5 * \file lib/signature.h
6 * Generate and verify signatures.
9 #include <rpm/header.h>
11 /** \ingroup signature
12 * Signature types stored in rpm lead.
14 typedef enum sigType_e {
15 RPMSIGTYPE_HEADERSIG= 5 /*!< Header style signature */
22 /** \ingroup signature
23 * Return new, empty (signature) header instance.
24 * @return signature header
26 Header rpmNewSignature(void);
28 /** \ingroup signature
29 * Read (and verify header+payload size) signature header.
30 * If an old-style signature is found, we emulate a new style one.
31 * @param fd file handle
32 * @retval sighp address of (signature) header (or NULL)
33 * @param sig_type type of signature header to read (from lead)
34 * @retval msg failure msg
35 * @return rpmRC return code
37 rpmRC rpmReadSignature(FD_t fd, Header *sighp, sigType sig_type, char ** msg);
39 /** \ingroup signature
40 * Write signature header.
41 * @param fd file handle
42 * @param h (signature) header
43 * @return 0 on success, 1 on error
45 int rpmWriteSignature(FD_t fd, Header h);
47 /** \ingroup signature
48 * Generate signature(s) from a header+payload file, save in signature header.
49 * @param sigh signature header
50 * @param file header+payload file name
51 * @param sigTag type of signature(s) to add
52 * @param passPhrase private key pass phrase
53 * @return 0 on success, -1 on failure
55 int rpmAddSignature(Header sigh, const char * file,
56 rpmSigTag sigTag, const char * passPhrase);
58 /** \ingroup signature
59 * Verify a signature from a package.
61 * @param keyring keyring handle
62 * @param sigtd signature tag data container
63 * @param dig signature/pubkey parameters
64 * @retval result detailed text result of signature verification
66 * @return result of signature verification
68 rpmRC rpmVerifySignature(rpmKeyring keyring, rpmtd sigtd, pgpDig dig, DIGEST_CTX ctx, char ** result);
70 /** \ingroup signature
71 * Destroy signature header from package.
72 * @param h signature header
75 Header rpmFreeSignature(Header h);
77 /******************************************************************/
80 * Possible actions for rpmLookupSignatureType()
82 #define RPMLOOKUPSIG_QUERY 0 /* Lookup type in effect */
83 #define RPMLOOKUPSIG_DISABLE 1 /* Disable (--sign was not given) */
84 #define RPMLOOKUPSIG_ENABLE 2 /* Re-enable %_signature */
86 /** \ingroup signature
87 * Return type of signature needed for signing/building.
88 * @param action enable/disable/query action
89 * @return sigTag to use, 0 if none, -1 on error
91 int rpmLookupSignatureType(int action);
93 /** \ingroup signature
94 * Read a pass phrase using getpass(3), confirm with gpg/pgp helper binaries.
95 * @param prompt user prompt
96 * @param sigTag signature type/tag
99 char * rpmGetPassPhrase(const char * prompt, const rpmSigTag sigTag);
105 #endif /* H_SIGNATURE */