From c814bb93281a7c77580a21cb56c407ce8f7f1a24 Mon Sep 17 00:00:00 2001
From: Panu Matilainen <pmatilai@redhat.com>
Date: Fri, 3 Sep 2010 10:38:38 +0300
Subject: [PATCH] Export the cli-level signature checking as
 rpmcliVerifySignatures() - Signature verification is completely different
 from package signing,   another step towards making rpmcliSign() do what it's
 named after

---
 lib/rpmchecksig.c | 48 ++++++++++++++++++++++++------------------------
 lib/rpmcli.h      |  9 +++++++++
 2 files changed, 33 insertions(+), 24 deletions(-)

diff --git a/lib/rpmchecksig.c b/lib/rpmchecksig.c
index dffc42f..e308aee 100644
--- a/lib/rpmchecksig.c
+++ b/lib/rpmchecksig.c
@@ -787,17 +787,36 @@ int rpmVerifySignatures(QVA_t qva, rpmts ts, FD_t fd, const char * fn)
     return rc;
 }
 
-int rpmcliSign(rpmts ts, QVA_t qva, ARGV_const_t argv)
+int rpmcliVerifySignatures(rpmts ts, QVA_t qva, ARGV_const_t argv)
 {
     const char * arg;
     int res = 0;
-    int xx;
-    rpmKeyring keyring = NULL;
+    rpmKeyring keyring = rpmtsGetKeyring(ts, 1);
+    while ((arg = *argv++) != NULL) {
+	FD_t fd = Fopen(arg, "r.ufdio");
+	if (fd == NULL || Ferror(fd)) {
+	    rpmlog(RPMLOG_ERR, _("%s: open failed: %s\n"), 
+		     arg, Fstrerror(fd));
+	    res++;
+	} else if (rpmpkgVerifySigs(keyring, qva->qva_flags, fd, arg)) {
+	    res++;
+	}
+
+	Fclose(fd);
+	rpmdbCheckSignals();
+    }
+    rpmKeyringFree(keyring);
+    return res;
+}
+
+int rpmcliSign(rpmts ts, QVA_t qva, ARGV_const_t argv)
+{
 
-    if (argv == NULL) return res;
+    if (argv == NULL) return -1;
 
     switch (qva->qva_mode) {
     case RPMSIGN_CHK_SIGNATURE:
+	return rpmcliVerifySignatures(ts, qva, argv);
 	break;
     case RPMSIGN_IMPORT_PUBKEY:
 	return rpmcliImportPubkeys(ts, argv);
@@ -808,27 +827,8 @@ int rpmcliSign(rpmts ts, QVA_t qva, ARGV_const_t argv)
 	return rpmReSign(ts, qva, argv);
 	break;
     default:
-	return -1;
 	break;
     }
 
-    keyring = rpmtsGetKeyring(ts, 1);
-    while ((arg = *argv++) != NULL) {
-	FD_t fd;
-
-	fd = Fopen(arg, "r.ufdio");
-	if (fd == NULL || Ferror(fd)) {
-	    rpmlog(RPMLOG_ERR, _("%s: open failed: %s\n"), 
-		     arg, Fstrerror(fd));
-	    res++;
-	} else if (rpmpkgVerifySigs(keyring, qva->qva_flags, fd, arg)) {
-	    res++;
-	}
-
-	if (fd != NULL) xx = Fclose(fd);
-	rpmdbCheckSignals();
-    }
-    rpmKeyringFree(keyring);
-
-    return res;
+    return -1;
 }
diff --git a/lib/rpmcli.h b/lib/rpmcli.h
index e89cb24..38b4365 100644
--- a/lib/rpmcli.h
+++ b/lib/rpmcli.h
@@ -457,6 +457,15 @@ int rpmcliSign(rpmts ts, QVA_t qva, ARGV_const_t argv);
  */
 int rpmcliImportPubkeys(rpmts ts, ARGV_const_t argv);
 
+/** \ingroup rpmcli
+ * Verify package signatures
+ * @param ts		transaction set
+ * @param qva		mode flags and parameters
+ * @param argv		array of package path arguments (NULL terminated)
+ * @return		0 on success
+ */
+int rpmcliVerifySignatures(rpmts ts, QVA_t qva, ARGV_const_t argv);
+
 #ifdef __cplusplus
 }
 #endif
-- 
2.7.4