- link libbz2.a statically to avoid rpm->bzip2 dependence for now.
- Tru64: avoid find-requires variable size limit (Tim Mooney).
- Solaris: use getpassphrase rather than getpass if available.
+ - pgp and pgp5 have compatible RSA signature (#4780).
3.0.1 -> 3.0.2
- eliminate armv4 entries from rpmrc (Andrew E. Mileski).
}
/* Generate the signature */
- sigtype = rpmLookupSignatureType(RPMLOOKUPSIG_QUERY);
fflush(stdout);
sig = rpmNewSignature();
rpmAddSignature(sig, sigtarget, RPMSIGTAG_SIZE, passPhrase);
rpmAddSignature(sig, sigtarget, RPMSIGTAG_MD5, passPhrase);
- if (sigtype > 0) {
+ if ((sigtype = rpmLookupSignatureType(RPMLOOKUPSIG_QUERY)) > 0) {
rpmMessage(RPMMESS_NORMAL, _("Generating signature: %d\n"), sigtype);
rpmAddSignature(sig, sigtarget, sigtype, passPhrase);
}
struct availablePackage {
Header h;
- char ** provides;
- char ** files;
+ const char ** provides;
+ const char ** providesEVR; /* unused */
+ int * providesFlags; /* unused */
+ const char ** files;
const char * name, * version, * release;
int epoch, hasEpoch, providesCount, filesCount;
const void * key;
#include "system.h"
-#ifdef DYING
-#include "build/rpmbuild.h"
-#endif
#include <rpmlib.h>
#include "rpmlead.h"
#include "signature.h"
#include "misc.h" /* XXX for makeTempFile() */
+static int manageFile(FD_t *fdp, const char **fnp, int flags, int rc)
+{
+ const char *fn;
+ FD_t fd;
+
+ if (fdp == NULL) { /* programmer error */
+ return 1;
+ }
+
+ /* close and reset *fdp to NULL */
+ if (*fdp && (fnp == NULL || *fnp == NULL)) {
+ fdClose(*fdp);
+ *fdp = NULL;
+ return 0;
+ }
+
+ /* open a file and set *fdp */
+ if (*fdp == NULL && fnp && *fnp) {
+ mode_t mode = (flags & O_CREAT) ? 0644 : 0;
+ if (fdFileno(fd = fdOpen(*fnp, flags, mode)) < 0) {
+ fprintf(stderr, _("%s: fdOpen failed: %s\n"), *fnp,
+ strerror(errno));
+ return 1;
+ }
+ *fdp = fd;
+ return 0;
+ }
+
+ /* open a temp file */
+ if (*fdp == NULL && (fnp == NULL || *fnp == NULL)) {
+ if (makeTempFile(NULL, (fnp ? &fn : NULL), &fd)) {
+ fprintf(stderr, _("%s: makeTempFile failed\n"));
+ return 1;
+ }
+ if (fnp)
+ *fnp = fn;
+ *fdp = fd;
+ return 0;
+ }
+
+ /* no operation */
+ if (*fdp && fnp && *fnp) {
+ return 0;
+ }
+
+ /* XXX never reached */
+ return 1;
+}
+
+static int copyFile(FD_t *sfdp, const char **sfnp,
+ FD_t *tfdp, const char **tfnp)
+{
+ unsigned char buffer[8192];
+ ssize_t count;
+ int rc = 1;
+
+ if (manageFile(sfdp, sfnp, O_RDONLY, 0))
+ goto exit;
+ if (manageFile(tfdp, tfnp, O_WRONLY|O_CREAT|O_TRUNC, 0))
+ goto exit;
+
+ while ((count = fdRead(*sfdp, buffer, sizeof(buffer))) > 0) {
+ if (fdWrite(*tfdp, buffer, count) < 0) {
+ fprintf(stderr, _("%s: fdWrite failed: %s\n"), *tfnp,
+ strerror(errno));
+ goto exit;
+ }
+ }
+ if (count < 0) {
+ fprintf(stderr, _("%s: fdRead failed: %s\n"), *sfnp, strerror(errno));
+ goto exit;
+ }
+
+ rc = 0;
+
+exit:
+ if (*sfdp) manageFile(sfdp, NULL, 0, rc);
+ if (*tfdp) manageFile(tfdp, NULL, 0, rc);
+ return rc;
+}
+
int rpmReSign(int add, char *passPhrase, const char **argv)
{
- FD_t fd, ofd;
- int count;
+ FD_t fd = NULL;
+ FD_t ofd = NULL;
struct rpmlead lead;
unsigned short sigtype;
- const char *rpm;
- const char *sigtarget;
- char tmprpm[1024];
- unsigned char buffer[8192];
- Header sig;
+ const char *rpm, *trpm;
+ const char *sigtarget = NULL;
+ char tmprpm[1024+1];
+ Header sig = NULL;
+ int rc = EXIT_FAILURE;
- while (*argv) {
- rpm = *argv++;
+ tmprpm[0] = '\0';
+ while ((rpm = *argv++) != NULL) {
+
fprintf(stdout, "%s:\n", rpm);
- if (fdFileno(fd = fdOpen(rpm, O_RDONLY, 0644)) < 0) {
- fprintf(stderr, _("%s: Open failed\n"), rpm);
- exit(EXIT_FAILURE);
- }
+
+ if (manageFile(&fd, &rpm, O_RDONLY, 0))
+ goto exit;
+
if (readLead(fd, &lead)) {
fprintf(stderr, _("%s: readLead failed\n"), rpm);
- exit(EXIT_FAILURE);
+ goto exit;
}
- if (lead.major == 1) {
+ switch (lead.major) {
+ case 1:
fprintf(stderr, _("%s: Can't sign v1.0 RPM\n"), rpm);
- exit(EXIT_FAILURE);
- }
- if (lead.major == 2) {
+ goto exit;
+ break;
+ case 2:
fprintf(stderr, _("%s: Can't re-sign v2.0 RPM\n"), rpm);
- exit(EXIT_FAILURE);
+ goto exit;
+ break;
+ default:
+ break;
}
+
if (rpmReadSignature(fd, &sig, lead.signature_type)) {
fprintf(stderr, _("%s: rpmReadSignature failed\n"), rpm);
- exit(EXIT_FAILURE);
+ goto exit;
+ }
+ if (sig == NULL) {
+ fprintf(stderr, _("%s: No signature available\n"), rpm);
+ goto exit;
}
+
+ /* Write the header and archive to a temp file */
+ /* ASSERT: ofd == NULL && sigtarget == NULL */
+ if (copyFile(&fd, &rpm, &ofd, &sigtarget))
+ goto exit;
+ /* Both fd and ofd are now closed. sigtarget contains tempfile name. */
+ /* ASSERT: fd == NULL && ofd == NULL */
+
+ /* Generate the new signatures */
if (add != ADD_SIGNATURE) {
rpmFreeSignature(sig);
+ sig = rpmNewSignature();
+ rpmAddSignature(sig, sigtarget, RPMSIGTAG_SIZE, passPhrase);
+ rpmAddSignature(sig, sigtarget, RPMSIGTAG_MD5, passPhrase);
}
- /* Write the rest to a temp file */
- if (makeTempFile(NULL, &sigtarget, &ofd))
- exit(EXIT_FAILURE);
-
- while ((count = fdRead(fd, buffer, sizeof(buffer))) > 0) {
- if (count == -1) {
- perror(_("Couldn't read the header/archive"));
- fdClose(ofd);
- unlink(sigtarget);
- xfree(sigtarget);
- exit(EXIT_FAILURE);
- }
- if (fdWrite(ofd, buffer, count) < 0) {
- perror(_("Couldn't write header/archive to temp file"));
- fdClose(ofd);
- unlink(sigtarget);
- xfree(sigtarget);
- exit(EXIT_FAILURE);
- }
- }
- fdClose(fd);
- fdClose(ofd);
+ if ((sigtype = rpmLookupSignatureType(RPMLOOKUPSIG_QUERY)) > 0)
+ rpmAddSignature(sig, sigtarget, sigtype, passPhrase);
- /* Start writing the new RPM */
+ /* Write the lead/signature of the output rpm */
strcpy(tmprpm, rpm);
strcat(tmprpm, ".XXXXXX");
mktemp(tmprpm);
+ trpm = tmprpm;
+
+ if (manageFile(&ofd, &trpm, O_WRONLY|O_CREAT|O_TRUNC, 0))
+ goto exit;
- ofd = fdOpen(tmprpm, O_WRONLY|O_CREAT|O_TRUNC, 0644);
lead.signature_type = RPMSIG_HEADERSIG;
if (writeLead(ofd, &lead)) {
- perror("writeLead()");
- fdClose(ofd);
- unlink(sigtarget);
- unlink(tmprpm);
- xfree(sigtarget);
- exit(EXIT_FAILURE);
+ fprintf(stderr, _("%s: writeLead failed: %s\n"), trpm,
+ strerror(errno));
+ goto exit;
}
- /* Generate the signature */
- sigtype = rpmLookupSignatureType(RPMLOOKUPSIG_QUERY);
- rpmMessage(RPMMESS_VERBOSE, _("Generating signature: %d\n"), sigtype);
- if (add != ADD_SIGNATURE) {
- sig = rpmNewSignature();
- rpmAddSignature(sig, sigtarget, RPMSIGTAG_SIZE, passPhrase);
- rpmAddSignature(sig, sigtarget, RPMSIGTAG_MD5, passPhrase);
- }
- if (sigtype>0) {
- rpmAddSignature(sig, sigtarget, sigtype, passPhrase);
- }
if (rpmWriteSignature(ofd, sig)) {
- fdClose(ofd);
- unlink(sigtarget);
- unlink(tmprpm);
- xfree(sigtarget);
- rpmFreeSignature(sig);
- exit(EXIT_FAILURE);
+ fprintf(stderr, _("%s: rpmWriteSignature failed\n"), trpm);
+ goto exit;
}
- rpmFreeSignature(sig);
- /* Append the header and archive */
- fd = fdOpen(sigtarget, O_RDONLY, 0);
- while ((count = fdRead(fd, buffer, sizeof(buffer))) > 0) {
- if (count == -1) {
- perror(_("Couldn't read sigtarget"));
- fdClose(ofd);
- fdClose(fd);
- unlink(sigtarget);
- unlink(tmprpm);
- xfree(sigtarget);
- exit(EXIT_FAILURE);
- }
- if (fdWrite(ofd, buffer, count) < 0) {
- perror(_("Couldn't write package"));
- fdClose(ofd);
- fdClose(fd);
- unlink(sigtarget);
- unlink(tmprpm);
- xfree(sigtarget);
- exit(EXIT_FAILURE);
- }
- }
- fdClose(fd);
- fdClose(ofd);
+ /* Append the header and archive from the temp file */
+ /* ASSERT: fd == NULL && ofd != NULL */
+ if (copyFile(&fd, &sigtarget, &ofd, &trpm))
+ goto exit;
+ /* Both fd and ofd are now closed. */
+ /* ASSERT: fd == NULL && ofd == NULL */
+
+ /* Clean up intermediate target */
unlink(sigtarget);
- xfree(sigtarget);
+ xfree(sigtarget); sigtarget = NULL;
- /* Move it in to place */
+ /* Move final target into place. */
unlink(rpm);
- rename(tmprpm, rpm);
+ rename(trpm, rpm); tmprpm[0] = '\0';
+ }
+
+ rc = 0;
+
+exit:
+ if (fd) manageFile(&fd, NULL, 0, rc);
+ if (ofd) manageFile(&ofd, NULL, 0, rc);
+
+ if (sig) {
+ rpmFreeSignature(sig);
+ sig = NULL;
+ }
+ if (sigtarget) {
+ unlink(sigtarget);
+ xfree(sigtarget);
+ sigtarget = NULL;
+ }
+ if (tmprpm[0] != '\0') {
+ unlink(tmprpm);
+ tmprpm[0] = '\0';
}
- return 0;
+ return rc;
}
int rpmCheckSig(int flags, const char **argv)
{
- FD_t fd, ofd;
- int res, res2, res3;
+ FD_t fd = NULL;
+ FD_t ofd = NULL;
+ int res2, res3;
struct rpmlead lead;
- const char *rpm;
+ const char *rpm = NULL;
char result[1024];
- const char * sigtarget;
+ const char * sigtarget = NULL;
unsigned char buffer[8192];
unsigned char missingKeys[7164];
unsigned char untrustedKeys[7164];
HeaderIterator sigIter;
int_32 tag, type, count;
void *ptr;
+ int res = 0;
+
+ while ((rpm = *argv++) != NULL) {
- res = 0;
- while (*argv) {
- rpm = *argv++;
- if (fdFileno(fd = fdOpen(rpm, O_RDONLY, 0644)) < 0) {
- fprintf(stderr, _("%s: Open failed\n"), rpm);
+ if (manageFile(&fd, &rpm, O_RDONLY, 0)) {
res++;
- continue;
+ goto bottom;
}
+
if (readLead(fd, &lead)) {
fprintf(stderr, _("%s: readLead failed\n"), rpm);
res++;
- continue;
+ goto bottom;
}
- if (lead.major == 1) {
+ switch (lead.major) {
+ case 1:
fprintf(stderr, _("%s: No signature available (v1.0 RPM)\n"), rpm);
res++;
- continue;
+ goto bottom;
+ break;
+ default:
+ break;
}
if (rpmReadSignature(fd, &sig, lead.signature_type)) {
fprintf(stderr, _("%s: rpmReadSignature failed\n"), rpm);
res++;
- continue;
+ goto bottom;
}
if (sig == NULL) {
fprintf(stderr, _("%s: No signature available\n"), rpm);
res++;
- continue;
+ goto bottom;
}
- /* Write the rest to a temp file */
- if (makeTempFile(NULL, &sigtarget, &ofd))
- exit(EXIT_FAILURE);
- while ((count = fdRead(fd, buffer, sizeof(buffer))) > 0) {
- if (count == -1) {
- perror(_("Couldn't read the header/archive"));
- fdClose(ofd);
- unlink(sigtarget);
- xfree(sigtarget);
- exit(EXIT_FAILURE);
- }
- if (fdWrite(ofd, buffer, count) < 0) {
- fprintf(stderr, _("Unable to write %s"), sigtarget);
- perror("");
- fdClose(ofd);
- unlink(sigtarget);
- xfree(sigtarget);
- exit(EXIT_FAILURE);
- }
+ /* Write the header and archive to a temp file */
+ /* ASSERT: ofd == NULL && sigtarget == NULL */
+ if (copyFile(&fd, &rpm, &ofd, &sigtarget)) {
+ res++;
+ goto bottom;
}
- fdClose(fd);
- fdClose(ofd);
+ /* Both fd and ofd are now closed. sigtarget contains tempfile name. */
+ /* ASSERT: fd == NULL && ofd == NULL */
res2 = 0;
missingKeys[0] = '\0';
sigIter = headerInitIterator(sig);
while (headerNextIterator(sigIter, &tag, &type, &ptr, &count)) {
- if ((tag == RPMSIGTAG_PGP || tag == RPMSIGTAG_PGP5)
- && !(flags & CHECKSIG_PGP))
- continue;
- if ((tag == RPMSIGTAG_GPG) && !(flags & CHECKSIG_GPG))
- continue;
- if ((tag == RPMSIGTAG_MD5 ||
- tag == RPMSIGTAG_LEMD5_2 ||
- tag == RPMSIGTAG_LEMD5_1)
- && !(flags & CHECKSIG_MD5))
+ switch (tag) {
+ case RPMSIGTAG_PGP5: /* XXX legacy */
+ case RPMSIGTAG_PGP:
+ if (!(flags & CHECKSIG_PGP))
+ continue;
+ break;
+ case RPMSIGTAG_GPG:
+ if (!(flags & CHECKSIG_GPG))
+ continue;
+ break;
+ case RPMSIGTAG_LEMD5_2:
+ case RPMSIGTAG_LEMD5_1:
+ case RPMSIGTAG_MD5:
+ if (!(flags & CHECKSIG_MD5))
+ continue;
+ break;
+ default:
continue;
+ break;
+ }
if ((res3 = rpmVerifySignature(sigtarget, tag, ptr, count,
result))) {
strcat(buffer, "SIZE ");
res2 = 1;
break;
- case RPMSIGTAG_MD5:
- case RPMSIGTAG_LEMD5_1:
case RPMSIGTAG_LEMD5_2:
+ case RPMSIGTAG_LEMD5_1:
+ case RPMSIGTAG_MD5:
strcat(buffer, "MD5 ");
res2 = 1;
break;
+ case RPMSIGTAG_PGP5: /* XXX legacy */
case RPMSIGTAG_PGP:
- case RPMSIGTAG_PGP5:
- if (res3 == RPMSIG_NOKEY || res3 == RPMSIG_NOTTRUSTED) {
- /* Do not consider these a failure */
- int offset = 7;
+ switch (res3) {
+ /* Do not consider these a failure */
+ case RPMSIG_NOKEY:
+ case RPMSIG_NOTTRUSTED:
+ { int offset = 7;
strcat(buffer, "(PGP) ");
tempKey = strstr(result, "Key ID");
if (tempKey == NULL) {
strncat(untrustedKeys, tempKey + offset, 8);
}
}
- } else {
+ } break;
+ default:
strcat(buffer, "PGP ");
res2 = 1;
+ break;
}
break;
case RPMSIGTAG_GPG:
- if (res3 == RPMSIG_NOKEY) {
- /* Do not consider this a failure */
+ /* Do not consider this a failure */
+ switch (res3) {
+ case RPMSIG_NOKEY:
strcat(buffer, "(GPG) ");
strcat(missingKeys, " GPG#");
tempKey = strstr(result, "key ID");
if (tempKey)
strncat(missingKeys, tempKey+7, 8);
- } else {
+ break;
+ default:
strcat(buffer, "GPG ");
res2 = 1;
+ break;
}
break;
default:
strcat(buffer, "?UnknownSignatureType? ");
res2 = 1;
+ break;
}
}
} else {
strcat(buffer, result);
} else {
switch (tag) {
- case RPMSIGTAG_SIZE:
+ case RPMSIGTAG_SIZE:
strcat(buffer, "size ");
break;
- case RPMSIGTAG_MD5:
- case RPMSIGTAG_LEMD5_1:
- case RPMSIGTAG_LEMD5_2:
+ case RPMSIGTAG_LEMD5_2:
+ case RPMSIGTAG_LEMD5_1:
+ case RPMSIGTAG_MD5:
strcat(buffer, "md5 ");
break;
- case RPMSIGTAG_PGP:
- case RPMSIGTAG_PGP5:
+ case RPMSIGTAG_PGP5: /* XXX legacy */
+ case RPMSIGTAG_PGP:
strcat(buffer, "pgp ");
break;
- case RPMSIGTAG_GPG:
+ case RPMSIGTAG_GPG:
strcat(buffer, "gpg ");
break;
- default:
+ default:
strcat(buffer, "??? ");
+ break;
}
}
}
headerFreeIterator(sigIter);
res += res2;
unlink(sigtarget);
- xfree(sigtarget);
+ xfree(sigtarget); sigtarget = NULL;
if (res2) {
if (rpmIsVerbose()) {
(untrustedKeys[0] != '\0') ? _(")") : "");
}
}
+
+ bottom:
+ if (fd) manageFile(&fd, NULL, 0, 0);
+ if (ofd) manageFile(&ofd, NULL, 0, 0);
+ if (sigtarget) {
+ unlink(sigtarget);
+ xfree(sigtarget); sigtarget = NULL;
+ }
}
return res;
#define RPMSIGTAG_LEMD5_2 1003
#define RPMSIGTAG_MD5 1004
#define RPMSIGTAG_GPG 1005
-#define RPMSIGTAG_PGP5 1006
+#define RPMSIGTAG_PGP5 1006 /* XXX legacy use only */
+
+/* Signature tags by Public Key Algorithm (RFC 2440) */
+/* N.B.: These tags are tenative, the values may change */
+#define RPMTAG_PK_BASE 2048
+#define RPMTAG_PK_RSA_ES RPMTAG_PK_BASE+1
+#define RPMTAG_PK_RSA_E RPMTAG_PK_BASE+2
+#define RPMTAG_PK_RSA_S RPMTAG_PK_BASE+3
+#define RPMTAG_PK_ELGAMAL_E RPMTAG_PK_BASE+16
+#define RPMTAG_PK_DSA RPMTAG_PK_BASE+17
+#define RPMTAG_PK_ELLIPTIC RPMTAG_PK_BASE+18
+#define RPMTAG_PK_ECDSA RPMTAG_PK_BASE+19
+#define RPMTAG_PK_ELGAMAL_ES RPMTAG_PK_BASE+20
+#define RPMTAG_PK_DH RPMTAG_PK_BASE+21
+
+#define RPMTAG_HASH_BASE 2048+64
+#define RPMTAG_HASH_MD5 RPMTAG_HASH_BASE+1
+#define RPMTAG_HASH_SHA1 RPMTAG_HASH_BASE+2
+#define RPMTAG_HASH_RIPEMD160 RPMTAG_HASH_BASE+3
+#define RPMTAG_HASH_MD2 RPMTAG_HASH_BASE+5
+#define RPMTAG_HASH_TIGER192 RPMTAG_HASH_BASE+6
+#define RPMTAG_HASH_HAVAL_5_160 RPMTAG_HASH_BASE+7
/**************************************************/
/* */
int rpmLookupSignatureType(int action)
{
- static int rc = 0;
-
- switch (action)
- {
- case RPMLOOKUPSIG_DISABLE:
- rc = -2;
- return 0;
- case RPMLOOKUPSIG_ENABLE:
+ static int disabled = 0;
+ int rc = 0;
+
+ switch (action) {
+ case RPMLOOKUPSIG_DISABLE:
+ disabled = -2;
+ break;
+ case RPMLOOKUPSIG_ENABLE:
+ disabled = 0;
+ /* fall through */
+ case RPMLOOKUPSIG_QUERY:
+ if (disabled)
+ break; /* Disabled */
+ { const char *name = rpmExpand("%{_signature}", NULL);
+ if (!(name && *name != '%'))
rc = 0;
- /* fall through */
- case RPMLOOKUPSIG_QUERY:
- if (rc == -2)
- return 0; /* Disabled */
- else
- {
- const char *name = rpmExpand("%{_signature}", NULL);
- if (!(name && *name != '%'))
- rc = 0;
- else if (!strcasecmp(name, "none"))
- rc = 0;
- else if (!strcasecmp(name, "pgp"))
- rc = RPMSIGTAG_PGP;
- else if (!strcasecmp(name, "pgp5"))
- rc = RPMSIGTAG_PGP5;
- else if (!strcasecmp(name, "gpg"))
- rc = RPMSIGTAG_GPG;
- else
- rc = -1; /* Invalid %_signature spec in macro file */
- xfree(name);
- }
- break;
+ else if (!strcasecmp(name, "none"))
+ rc = 0;
+ else if (!strcasecmp(name, "pgp"))
+ rc = RPMSIGTAG_PGP;
+ else if (!strcasecmp(name, "pgp5")) /* XXX legacy */
+ rc = RPMSIGTAG_PGP;
+ else if (!strcasecmp(name, "gpg"))
+ rc = RPMSIGTAG_GPG;
+ else
+ rc = -1; /* Invalid %_signature spec in macro file */
+ xfree(name);
+ } break;
}
-
return rc;
}
/* rpmDetectPGPVersion() returns the absolute path to the "pgp" */
/* executable of the requested version, or NULL when none found. */
-const char * rpmDetectPGPVersion(int sigTag)
+const char * rpmDetectPGPVersion(pgpVersion *pgpVer)
{
/* Actually this should support having more then one pgp version. */
/* At the moment only one version is possible since we only */
/* have one %_pgpbin and one %_pgp_path. */
- static int pgp_version;
+ static pgpVersion saved_pgp_version = PGP_UNKNOWN;
const char *pgpbin = rpmGetPath("%{_pgpbin}", NULL);
- if (!pgp_version)
- {
+ if (saved_pgp_version == PGP_UNKNOWN) {
char *pgpvbin;
struct stat statbuf;
- if (!pgpbin || ! (pgpvbin = (char *)malloc(strlen(pgpbin) + 2)))
- {
- pgp_version = -1;
+ if (!pgpbin || ! (pgpvbin = (char *)alloca(strlen(pgpbin) + 2))) {
+ saved_pgp_version = -1;
return NULL;
}
sprintf(pgpvbin, "%sv", pgpbin);
if (stat(pgpvbin, &statbuf) == 0)
- pgp_version = 50;
+ saved_pgp_version = PGP_5;
else if (stat(pgpbin, &statbuf) == 0)
- pgp_version = 26;
+ saved_pgp_version = PGP_2;
else
- pgp_version = -1;
-
- free(pgpvbin);
+ saved_pgp_version = PGP_NOTDETECTED;
}
- switch (sigTag)
- {
- case RPMSIGTAG_PGP:
- if (pgp_version == 26)
- return pgpbin;
- break;
- case RPMSIGTAG_PGP5:
- if (pgp_version == 50)
- return pgpbin;
- break;
- default:
- break;
- }
- return NULL;
+ if (pgpbin && pgpVer)
+ *pgpVer = saved_pgp_version;
+ return pgpbin;
}
static int checkSize(FD_t fd, int size, int sigsize)
/* old-style one. It also immediately verifies the header+archive */
/* size and returns an error if it doesn't match. */
-int rpmReadSignature(FD_t fd, Header *header, short sig_type)
+int rpmReadSignature(FD_t fd, Header *headerp, short sig_type)
{
unsigned char buf[2048];
int sigSize, pad;
int_32 *archSize;
Header h;
- if (header) {
- *header = NULL;
- }
+ if (headerp)
+ *headerp = NULL;
switch (sig_type) {
case RPMSIG_NONE:
case RPMSIG_PGP262_1024:
rpmMessage(RPMMESS_DEBUG, _("Old PGP signature\n"));
/* These are always 256 bytes */
- if (timedRead(fd, buf, 256) != 256) {
+ if (timedRead(fd, buf, 256) != 256)
return 1;
- }
- if (header) {
- *header = headerNew();
- headerAddEntry(*header, RPMSIGTAG_PGP, RPM_BIN_TYPE, buf, 152);
+ if (headerp) {
+ *headerp = headerNew();
+ headerAddEntry(*headerp, RPMSIGTAG_PGP, RPM_BIN_TYPE, buf, 152);
}
break;
case RPMSIG_MD5:
rpmMessage(RPMMESS_DEBUG, _("New Header signature\n"));
/* This is a new style signature */
h = headerRead(fd, HEADER_MAGIC_YES);
- if (h == NULL) {
+ if (h == NULL)
return 1;
- }
sigSize = headerSizeof(h, HEADER_MAGIC_YES);
pad = (8 - (sigSize % 8)) % 8; /* 8-byte pad */
rpmMessage(RPMMESS_DEBUG, _("Signature size: %d\n"), sigSize);
return 1;
}
}
- if (header) {
- *header = h;
+ if (headerp) {
+ *headerp = h;
} else {
headerFree(h);
}
}
static int makePGPSignature(const char *file, void **sig, int_32 *size,
- const char *passPhrase, int sigTag)
+ const char *passPhrase)
{
char sigfile[1024];
int pid, status;
const char *pgp_path = rpmExpand("%{_pgp_path}", NULL);
const char *name = rpmExpand("+myname=\"%{_pgp_name}\"", NULL);
const char *path;
+ pgpVersion pgpVer;
close(STDIN_FILENO);
dup2(inpipe[0], 3);
/* dosetenv("PGPPASS", passPhrase, 1); */
- if ((path = rpmDetectPGPVersion(sigTag)) != NULL) {
- switch(sigTag) {
- case RPMSIGTAG_PGP:
+ if ((path = rpmDetectPGPVersion(&pgpVer)) != NULL) {
+ switch(pgpVer) {
+ case PGP_2:
execlp(path, "pgp", "+batchmode=on", "+verbose=0", "+armor=off",
name, "-sb", file, sigfile, NULL);
break;
- case RPMSIGTAG_PGP5:
+ case PGP_5:
execlp(path,"pgps", "+batchmode=on", "+verbose=0", "+armor=off",
name, "-b", file, "-o", sigfile, NULL);
break;
+ case PGP_UNKNOWN:
+ case PGP_NOTDETECTED:
+ break;
}
}
- rpmError(RPMERR_EXEC, _("Couldn't exec pgp"));
+ rpmError(RPMERR_EXEC, _("Couldn't exec pgp (%s)"), path);
_exit(RPMERR_EXEC);
}
void *sig;
int ret = -1;
+ rpmMessage(RPMMESS_VERBOSE, _("Generating signature: %d\n"), sigTag);
switch (sigTag) {
- case RPMSIGTAG_SIZE:
+ case RPMSIGTAG_SIZE:
stat(file, &statbuf);
size = statbuf.st_size;
ret = 0;
headerAddEntry(header, RPMSIGTAG_SIZE, RPM_INT32_TYPE, &size, 1);
break;
- case RPMSIGTAG_MD5:
+ case RPMSIGTAG_MD5:
ret = mdbinfile(file, buf);
if (ret == 0)
headerAddEntry(header, sigTag, RPM_BIN_TYPE, buf, 16);
break;
- case RPMSIGTAG_PGP:
- case RPMSIGTAG_PGP5:
- ret = makePGPSignature(file, &sig, &size, passPhrase, sigTag);
+ case RPMSIGTAG_PGP5: /* XXX legacy */
+ case RPMSIGTAG_PGP:
+ ret = makePGPSignature(file, &sig, &size, passPhrase);
if (ret == 0)
headerAddEntry(header, sigTag, RPM_BIN_TYPE, sig, size);
break;
- case RPMSIGTAG_GPG:
+ case RPMSIGTAG_GPG:
ret = makeGPGSignature(file, &sig, &size, passPhrase);
if (ret == 0)
headerAddEntry(header, sigTag, RPM_BIN_TYPE, sig, size);
}
static int verifyPGPSignature(const char *datafile, void *sig,
- int count, char *result, int sigTag)
+ int count, char *result)
{
int pid, status, outpipe[2];
FD_t sfd;
unsigned char buf[8192];
FILE *file;
int res = RPMSIG_OK;
- int usingPGP5 = 0;
const char *path;
+ pgpVersion pgpVer;
/* What version do we have? */
- if ((path = rpmDetectPGPVersion(RPMSIGTAG_PGP5))/* Use pgp5 if we have it */
- || sigTag == RPMSIGTAG_PGP5) /* ... or request it. */
- {
- usingPGP5 = 1;
- /* Its sad but true: pgp-5.0 returns also an exit value of 0 */
- /* when it finds a BAD signature. So instead we have to use */
- /* the text output. */
- res = RPMSIG_BAD;
- }
- else if (! (path = rpmDetectPGPVersion(RPMSIGTAG_PGP))
- || sigTag != RPMSIGTAG_PGP)
- path = NULL; /* Fail */
- if (path == NULL)
- {
+ if ((path = rpmDetectPGPVersion(&pgpVer)) == NULL) {
errno = ENOENT;
rpmError(RPMERR_EXEC,
_("Could not run pgp. Use --nopgp to skip PGP checks."));
_exit(RPMERR_EXEC);
}
+
+ /*
+ * Sad but true: pgp-5.0 returns exit value of 0 on bad signature.
+ * Instead we have to use the text output to detect a bad signature.
+ */
+ if (pgpVer == PGP_5)
+ res = RPMSIG_BAD;
+
/* Write out the signature */
{ const char *tmppath = rpmGetPath("%{_tmppath}", NULL);
sigfile = tempnam(tmppath, "rpmsig");
if (pgp_path && *pgp_path != '%')
dosetenv("PGPPATH", pgp_path, 1);
- if (usingPGP5) {
+ switch (pgpVer) {
+ case PGP_5:
/* Some output (in particular "This signature applies to */
/* another message") is _always_ written to stderr; we */
/* want to catch that output, so dup stdout to stderr: */
- int save_stderr = dup(2);
+ { int save_stderr = dup(2);
dup2(1, 2);
execlp(path, "pgpv", "+batchmode=on", "+verbose=0",
/* Write "Good signature..." to stdout: */
/* Restore stderr so we can print the error message below. */
dup2(save_stderr, 2);
close(save_stderr);
- } else {
+ } break;
+ case PGP_2:
execlp(path, "pgp", "+batchmode=on", "+verbose=0",
sigfile, datafile, NULL);
+ break;
+ case PGP_UNKNOWN:
+ case PGP_NOTDETECTED:
+ break;
}
fprintf(stderr, _("exec failed!\n"));
rpmError(RPMERR_EXEC, _("Couldn't exec gpg"));
_exit(RPMERR_EXEC);
} break;
+ case RPMSIGTAG_PGP5: /* XXX legacy */
case RPMSIGTAG_PGP:
- case RPMSIGTAG_PGP5:
{ const char *pgp_path = rpmExpand("%{_pgp_path}", NULL);
const char *name = rpmExpand("+myname=\"%{_pgp_name}\"", NULL);
const char *path;
+ pgpVersion pgpVer;
dosetenv("PGPPASSFD", "3", 1);
if (pgp_path && *pgp_path != '%')
dosetenv("PGPPATH", pgp_path, 1);
- if ((path = rpmDetectPGPVersion(sigTag)) != NULL) {
- switch(sigTag) {
- case RPMSIGTAG_PGP:
+ if ((path = rpmDetectPGPVersion(&pgpVer)) != NULL) {
+ switch(pgpVer) {
+ case PGP_2:
execlp(path, "pgp", "+batchmode=on", "+verbose=0",
name, "-sf", NULL);
break;
- case RPMSIGTAG_PGP5:
+ case PGP_5: /* XXX legacy */
execlp(path,"pgps", "+batchmode=on", "+verbose=0",
name, "-f", NULL);
break;
+ case PGP_UNKNOWN:
+ case PGP_NOTDETECTED:
+ break;
}
}
rpmError(RPMERR_EXEC, _("Couldn't exec pgp"));
int aok;
switch (sigTag) {
- case RPMSIGTAG_GPG:
+ case RPMSIGTAG_GPG:
{ const char *name = rpmExpand("%{_gpg_name}", NULL);
aok = (name && *name != '%');
xfree(name);
return NULL;
}
break;
- case RPMSIGTAG_PGP:
- case RPMSIGTAG_PGP5:
+ case RPMSIGTAG_PGP5: /* XXX legacy */
+ case RPMSIGTAG_PGP:
{ const char *name = rpmExpand("%{_pgp_name}", NULL);
aok = (name && *name != '%');
xfree(name);
return NULL;
}
break;
- default:
+ default:
/* Currently the calling function (rpm.c:main) is checking this and
* doing a better job. This section should never be accessed.
*/
rpmError(RPMERR_SIGGEN, _("Invalid %%_signature spec in macro file"));
return NULL;
+ break;
}
if (prompt) {
char *result)
{
switch (sigTag) {
- case RPMSIGTAG_SIZE:
+ case RPMSIGTAG_SIZE:
if (verifySizeSignature(file, *(int_32 *)sig, result)) {
return RPMSIG_BAD;
}
break;
- case RPMSIGTAG_MD5:
+ case RPMSIGTAG_MD5:
if (verifyMD5Signature(file, sig, result, mdbinfile)) {
return 1;
}
break;
- case RPMSIGTAG_LEMD5_1:
- case RPMSIGTAG_LEMD5_2:
+ case RPMSIGTAG_LEMD5_1:
+ case RPMSIGTAG_LEMD5_2:
if (verifyMD5Signature(file, sig, result, mdbinfileBroken)) {
return 1;
}
break;
- case RPMSIGTAG_PGP:
- case RPMSIGTAG_PGP5:
- return verifyPGPSignature(file, sig, count, result, sigTag);
+ case RPMSIGTAG_PGP5: /* XXX legacy */
+ case RPMSIGTAG_PGP:
+ return verifyPGPSignature(file, sig, count, result);
break;
- case RPMSIGTAG_GPG:
+ case RPMSIGTAG_GPG:
return verifyGPGSignature(file, sig, count, result);
break;
- default:
+ default:
sprintf(result, "Do not know how to verify sig type %d\n", sigTag);
return RPMSIG_UNKNOWN;
}
/* Utility to read a pass phrase from the user */
char *rpmGetPassPhrase(const char *prompt, const int sigTag);
+/* >0 is a valid PGP version */
+typedef enum pgpVersion_e {
+ PGP_NOTDETECTED = -1, PGP_UNKNOWN = 0, PGP_2 = 2, PGP_5 = 5
+} pgpVersion;
+
/* Return path to pgp executable of given type, or NULL when not found */
-const char *rpmDetectPGPVersion(int sigType);
+const char *rpmDetectPGPVersion(pgpVersion *pgpVersion);
#ifdef __cplusplus
}
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 1999-09-09 11:04-0400\n"
+"POT-Creation-Date: 1999-09-10 19:45-0400\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
msgid "cannot access file %s\n"
msgstr ""
-#: ../rpm.c:1080
+#: ../rpm.c:1078
msgid "pgp not found: "
msgstr ""
-#: ../rpm.c:1083
-msgid "Use `%%_signature pgp5' instead of `%%_signature pgp' in macro file.\n"
-msgstr ""
-
-#: ../rpm.c:1090
-msgid "pgp version 5 not found: "
-msgstr ""
-
-#: ../rpm.c:1093
-msgid "Use `%%_signature pgp' instead of `%%_signature pgp5' in macro file.\n"
-msgstr ""
-
-#: ../rpm.c:1099
+#: ../rpm.c:1082
msgid "Enter pass phrase: "
msgstr ""
-#: ../rpm.c:1100
+#: ../rpm.c:1084
msgid "Pass phrase check failed\n"
msgstr ""
-#: ../rpm.c:1103
+#: ../rpm.c:1087
msgid "Pass phrase is good.\n"
msgstr ""
-#: ../rpm.c:1110
+#: ../rpm.c:1092
msgid "Invalid %%_signature spec in macro file.\n"
msgstr ""
-#: ../rpm.c:1115
+#: ../rpm.c:1098
msgid "--sign may only be used during package building"
msgstr ""
-#: ../rpm.c:1132
+#: ../rpm.c:1113
msgid "exec failed\n"
msgstr ""
-#: ../rpm.c:1151
+#: ../rpm.c:1132
msgid "unexpected arguments to --querytags "
msgstr ""
-#: ../rpm.c:1162
+#: ../rpm.c:1143
msgid "no packages given for signature check"
msgstr ""
-#: ../rpm.c:1174
+#: ../rpm.c:1155
msgid "no packages given for signing"
msgstr ""
-#: ../rpm.c:1187
+#: ../rpm.c:1168
msgid "no packages files given for rebuild"
msgstr ""
-#: ../rpm.c:1244
+#: ../rpm.c:1225
msgid "no spec files given for build"
msgstr ""
-#: ../rpm.c:1246
+#: ../rpm.c:1227
msgid "no tar files given for build"
msgstr ""
-#: ../rpm.c:1258
+#: ../rpm.c:1239
msgid "no packages given for uninstall"
msgstr ""
-#: ../rpm.c:1307
+#: ../rpm.c:1288
msgid "no packages given for install"
msgstr ""
-#: ../rpm.c:1330
+#: ../rpm.c:1311
msgid "extra arguments given for query of all packages"
msgstr ""
-#: ../rpm.c:1335
+#: ../rpm.c:1316
msgid "no arguments given for query"
msgstr ""
-#: ../rpm.c:1352
+#: ../rpm.c:1333
msgid "extra arguments given for verify of all packages"
msgstr ""
-#: ../rpm.c:1356
+#: ../rpm.c:1337
msgid "no arguments given for verify"
msgstr ""
msgid "Could not open %%files file: %s"
msgstr ""
-#: ../build/files.c:1147 ../build/pack.c:433
+#: ../build/files.c:1147 ../build/pack.c:432
#, c-format
msgid "line: %s"
msgstr ""
msgid "Could not open %s\n"
msgstr ""
-#: ../build/pack.c:314 ../build/pack.c:357
+#: ../build/pack.c:314 ../build/pack.c:356
#, c-format
msgid "Unable to write package: %s"
msgstr ""
-#: ../build/pack.c:330 ../lib/rpmchecksig.c:94
+#: ../build/pack.c:329 ../lib/signature.c:391
#, c-format
msgid "Generating signature: %d\n"
msgstr ""
-#: ../build/pack.c:347
+#: ../build/pack.c:346
#, c-format
msgid "Unable to read sigtarget: %s"
msgstr ""
-#: ../build/pack.c:372
+#: ../build/pack.c:371
#, c-format
msgid "Wrote: %s\n"
msgstr ""
-#: ../build/pack.c:387
+#: ../build/pack.c:386
#, c-format
msgid "create archive failed on file %s: %s"
msgstr ""
-#: ../build/pack.c:403
+#: ../build/pack.c:402
#, c-format
msgid "cpio_copy write failed: %s"
msgstr ""
-#: ../build/pack.c:410
+#: ../build/pack.c:409
#, c-format
msgid "cpio_copy read failed: %s"
msgstr ""
-#: ../build/pack.c:489
+#: ../build/pack.c:488
#, c-format
msgid "Could not open PreIn file: %s"
msgstr ""
-#: ../build/pack.c:496
+#: ../build/pack.c:495
#, c-format
msgid "Could not open PreUn file: %s"
msgstr ""
-#: ../build/pack.c:503
+#: ../build/pack.c:502
#, c-format
msgid "Could not open PostIn file: %s"
msgstr ""
-#: ../build/pack.c:510
+#: ../build/pack.c:509
#, c-format
msgid "Could not open PostUn file: %s"
msgstr ""
-#: ../build/pack.c:518
+#: ../build/pack.c:517
#, c-format
msgid "Could not open VerifyScript file: %s"
msgstr ""
-#: ../build/pack.c:534
+#: ../build/pack.c:533
#, c-format
msgid "Could not open Trigger script file: %s"
msgstr ""
#: ../lib/problems.c:101
#, c-format
-msgid "installing package %s-%s-%s needs %ld%c on the %s filesystem"
+msgid "installing package %s-%s-%s needs %ld%cb on the %s filesystem"
msgstr ""
#: ../lib/problems.c:113
msgid "failed to remove directory %s: %s\n"
msgstr ""
-#: ../lib/rpmchecksig.c:30 ../lib/rpmchecksig.c:168
+#: ../lib/rpmchecksig.c:31
#, c-format
-msgid "%s: Open failed\n"
+msgid "%s: fdOpen failed: %s\n"
msgstr ""
-#: ../lib/rpmchecksig.c:34 ../lib/rpmchecksig.c:173
+#: ../lib/rpmchecksig.c:42
#, c-format
-msgid "%s: readLead failed\n"
+msgid "%s: makeTempFile failed\n"
msgstr ""
-#: ../lib/rpmchecksig.c:38
+#: ../lib/rpmchecksig.c:74
#, c-format
-msgid "%s: Can't sign v1.0 RPM\n"
+msgid "%s: fdWrite failed: %s\n"
msgstr ""
-#: ../lib/rpmchecksig.c:42
+#: ../lib/rpmchecksig.c:80
#, c-format
-msgid "%s: Can't re-sign v2.0 RPM\n"
+msgid "%s: fdRead failed: %s\n"
msgstr ""
-#: ../lib/rpmchecksig.c:46 ../lib/rpmchecksig.c:183
+#: ../lib/rpmchecksig.c:113 ../lib/rpmchecksig.c:242
#, c-format
-msgid "%s: rpmReadSignature failed\n"
+msgid "%s: readLead failed\n"
msgstr ""
-#: ../lib/rpmchecksig.c:59 ../lib/rpmchecksig.c:197
-msgid "Couldn't read the header/archive"
+#: ../lib/rpmchecksig.c:118
+#, c-format
+msgid "%s: Can't sign v1.0 RPM\n"
msgstr ""
-#: ../lib/rpmchecksig.c:66
-msgid "Couldn't write header/archive to temp file"
+#: ../lib/rpmchecksig.c:122
+#, c-format
+msgid "%s: Can't re-sign v2.0 RPM\n"
msgstr ""
-#: ../lib/rpmchecksig.c:117
-msgid "Couldn't read sigtarget"
+#: ../lib/rpmchecksig.c:130 ../lib/rpmchecksig.c:256
+#, c-format
+msgid "%s: rpmReadSignature failed\n"
msgstr ""
-#: ../lib/rpmchecksig.c:126
-msgid "Couldn't write package"
+#: ../lib/rpmchecksig.c:134 ../lib/rpmchecksig.c:261
+#, c-format
+msgid "%s: No signature available\n"
msgstr ""
-#: ../lib/rpmchecksig.c:178
+#: ../lib/rpmchecksig.c:167
#, c-format
-msgid "%s: No signature available (v1.0 RPM)\n"
+msgid "%s: writeLead failed: %s\n"
msgstr ""
-#: ../lib/rpmchecksig.c:188
+#: ../lib/rpmchecksig.c:173
#, c-format
-msgid "%s: No signature available\n"
+msgid "%s: rpmWriteSignature failed\n"
msgstr ""
-#: ../lib/rpmchecksig.c:204
+#: ../lib/rpmchecksig.c:248
#, c-format
-msgid "Unable to write %s"
+msgid "%s: No signature available (v1.0 RPM)\n"
msgstr ""
-#: ../lib/rpmchecksig.c:330
+#: ../lib/rpmchecksig.c:408
msgid "NOT OK"
msgstr ""
-#: ../lib/rpmchecksig.c:331 ../lib/rpmchecksig.c:345
+#: ../lib/rpmchecksig.c:409 ../lib/rpmchecksig.c:423
msgid " (MISSING KEYS:"
msgstr ""
-#: ../lib/rpmchecksig.c:333 ../lib/rpmchecksig.c:347
+#: ../lib/rpmchecksig.c:411 ../lib/rpmchecksig.c:425
msgid ") "
msgstr ""
-#: ../lib/rpmchecksig.c:334 ../lib/rpmchecksig.c:348
+#: ../lib/rpmchecksig.c:412 ../lib/rpmchecksig.c:426
msgid " (UNTRUSTED KEYS:"
msgstr ""
-#: ../lib/rpmchecksig.c:336 ../lib/rpmchecksig.c:350
+#: ../lib/rpmchecksig.c:414 ../lib/rpmchecksig.c:428
msgid ")"
msgstr ""
-#: ../lib/rpmchecksig.c:344
+#: ../lib/rpmchecksig.c:422
msgid "OK"
msgstr ""
msgid "Please contact rpm-list@redhat.com\n"
msgstr ""
-#: ../lib/signature.c:124
+#: ../lib/signature.c:105
#, c-format
msgid "sigsize : %d\n"
msgstr ""
-#: ../lib/signature.c:125
+#: ../lib/signature.c:106
#, c-format
msgid "Header + Archive: %d\n"
msgstr ""
-#: ../lib/signature.c:126
+#: ../lib/signature.c:107
#, c-format
msgid "expected size : %d\n"
msgstr ""
-#: ../lib/signature.c:130
+#: ../lib/signature.c:111
msgid "file is not regular -- skipping size check\n"
msgstr ""
-#: ../lib/signature.c:153
+#: ../lib/signature.c:133
msgid "No signature\n"
msgstr ""
-#: ../lib/signature.c:156
+#: ../lib/signature.c:136
msgid "Old PGP signature\n"
msgstr ""
-#: ../lib/signature.c:169
+#: ../lib/signature.c:148
msgid "Old (internal-only) signature! How did you get that!?"
msgstr ""
-#: ../lib/signature.c:173
+#: ../lib/signature.c:152
msgid "New Header signature\n"
msgstr ""
#. 8-byte pad
-#: ../lib/signature.c:181 ../lib/signature.c:223
+#: ../lib/signature.c:159 ../lib/signature.c:201
#, c-format
msgid "Signature size: %d\n"
msgstr ""
-#: ../lib/signature.c:182 ../lib/signature.c:224
+#: ../lib/signature.c:160 ../lib/signature.c:202
#, c-format
msgid "Signature pad : %d\n"
msgstr ""
-#: ../lib/signature.c:281 ../lib/signature.c:717
-msgid "Couldn't exec pgp"
+#: ../lib/signature.c:263
+#, c-format
+msgid "Couldn't exec pgp (%s)"
msgstr ""
-#: ../lib/signature.c:292
+#: ../lib/signature.c:274
msgid "pgp failed"
msgstr ""
#. PGP failed to write signature
#. Just in case
-#: ../lib/signature.c:299
+#: ../lib/signature.c:281
msgid "pgp failed to write signature"
msgstr ""
-#: ../lib/signature.c:304
+#: ../lib/signature.c:286
#, c-format
msgid "PGP sig size: %d\n"
msgstr ""
-#: ../lib/signature.c:315 ../lib/signature.c:391
+#: ../lib/signature.c:297 ../lib/signature.c:373
msgid "unable to read the signature"
msgstr ""
-#: ../lib/signature.c:320
+#: ../lib/signature.c:302
#, c-format
msgid "Got %d bytes of PGP sig\n"
msgstr ""
-#: ../lib/signature.c:357 ../lib/signature.c:692
+#: ../lib/signature.c:339 ../lib/signature.c:676
msgid "Couldn't exec gpg"
msgstr ""
-#: ../lib/signature.c:368
+#: ../lib/signature.c:350
msgid "gpg failed"
msgstr ""
#. GPG failed to write signature
#. Just in case
-#: ../lib/signature.c:375
+#: ../lib/signature.c:357
msgid "gpg failed to write signature"
msgstr ""
-#: ../lib/signature.c:380
+#: ../lib/signature.c:362
#, c-format
msgid "GPG sig size: %d\n"
msgstr ""
-#: ../lib/signature.c:396
+#: ../lib/signature.c:378
#, c-format
msgid "Got %d bytes of GPG sig\n"
msgstr ""
-#: ../lib/signature.c:515 ../lib/signature.c:562
+#: ../lib/signature.c:485 ../lib/signature.c:546
msgid "Could not run pgp. Use --nopgp to skip PGP checks."
msgstr ""
-#: ../lib/signature.c:560 ../lib/signature.c:632
+#: ../lib/signature.c:544 ../lib/signature.c:616
msgid "exec failed!\n"
msgstr ""
-#: ../lib/signature.c:634
+#: ../lib/signature.c:618
msgid "Could not run gpg. Use --nogpg to skip GPG checks."
msgstr ""
+#: ../lib/signature.c:705
+msgid "Couldn't exec pgp"
+msgstr ""
+
#. This case should have been screened out long ago.
-#: ../lib/signature.c:721 ../lib/signature.c:774
+#: ../lib/signature.c:709 ../lib/signature.c:762
msgid "Invalid %%_signature spec in macro file"
msgstr ""
-#: ../lib/signature.c:754
+#: ../lib/signature.c:742
msgid "You must set \"%%_gpg_name\" in your macro file"
msgstr ""
-#: ../lib/signature.c:766
+#: ../lib/signature.c:754
msgid "You must set \"%%_pgp_name\" in your macro file"
msgstr ""
switch (sigTag = rpmLookupSignatureType(RPMLOOKUPSIG_QUERY)) {
case 0:
break;
- case RPMSIGTAG_GPG:
case RPMSIGTAG_PGP:
- case RPMSIGTAG_PGP5:
- if (sigTag == RPMSIGTAG_PGP
- && !rpmDetectPGPVersion(RPMSIGTAG_PGP)) {
+ if ((sigTag == RPMSIGTAG_PGP || sigTag == RPMSIGTAG_PGP5) &&
+ !rpmDetectPGPVersion(NULL)) {
fprintf(stderr, _("pgp not found: "));
- if (rpmDetectPGPVersion(RPMSIGTAG_PGP5)) {
- fprintf(stderr,
- _("Use `%%_signature pgp5' instead of `%%_signature pgp' in macro file.\n"));
- exit(EXIT_FAILURE);
- }
- /* Fall through to default: */
- }
- else if (sigTag == RPMSIGTAG_PGP5
- && !rpmDetectPGPVersion(RPMSIGTAG_PGP5)) {
- fprintf(stderr, _("pgp version 5 not found: "));
- if (rpmDetectPGPVersion(RPMSIGTAG_PGP)) {
- fprintf(stderr,
- _("Use `%%_signature pgp' instead of `%%_signature pgp5' in macro file.\n"));
- exit(EXIT_FAILURE);
- }
- /* Fall through to default: */
- }
- else if (!(passPhrase =
- rpmGetPassPhrase(_("Enter pass phrase: "), sigTag))) {
+ exit(EXIT_FAILURE);
+ } /* fall through */
+ case RPMSIGTAG_GPG:
+ passPhrase = rpmGetPassPhrase(_("Enter pass phrase: "), sigTag);
+ if (passPhrase == NULL) {
fprintf(stderr, _("Pass phrase check failed\n"));
exit(EXIT_FAILURE);
- } else {
- fprintf(stderr, _("Pass phrase is good.\n"));
- passPhrase = strdup(passPhrase);
- break;
}
- /* Fall through */
+ fprintf(stderr, _("Pass phrase is good.\n"));
+ passPhrase = strdup(passPhrase);
+ break;
default:
fprintf(stderr,
_("Invalid %%_signature spec in macro file.\n"));
exit(EXIT_FAILURE);
+ break;
}
}
} else {
argerror(_("--sign may only be used during package building"));
}
- }
- else
- {
+ } else {
/* Make rpmLookupSignatureType() return 0 ("none") from now on */
rpmLookupSignatureType(RPMLOOKUPSIG_DISABLE);
}
projects / platform / upstream / rpm.git / commitdiff