610 strncmp("Text is assu", buf, 12) &&
611 strncmp("This signature applies to another message", buf, 41) &&
615 if (!strncmp("WARNING: Can't find the right public key", buf, 40))
617 else if (!strncmp("Signature by unknown keyid:", buf, 27))
619 else if (!strncmp("WARNING: The signing key is not trusted", buf, 39))
620 res = RPMSIG_NOTTRUSTED;
621 else if (!strncmp("Good signature", buf, 14))
627 (void) waitpid(pid, &status, 0);
628 if (sigfile) (void) unlink(sigfile);
629 sigfile = _free(sigfile);
630 if (!res && (!WIFEXITED(status) || WEXITSTATUS(status))) {
637 static rpmVerifySignatureReturn
638 verifyGPGSignature(const char * datafile, const void * sig, int count,
639 /*@out@*/ char * result)
640 /*@modifies *result, fileSystem @*/
642 int pid, status, outpipe[2];
643 /*@only@*/ /*@null@*/ const char * sigfile = NULL;
648 /* Write out the signature */
650 { const char *tmppath = rpmGetPath("%{_tmppath}", NULL);
651 sigfile = tempnam(tmppath, "rpmsig");
652 tmppath = _free(tmppath);
654 sfd = Fopen(sigfile, "w.fdio");
655 if (sfd != NULL && !Ferror(sfd)) {
656 (void) Fwrite(sig, sizeof(char), count, sfd);
661 if (!makeTempFile(NULL, &sigfile, &sfd)) {
662 (void) Fwrite(sig, sizeof(char), count, sfd);
672 outpipe[0] = outpipe[1] = 0;
673 (void) pipe(outpipe);
675 if (!(pid = fork())) {
676 const char *gpg_path = rpmExpand("%{_gpg_path}", NULL);
678 (void) close(outpipe[0]);
679 /* gpg version 0.9 sends its output to stderr. */
680 (void) dup2(outpipe[1], STDERR_FILENO);
682 if (gpg_path && *gpg_path != '%')
683 (void) dosetenv("GNUPGHOME", gpg_path, 1);
685 (void) execlp("gpg", "gpg",
686 "--batch", "--no-verbose",
687 "--verify", sigfile, datafile,
689 rpmError(RPMERR_EXEC,
690 _("Could not run gpg. Use --nogpg to skip GPG checks.\n"));
694 (void) close(outpipe[1]);
695 file = fdopen(outpipe[0], "r");
698 while (fgets(buf, 1024, file)) {
700 if (!xstrncasecmp("gpg: Can't check signature: Public key not found", buf, 48)) {
707 (void) waitpid(pid, &status, 0);
708 if (sigfile) (void) unlink(sigfile);
709 sigfile = _free(sigfile);
710 if (!res && (!WIFEXITED(status) || WEXITSTATUS(status))) {
717 static int checkPassPhrase(const char * passPhrase, const int sigTag)
718 /*@modifies fileSystem @*/
720 int passPhrasePipe[2];
724 passPhrasePipe[0] = passPhrasePipe[1] = 0;
725 (void) pipe(passPhrasePipe);
726 if (!(pid = fork())) {
727 (void) close(STDIN_FILENO);
728 (void) close(STDOUT_FILENO);
729 (void) close(passPhrasePipe[1]);
730 if (! rpmIsVerbose()) {
731 (void) close(STDERR_FILENO);
733 if ((fd = open("/dev/null", O_RDONLY)) != STDIN_FILENO) {
734 (void) dup2(fd, STDIN_FILENO);
737 if ((fd = open("/dev/null", O_WRONLY)) != STDOUT_FILENO) {
738 (void) dup2(fd, STDOUT_FILENO);
741 (void) dup2(passPhrasePipe[0], 3);
745 { const char *gpg_path = rpmExpand("%{_gpg_path}", NULL);
746 const char *name = rpmExpand("%{_gpg_name}", NULL);
747 if (gpg_path && *gpg_path != '%')
748 (void) dosetenv("GNUPGHOME", gpg_path, 1);
749 (void) execlp("gpg", "gpg",
750 "--batch", "--no-verbose", "--passphrase-fd", "3",
751 "-u", name, "-so", "-",
753 rpmError(RPMERR_EXEC, _("Couldn't exec gpg\n"));
755 } /*@notreached@*/ break;
756 case RPMSIGTAG_PGP5: /* XXX legacy */
758 { const char *pgp_path = rpmExpand("%{_pgp_path}", NULL);
759 const char *name = rpmExpand("+myname=\"%{_pgp_name}\"", NULL);
763 (void) dosetenv("PGPPASSFD", "3", 1);
764 if (pgp_path && *pgp_path != '%')
765 (void) dosetenv("PGPPATH", pgp_path, 1);
767 if ((path = rpmDetectPGPVersion(&pgpVer)) != NULL) {
770 (void) execlp(path, "pgp", "+batchmode=on", "+verbose=0",
773 case PGP_5: /* XXX legacy */
774 (void) execlp(path,"pgps", "+batchmode=on", "+verbose=0",
778 case PGP_NOTDETECTED:
782 rpmError(RPMERR_EXEC, _("Couldn't exec pgp\n"));
784 } /*@notreached@*/ break;
785 default: /* This case should have been screened out long ago. */
786 rpmError(RPMERR_SIGGEN, _("Invalid %%_signature spec in macro file\n"));
787 _exit(RPMERR_SIGGEN);
788 /*@notreached@*/ break;
792 (void) close(passPhrasePipe[0]);
793 (void) write(passPhrasePipe[1], passPhrase, strlen(passPhrase));
794 (void) write(passPhrasePipe[1], "\n", 1);
795 (void) close(passPhrasePipe[1]);
797 (void)waitpid(pid, &status, 0);
798 if (!WIFEXITED(status) || WEXITSTATUS(status)) {
802 /* passPhrase is good */
806 char * rpmGetPassPhrase(const char * prompt, const int sigTag)
813 { const char *name = rpmExpand("%{_gpg_name}", NULL);
814 aok = (name && *name != '%');
818 rpmError(RPMERR_SIGGEN,
819 _("You must set \"%%_gpg_name\" in your macro file\n"));
823 case RPMSIGTAG_PGP5: /* XXX legacy */
825 { const char *name = rpmExpand("%{_pgp_name}", NULL);
826 aok = (name && *name != '%');
830 rpmError(RPMERR_SIGGEN,
831 _("You must set \"%%_pgp_name\" in your macro file\n"));
836 /* Currently the calling function (rpm.c:main) is checking this and
837 * doing a better job. This section should never be accessed.
839 rpmError(RPMERR_SIGGEN, _("Invalid %%_signature spec in macro file\n"));
841 /*@notreached@*/ break;
844 pass = /*@-unrecog@*/ getpass( (prompt ? prompt : "") ) /*@=unrecog@*/ ;
846 if (checkPassPhrase(pass, sigTag))
852 rpmVerifySignatureReturn
853 rpmVerifySignature(const char * file, int_32 sigTag, const void * sig,
854 int count, char * result)
858 return verifySizeSignature(file, *(int_32 *)sig, result);
859 /*@notreached@*/ break;
861 return verifyMD5Signature(file, sig, result, mdbinfile);
862 /*@notreached@*/ break;
863 case RPMSIGTAG_LEMD5_1:
864 case RPMSIGTAG_LEMD5_2:
865 return verifyMD5Signature(file, sig, result, mdbinfileBroken);
866 /*@notreached@*/ break;
867 case RPMSIGTAG_PGP5: /* XXX legacy */
869 return verifyPGPSignature(file, sig, count, result);
870 /*@notreached@*/ break;
872 return verifyGPGSignature(file, sig, count, result);
873 /*@notreached@*/ break;
875 sprintf(result, "Do not know how to verify sig type %d\n", sigTag);
876 return RPMSIG_UNKNOWN;