From 291de41f32f88d33cd6aea401028430591f6e20b Mon Sep 17 00:00:00 2001 From: Duncan Mac-Vicar P Date: Tue, 9 Sep 2008 15:43:37 +0000 Subject: [PATCH] - provide context about the repository (name/alias) if available when checking signatures (bnc#370223) --- zypp/FileChecker.cc | 16 +++++++++++++--- zypp/FileChecker.h | 14 +++++++++++--- zypp/KeyRing.cc | 2 +- zypp/KeyRing.h | 13 +++++++++++++ zypp/RepoManager.cc | 10 ++++++---- zypp/repo/susetags/Downloader.cc | 35 +++++++++++++++++++++-------------- zypp/repo/susetags/Downloader.h | 18 +++++++++++++++--- zypp/repo/yum/Downloader.cc | 33 ++++++++++++++++++++------------- zypp/repo/yum/Downloader.h | 18 +++++++++++++++--- 9 files changed, 115 insertions(+), 44 deletions(-) diff --git a/zypp/FileChecker.cc b/zypp/FileChecker.cc index e93f833..0529c7d 100644 --- a/zypp/FileChecker.cc +++ b/zypp/FileChecker.cc @@ -94,11 +94,20 @@ namespace zypp } - SignatureFileChecker::SignatureFileChecker( const Pathname &signature ) - : _signature(signature) + SignatureFileChecker::SignatureFileChecker( const Pathname &signature, + const std::string &description ) + : _signature(signature) + , _description(description) + { + + } + + SignatureFileChecker::SignatureFileChecker( const std::string &description ) + : _description(description) { } + SignatureFileChecker::SignatureFileChecker() { } @@ -119,7 +128,8 @@ namespace zypp } MIL << "checking " << file << " file validity using digital signature.." << endl; - bool valid = z->keyRing()->verifyFileSignatureWorkflow( file, file.basename(), _signature); + bool valid = z->keyRing()->verifyFileSignatureWorkflow( file, _description.empty() ? file.basename() : _description, _signature); + if (!valid) ZYPP_THROW( FileCheckException( "Signature verification failed for " + file.basename() ) ); } diff --git a/zypp/FileChecker.h b/zypp/FileChecker.h index 5c7c2cf..4aa3b2c 100644 --- a/zypp/FileChecker.h +++ b/zypp/FileChecker.h @@ -86,7 +86,14 @@ namespace zypp * Constructor. * \param signature Signature that validates the file */ - SignatureFileChecker( const Pathname &signature ); + SignatureFileChecker( const Pathname &signature, + const std::string &description = std::string() ); + + /** + * Constructor for files not containing a signature + * \param description Description of the checker + */ + SignatureFileChecker( const std::string &description ); /** * Default Constructor. @@ -109,10 +116,11 @@ namespace zypp */ void operator()( const Pathname &file ) const; - private: + protected: Pathname _signature; + std::string _description; }; - + /** * \short Checks for nothing * Used as the default checker diff --git a/zypp/KeyRing.cc b/zypp/KeyRing.cc index ec80891..75f52d1 100644 --- a/zypp/KeyRing.cc +++ b/zypp/KeyRing.cc @@ -335,7 +335,7 @@ namespace zypp { callback::SendReport report; //callback::SendReport emitSignal; - MIL << "Going to verify signature for " << file << " with " << signature << endl; + MIL << "Going to verify signature for " << filedesc << " ( " << file << " ) with " << signature << endl; // if signature does not exists, ask user if he wants to accept unsigned file. if( signature.empty() || (!PathInfo(signature).isExist()) ) diff --git a/zypp/KeyRing.h b/zypp/KeyRing.h index f44cd55..67e255b 100644 --- a/zypp/KeyRing.h +++ b/zypp/KeyRing.h @@ -209,10 +209,23 @@ namespace zypp * ... * }; * \endcode + * + * \param file Path of the file to be verified + * \param filedesc Description of the file (to give the user some context) + * \param signature Signature to verify the file against + * * \see \ref KeyRingReport */ bool verifyFileSignatureWorkflow( const Pathname &file, const std::string filedesc, const Pathname &signature); + + /** + * Verifies a file against a signature, with no user interaction + * + * \param file Path of the file to be verified + * \param signature Signature to verify the file against + */ bool verifyFileSignature( const Pathname &file, const Pathname &signature); + bool verifyFileTrustedSignature( const Pathname &file, const Pathname &signature); /** Dtor */ diff --git a/zypp/RepoManager.cc b/zypp/RepoManager.cc index 97cc3d7..671ce48 100644 --- a/zypp/RepoManager.cc +++ b/zypp/RepoManager.cc @@ -547,9 +547,9 @@ namespace zypp shared_ptr downloader_ptr; if ( repokind.toEnum() == RepoType::RPMMD_e ) - downloader_ptr.reset(new yum::Downloader(info.path())); + downloader_ptr.reset(new yum::Downloader(info)); else - downloader_ptr.reset( new susetags::Downloader(info.path())); + downloader_ptr.reset( new susetags::Downloader(info)); RepoStatus newstatus = downloader_ptr->status(media); bool refresh = false; @@ -677,10 +677,12 @@ namespace zypp MediaSetAccess media(url); shared_ptr downloader_ptr; + MIL << "Creating downloader for [ " << info.name() << " ]" << endl; + if ( repokind.toEnum() == RepoType::RPMMD_e ) - downloader_ptr.reset(new yum::Downloader(info.path())); + downloader_ptr.reset(new yum::Downloader(info)); else - downloader_ptr.reset( new susetags::Downloader(info.path())); + downloader_ptr.reset( new susetags::Downloader(info) ); /** * Given a downloader, sets the other repos raw metadata diff --git a/zypp/repo/susetags/Downloader.cc b/zypp/repo/susetags/Downloader.cc index 6b5ccb8..5dc49fc 100644 --- a/zypp/repo/susetags/Downloader.cc +++ b/zypp/repo/susetags/Downloader.cc @@ -26,16 +26,23 @@ namespace repo namespace susetags { -Downloader::Downloader(const Pathname &path ) - : _path(path) +Downloader::Downloader(const RepoInfo &info ) + : _info(info) { } +Downloader::Downloader(const Pathname &path ) +{ + RepoInfo info; + info.setPath(path); + _info = info; +} + RepoStatus Downloader::status( MediaSetAccess &media ) { - Pathname content = media.provideFile( _path + "/content"); - Pathname mediafile = media.provideFile( _path + "/media.1/media" ); + Pathname content = media.provideFile( _info.path() + "/content"); + Pathname mediafile = media.provideFile( _info.path() + "/media.1/media" ); return RepoStatus(content) && RepoStatus(mediafile); } @@ -46,19 +53,19 @@ void Downloader::download( MediaSetAccess &media, { downloadMediaInfo( dest_dir, media ); - SignatureFileChecker sigchecker; + SignatureFileChecker sigchecker(_info.name()); - Pathname sig = _path + "/content.asc"; + Pathname sig = _info.path() + "/content.asc"; if ( media.doesFileExist(sig) ) { this->enqueue( OnMediaLocation( sig, 1 ) ); this->start( dest_dir, media ); this->reset(); - sigchecker = SignatureFileChecker( dest_dir + sig ); + sigchecker = SignatureFileChecker( dest_dir + sig, _info.name() ); } - Pathname key = _path + "/content.key"; + Pathname key = _info.path() + "/content.key"; if ( media.doesFileExist(key) ) { this->enqueue( OnMediaLocation( key, 1 ) ); @@ -68,7 +75,7 @@ void Downloader::download( MediaSetAccess &media, } - this->enqueue( OnMediaLocation( _path + "/content", 1 ), sigchecker ); + this->enqueue( OnMediaLocation( _info.path() + "/content", 1 ), sigchecker ); this->start( dest_dir, media ); this->reset(); @@ -76,19 +83,19 @@ void Downloader::download( MediaSetAccess &media, // Content file first to get the repoindex { - Pathname inputfile( dest_dir + _path + "/content" ); + Pathname inputfile( dest_dir + _info.path() + "/content" ); ContentFileReader content; content.setRepoIndexConsumer( bind( &Downloader::consumeIndex, this, _1 ) ); content.parse( inputfile ); } if ( ! _repoindex ) { - ZYPP_THROW( ParseException( (dest_dir+_path).asString() + ": " + "No repository index in content file." ) ); + ZYPP_THROW( ParseException( (dest_dir+_info.path()).asString() + ": " + "No repository index in content file." ) ); } MIL << "RepoIndex: " << _repoindex << endl; if ( _repoindex->metaFileChecksums.empty() ) { - ZYPP_THROW( ParseException( (dest_dir+_path).asString() + ": " + "No metadata checksums in content file." ) ); + ZYPP_THROW( ParseException( (dest_dir+_info.path()).asString() + ": " + "No metadata checksums in content file." ) ); } if ( _repoindex->signingKeys.empty() ) { @@ -172,7 +179,7 @@ void Downloader::download( MediaSetAccess &media, } } MIL << "adding job " << it->first << endl; - OnMediaLocation location( _path + descr_dir + it->first, 1 ); + OnMediaLocation location( _info.path() + descr_dir + it->first, 1 ); location.setChecksum( it->second ); this->enqueueDigested(location); } @@ -181,7 +188,7 @@ void Downloader::download( MediaSetAccess &media, it != _repoindex->signingKeys.end(); ++it ) { - OnMediaLocation location( _path + it->first, 1 ); + OnMediaLocation location( _info.path() + it->first, 1 ); location.setChecksum( it->second ); this->enqueueDigested(location); } diff --git a/zypp/repo/susetags/Downloader.h b/zypp/repo/susetags/Downloader.h index 2092f7f..61d0d26 100644 --- a/zypp/repo/susetags/Downloader.h +++ b/zypp/repo/susetags/Downloader.h @@ -13,6 +13,7 @@ #include "zypp/Url.h" #include "zypp/Pathname.h" #include "zypp/ProgressData.h" +#include "zypp/RepoInfo.h" #include "zypp/RepoStatus.h" #include "zypp/MediaSetAccess.h" #include "zypp/repo/Downloader.h" @@ -34,12 +35,23 @@ namespace zypp { public: /** - * \short Constructor + * \short Constructor from the repository information * + * The repository information allows more context to be given + * to the user when something fails. + * + * \param info Repository information + */ + Downloader( const RepoInfo &info ); + + /** + * \short Constructor from the pathname relative to the + * repository url + * * \param path Path to the repostory from the media */ Downloader( const Pathname &path ); - + /** * \short Download metadata to a local directory * @@ -61,7 +73,7 @@ namespace zypp void consumeIndex( const parser::susetags::RepoIndex_Ptr & data_r ); private: - Pathname _path; + RepoInfo _info; parser::susetags::RepoIndex_Ptr _repoindex; }; diff --git a/zypp/repo/yum/Downloader.cc b/zypp/repo/yum/Downloader.cc index 98e3f29..430ca1b 100644 --- a/zypp/repo/yum/Downloader.cc +++ b/zypp/repo/yum/Downloader.cc @@ -32,14 +32,21 @@ namespace repo namespace yum { -Downloader::Downloader( const Pathname &path ) - : _path(path), _media_ptr(0L) +Downloader::Downloader( const RepoInfo &info ) + : _info(info), _media_ptr(0L) { } +Downloader::Downloader(const Pathname &path ) +{ + RepoInfo info; + info.setPath(path); + _info = info; +} + RepoStatus Downloader::status( MediaSetAccess &media ) { - Pathname repomd = media.provideFile( _path + "/repodata/repomd.xml"); + Pathname repomd = media.provideFile( _info.path() + "/repodata/repomd.xml"); return RepoStatus(repomd); } @@ -59,7 +66,7 @@ loc_with_path_prefix(const OnMediaLocation & loc, bool Downloader::patches_Callback( const OnMediaLocation &loc, const string &id ) { - OnMediaLocation loc_with_path(loc_with_path_prefix(loc, _path)); + OnMediaLocation loc_with_path(loc_with_path_prefix(loc, _info.path())); MIL << id << " : " << loc_with_path << endl; this->enqueueDigested(loc_with_path); return true; @@ -69,7 +76,7 @@ bool Downloader::patches_Callback( const OnMediaLocation &loc, bool Downloader::repomd_Callback( const OnMediaLocation &loc, const ResourceType &dtype ) { - OnMediaLocation loc_with_path(loc_with_path_prefix(loc, _path)); + OnMediaLocation loc_with_path(loc_with_path_prefix(loc, _info.path())); MIL << dtype << " : " << loc_with_path << endl; //! \todo do this through a ZConfig call so that it is always in sync with parser @@ -95,7 +102,7 @@ bool Downloader::repomd_Callback( const OnMediaLocation &loc, { this->start( _dest_dir, *_media_ptr ); // now the patches.xml file must exists - PatchesFileReader( _dest_dir + _path + loc.filename(), + PatchesFileReader( _dest_dir + _info.path() + loc.filename(), bind( &Downloader::patches_Callback, this, _1, _2)); } @@ -106,9 +113,9 @@ void Downloader::download( MediaSetAccess &media, const Pathname &dest_dir, const ProgressData::ReceiverFnc & progressrcv ) { - Pathname repomdpath = _path + "/repodata/repomd.xml"; - Pathname keypath = _path + "/repodata/repomd.xml.key"; - Pathname sigpath = _path + "/repodata/repomd.xml.asc"; + Pathname repomdpath = _info.path() + "/repodata/repomd.xml"; + Pathname keypath = _info.path() + "/repodata/repomd.xml.key"; + Pathname sigpath = _info.path() + "/repodata/repomd.xml.asc"; _media_ptr = (&media); @@ -120,14 +127,14 @@ void Downloader::download( MediaSetAccess &media, _dest_dir = dest_dir; - SignatureFileChecker sigchecker; + SignatureFileChecker sigchecker(_info.name()); if ( _media_ptr->doesFileExist(sigpath) ) { this->enqueue( OnMediaLocation(sigpath,1).setOptional(true) ); this->start( dest_dir, *_media_ptr); this->reset(); - sigchecker = SignatureFileChecker(dest_dir + sigpath); + sigchecker = SignatureFileChecker(dest_dir + sigpath, _info.name()); } @@ -153,8 +160,8 @@ void Downloader::download( MediaSetAccess &media, this->reset(); - Reader reader( dest_dir + _path + "/repodata/repomd.xml" ); - RepomdFileReader( dest_dir + _path + "/repodata/repomd.xml", bind( &Downloader::repomd_Callback, this, _1, _2)); + Reader reader( dest_dir + _info.path() + "/repodata/repomd.xml" ); + RepomdFileReader( dest_dir + _info.path() + "/repodata/repomd.xml", bind( &Downloader::repomd_Callback, this, _1, _2)); // ready, go! this->start( dest_dir, *_media_ptr); diff --git a/zypp/repo/yum/Downloader.h b/zypp/repo/yum/Downloader.h index 6ea6bd1..a473ee3 100644 --- a/zypp/repo/yum/Downloader.h +++ b/zypp/repo/yum/Downloader.h @@ -16,6 +16,7 @@ #include "zypp/OnMediaLocation.h" #include "zypp/MediaSetAccess.h" #include "zypp/ProgressData.h" +#include "zypp/RepoInfo.h" #include "zypp/RepoStatus.h" #include "zypp/repo/Downloader.h" #include "zypp/repo/yum/ResourceType.h" @@ -41,9 +42,20 @@ namespace zypp { public: - /** - * \short Constructor + /** + * \short Constructor from the repository information + * + * The repository information allows more context to be given + * to the user when something fails. * + * \param info Repository information + */ + Downloader( const RepoInfo &info ); + + /** + * \short Constructor from the pathname relative to the + * repository url + * * \param path Path to the repostory from the media */ Downloader( const Pathname &path ); @@ -68,7 +80,7 @@ namespace zypp bool repomd_Callback( const OnMediaLocation &loc, const ResourceType &dtype ); bool patches_Callback( const OnMediaLocation &loc, const std::string &id ); private: - Pathname _path; + RepoInfo _info; Pathname _dest_dir; std::list _patches_files; -- 2.7.4