libzypp  16.20.4
KeyRing.cc
Go to the documentation of this file.
1 /*---------------------------------------------------------------------\
2 | ____ _ __ __ ___ |
3 | |__ / \ / / . \ . \ |
4 | / / \ V /| _/ _/ |
5 | / /__ | | | | | | |
6 | /_____||_| |_| |_| |
7 | |
8 \---------------------------------------------------------------------*/
12 #include <iostream>
13 #include <fstream>
14 #include <sys/file.h>
15 #include <cstdio>
16 #include <unistd.h>
17 
18 #include "zypp/TmpPath.h"
19 #include "zypp/ZYppFactory.h"
20 #include "zypp/ZYpp.h"
21 
22 #include "zypp/base/LogTools.h"
23 #include "zypp/base/IOStream.h"
24 #include "zypp/base/String.h"
25 #include "zypp/base/Regex.h"
26 #include "zypp/base/Gettext.h"
27 #include "zypp/base/WatchFile.h"
28 #include "zypp/PathInfo.h"
29 #include "zypp/KeyRing.h"
30 #include "zypp/ExternalProgram.h"
31 #include "zypp/TmpPath.h"
32 #include "zypp/ZYppCallbacks.h" // JobReport::instance
33 
34 using std::endl;
35 
36 #undef ZYPP_BASE_LOGGER_LOGGROUP
37 #define ZYPP_BASE_LOGGER_LOGGROUP "zypp::KeyRing"
38 
40 #define GPG_BINARY "/usr/bin/gpg2"
41 
43 namespace zypp
44 {
45 
46  IMPL_PTR_TYPE(KeyRing);
47 
48  namespace
49  {
50  KeyRing::DefaultAccept _keyRingDefaultAccept( KeyRing::ACCEPT_NOTHING );
51  }
52 
53  KeyRing::DefaultAccept KeyRing::defaultAccept()
54  { return _keyRingDefaultAccept; }
55 
56  void KeyRing::setDefaultAccept( DefaultAccept value_r )
57  {
58  MIL << "Set new KeyRing::DefaultAccept: " << value_r << endl;
59  _keyRingDefaultAccept = value_r;
60  }
61 
62  void KeyRingReport::infoVerify( const std::string & file_r, const PublicKeyData & keyData_r, const KeyContext & keycontext )
63  {}
64 
65  bool KeyRingReport::askUserToAcceptUnsignedFile( const std::string & file, const KeyContext & keycontext )
66  { return _keyRingDefaultAccept.testFlag( KeyRing::ACCEPT_UNSIGNED_FILE ); }
67 
68  KeyRingReport::KeyTrust
69  KeyRingReport::askUserToAcceptKey( const PublicKey & key, const KeyContext & keycontext )
70  {
71  if ( _keyRingDefaultAccept.testFlag( KeyRing::TRUST_KEY_TEMPORARILY ) )
72  return KEY_TRUST_TEMPORARILY;
73  if ( _keyRingDefaultAccept.testFlag( KeyRing::TRUST_AND_IMPORT_KEY ) )
74  return KEY_TRUST_AND_IMPORT;
75  return KEY_DONT_TRUST;
76  }
77 
78  bool KeyRingReport::askUserToAcceptUnknownKey( const std::string & file, const std::string & id, const KeyContext & keycontext )
79  { return _keyRingDefaultAccept.testFlag( KeyRing::ACCEPT_UNKNOWNKEY ); }
80 
81  bool KeyRingReport::askUserToAcceptVerificationFailed( const std::string & file, const PublicKey & key, const KeyContext & keycontext )
82  { return _keyRingDefaultAccept.testFlag( KeyRing::ACCEPT_VERIFICATION_FAILED ); }
83 
84  namespace
85  {
93  struct CachedPublicKeyData // : private base::NonCopyable - but KeyRing uses RWCOW though also NonCopyable :(
94  {
95  const std::list<PublicKeyData> & operator()( const Pathname & keyring_r ) const
96  { return getData( keyring_r ); }
97 
98  private:
99  struct Cache
100  {
101  // Empty copy ctor to allow insert into std::map as
102  // scoped_ptr is noncopyable.
103  Cache() {}
104  Cache( const Cache & rhs ) {}
105 
106  void assertCache( const Pathname & keyring_r )
107  {
108  // .kbx since gpg2-2.1
109  if ( !_keyringK )
110  _keyringK.reset( new WatchFile( keyring_r/"pubring.kbx", WatchFile::NO_INIT ) );
111  if ( !_keyringP )
112  _keyringP.reset( new WatchFile( keyring_r/"pubring.gpg", WatchFile::NO_INIT ) );
113  }
114 
115  bool hasChanged() const
116  {
117  bool k = _keyringK->hasChanged(); // be sure both files are checked
118  bool p = _keyringP->hasChanged();
119  return k || p;
120  }
121 
122  std::list<PublicKeyData> _data;
123 
124  private:
125  scoped_ptr<WatchFile> _keyringK;
126  scoped_ptr<WatchFile> _keyringP;
127  };
128 
129  typedef std::map<Pathname,Cache> CacheMap;
130 
131  const std::list<PublicKeyData> & getData( const Pathname & keyring_r ) const
132  {
133  Cache & cache( _cacheMap[keyring_r] );
134  // init new cache entry
135  cache.assertCache( keyring_r );
136  return getData( keyring_r, cache );
137  }
138 
139  const std::list<PublicKeyData> & getData( const Pathname & keyring_r, Cache & cache_r ) const
140  {
141  if ( cache_r.hasChanged() )
142  {
143  const char* argv[] =
144  {
145  GPG_BINARY,
146  "--list-public-keys",
147  "--homedir", keyring_r.c_str(),
148  "--no-default-keyring",
149  "--quiet",
150  "--with-colons",
151  "--fixed-list-mode",
152  "--with-fingerprint",
153  "--with-sig-list",
154  "--no-tty",
155  "--no-greeting",
156  "--batch",
157  "--status-fd", "1",
158  NULL
159  };
160 
161  PublicKeyScanner scanner;
162  ExternalProgram prog( argv ,ExternalProgram::Discard_Stderr, false, -1, true );
163  for( std::string line = prog.receiveLine(); !line.empty(); line = prog.receiveLine() )
164  {
165  scanner.scan( line );
166  }
167  prog.close();
168 
169  cache_r._data.swap( scanner._keys );
170  MIL << "Found keys: " << cache_r._data << endl;
171  }
172  return cache_r._data;
173  }
174 
175  mutable CacheMap _cacheMap;
176  };
178  }
179 
181  //
182  // CLASS NAME : KeyRing::Impl
183  //
185  struct KeyRing::Impl
186  {
187  Impl( const Pathname & baseTmpDir )
188  : _trusted_tmp_dir( baseTmpDir, "zypp-trusted-kr" )
189  , _general_tmp_dir( baseTmpDir, "zypp-general-kr" )
190  , _base_dir( baseTmpDir )
191  {
192  MIL << "Current KeyRing::DefaultAccept: " << _keyRingDefaultAccept << endl;
193  }
194 
195  void importKey( const PublicKey & key, bool trusted = false );
196  void multiKeyImport( const Pathname & keyfile_r, bool trusted_r = false );
197  void deleteKey( const std::string & id, bool trusted );
198 
199  std::string readSignatureKeyId( const Pathname & signature );
200 
201  bool isKeyTrusted( const std::string & id )
202  { return bool(publicKeyExists( id, trustedKeyRing() )); }
203  bool isKeyKnown( const std::string & id )
204  { return publicKeyExists( id, trustedKeyRing() ) || publicKeyExists( id, generalKeyRing() ); }
205 
206  std::list<PublicKey> trustedPublicKeys()
207  { return publicKeys( trustedKeyRing() ); }
208  std::list<PublicKey> publicKeys()
209  { return publicKeys( generalKeyRing() ); }
210 
211  const std::list<PublicKeyData> & trustedPublicKeyData()
212  { return publicKeyData( trustedKeyRing() ); }
213  const std::list<PublicKeyData> & publicKeyData()
214  { return publicKeyData( generalKeyRing() ); }
215 
216  void dumpPublicKey( const std::string & id, bool trusted, std::ostream & stream )
217  { dumpPublicKey( id, ( trusted ? trustedKeyRing() : generalKeyRing() ), stream ); }
218 
219  PublicKey exportPublicKey( const PublicKeyData & keyData )
220  { return exportKey( keyData, generalKeyRing() ); }
221  PublicKey exportTrustedPublicKey( const PublicKeyData & keyData )
222  { return exportKey( keyData, trustedKeyRing() ); }
223 
224  bool verifyFileSignatureWorkflow( const Pathname & file, const std::string & filedesc, const Pathname & signature, bool & sigValid_r, const KeyContext & keycontext = KeyContext());
225 
226  bool verifyFileSignature( const Pathname & file, const Pathname & signature )
227  { return verifyFile( file, signature, generalKeyRing() ); }
228  bool verifyFileTrustedSignature( const Pathname & file, const Pathname & signature )
229  { return verifyFile( file, signature, trustedKeyRing() ); }
230 
231  private:
232  bool verifyFile( const Pathname & file, const Pathname & signature, const Pathname & keyring );
233  void importKey( const Pathname & keyfile, const Pathname & keyring );
234 
235  PublicKey exportKey( const std::string & id, const Pathname & keyring );
236  PublicKey exportKey( const PublicKeyData & keyData, const Pathname & keyring );
237 
238  void dumpPublicKey( const std::string & id, const Pathname & keyring, std::ostream & stream );
239  filesystem::TmpFile dumpPublicKeyToTmp( const std::string & id, const Pathname & keyring );
240 
241  void deleteKey( const std::string & id, const Pathname & keyring );
242 
243  std::list<PublicKey> publicKeys( const Pathname & keyring);
244  const std::list<PublicKeyData> & publicKeyData( const Pathname & keyring )
245  { return cachedPublicKeyData( keyring ); }
246 
248  PublicKeyData publicKeyExists( const std::string & id, const Pathname & keyring );
249 
250  const Pathname generalKeyRing() const
251  { return _general_tmp_dir.path(); }
252  const Pathname trustedKeyRing() const
253  { return _trusted_tmp_dir.path(); }
254 
255  // Used for trusted and untrusted keyrings
256  filesystem::TmpDir _trusted_tmp_dir;
257  filesystem::TmpDir _general_tmp_dir;
258  Pathname _base_dir;
259 
260  private:
266  CachedPublicKeyData cachedPublicKeyData;
267  };
269 
270 
271  void KeyRing::Impl::importKey( const PublicKey & key, bool trusted )
272  {
273  importKey( key.path(), trusted ? trustedKeyRing() : generalKeyRing() );
274 
275  if ( trusted )
276  try {
277  callback::SendReport<target::rpm::KeyRingSignals> rpmdbEmitSignal;
278  rpmdbEmitSignal->trustedKeyAdded( key );
279 
280  callback::SendReport<KeyRingSignals> emitSignal;
281  emitSignal->trustedKeyAdded( key );
282  }
283  catch ( const Exception & excp )
284  {
285  ERR << "Could not import key " << excp << endl;
286  // TODO: JobReport as hotfix for bsc#1057188; should bubble up and go through some callback
287  JobReport::error( excp.asUserHistory() );
288  }
289  }
290 
291  void KeyRing::Impl::multiKeyImport( const Pathname & keyfile_r, bool trusted_r )
292  {
293  importKey( keyfile_r, trusted_r ? trustedKeyRing() : generalKeyRing() );
294  }
295 
296  void KeyRing::Impl::deleteKey( const std::string & id, bool trusted )
297  {
298  PublicKey key;
299  if ( trusted ) // extract before being deleted from trustedKeyRing
300  key = exportKey( id, trustedKeyRing() );
301 
302  deleteKey( id, trusted ? trustedKeyRing() : generalKeyRing() );
303 
304  if ( trusted )
305  try {
306  callback::SendReport<target::rpm::KeyRingSignals> rpmdbEmitSignal;
307  rpmdbEmitSignal->trustedKeyRemoved( key );
308 
309  callback::SendReport<KeyRingSignals> emitSignal;
310  emitSignal->trustedKeyRemoved( key );
311  }
312  catch ( const Exception & excp )
313  {
314  ERR << "Could not delete key " << excp << endl;
315  // TODO: JobReport as hotfix for bsc#1057188; should bubble up and go through some callback
316  JobReport::error( excp.asUserHistory() );
317  }
318  }
319 
320  PublicKeyData KeyRing::Impl::publicKeyExists( const std::string & id, const Pathname & keyring )
321  {
322  MIL << "Searching key [" << id << "] in keyring " << keyring << endl;
323  PublicKeyData ret;
324  for ( const PublicKeyData & key : publicKeyData( keyring ) )
325  {
326  if ( key.providesKey( id ) )
327  {
328  ret = key;
329  break;
330  }
331  }
332  return ret;
333  }
334 
335  PublicKey KeyRing::Impl::exportKey( const PublicKeyData & keyData, const Pathname & keyring )
336  {
337  return PublicKey( dumpPublicKeyToTmp( keyData.id(), keyring ), keyData );
338  }
339 
340  PublicKey KeyRing::Impl::exportKey( const std::string & id, const Pathname & keyring )
341  {
342  PublicKeyData keyData( publicKeyExists( id, keyring ) );
343  if ( keyData )
344  return PublicKey( dumpPublicKeyToTmp( keyData.id(), keyring ), keyData );
345 
346  // Here: key not found
347  WAR << "No key " << id << " to export from " << keyring << endl;
348  return PublicKey();
349  }
350 
351 
352  void KeyRing::Impl::dumpPublicKey( const std::string & id, const Pathname & keyring, std::ostream & stream )
353  {
354  const char* argv[] =
355  {
356  GPG_BINARY,
357  "-a",
358  "--export",
359  "--homedir", keyring.asString().c_str(),
360  "--no-default-keyring",
361  "--quiet",
362  "--no-tty",
363  "--no-greeting",
364  "--no-permission-warning",
365  "--batch",
366  id.c_str(),
367  NULL
368  };
369  ExternalProgram prog( argv,ExternalProgram::Discard_Stderr, false, -1, true );
370  for ( std::string line = prog.receiveLine(); !line.empty(); line = prog.receiveLine() )
371  {
372  stream << line;
373  }
374  prog.close();
375  }
376 
377  filesystem::TmpFile KeyRing::Impl::dumpPublicKeyToTmp( const std::string & id, const Pathname & keyring )
378  {
379  filesystem::TmpFile tmpFile( _base_dir, "pubkey-"+id+"-" );
380  MIL << "Going to export key " << id << " from " << keyring << " to " << tmpFile.path() << endl;
381 
382  std::ofstream os( tmpFile.path().c_str() );
383  dumpPublicKey( id, keyring, os );
384  os.close();
385  return tmpFile;
386  }
387 
388  bool KeyRing::Impl::verifyFileSignatureWorkflow( const Pathname & file, const std::string & filedesc, const Pathname & signature, bool & sigValid_r, const KeyContext & context )
389  {
390  sigValid_r = false; // set true if signature is actually successfully validated!
391 
392  callback::SendReport<KeyRingReport> report;
393  MIL << "Going to verify signature for " << filedesc << " ( " << file << " ) with " << signature << endl;
394 
395  // if signature does not exists, ask user if he wants to accept unsigned file.
396  if( signature.empty() || (!PathInfo( signature ).isExist()) )
397  {
398  bool res = report->askUserToAcceptUnsignedFile( filedesc, context );
399  MIL << "askUserToAcceptUnsignedFile: " << res << endl;
400  return res;
401  }
402 
403  // get the id of the signature (it might be a subkey id!)
404  std::string id = readSignatureKeyId( signature );
405 
406  // does key exists in trusted keyring
407  PublicKeyData trustedKeyData( publicKeyExists( id, trustedKeyRing() ) );
408  if ( trustedKeyData )
409  {
410  MIL << "Key is trusted: " << trustedKeyData << endl;
411 
412  // lets look if there is an updated key in the
413  // general keyring
414  PublicKeyData generalKeyData( publicKeyExists( id, generalKeyRing() ) );
415  if ( generalKeyData )
416  {
417  // bnc #393160: Comment #30: Compare at least the fingerprint
418  // in case an attacker created a key the the same id.
419  //
420  // FIXME: bsc#1008325: For keys using subkeys, we'd actually need
421  // to compare the subkey sets, to tell whether a key was updated.
422  // because created() remains unchanged if the primary key is not touched.
423  // For now we wait until a new subkey signs the data and treat it as a
424  // new key (else part below).
425  if ( trustedKeyData.fingerprint() == generalKeyData.fingerprint()
426  && trustedKeyData.created() < generalKeyData.created() )
427  {
428  MIL << "Key was updated. Saving new version into trusted keyring: " << generalKeyData << endl;
429  importKey( exportKey( generalKeyData, generalKeyRing() ), true );
430  trustedKeyData = publicKeyExists( id, trustedKeyRing() ); // re-read: invalidated by import?
431  }
432  }
433 
434  // it exists, is trusted, does it validate?
435  report->infoVerify( filedesc, trustedKeyData, context );
436  if ( verifyFile( file, signature, trustedKeyRing() ) )
437  {
438  return (sigValid_r=true); // signature is actually successfully validated!
439  }
440  else
441  {
442  bool res = report->askUserToAcceptVerificationFailed( filedesc, exportKey( trustedKeyData, trustedKeyRing() ), context );
443  MIL << "askUserToAcceptVerificationFailed: " << res << endl;
444  return res;
445  }
446  }
447  else
448  {
449  PublicKeyData generalKeyData( publicKeyExists( id, generalKeyRing() ) );
450  if ( generalKeyData )
451  {
452  PublicKey key( exportKey( generalKeyData, generalKeyRing() ) );
453  MIL << "Exported key " << id << " to " << key.path() << endl;
454  MIL << "Key " << id << " " << key.name() << " is not trusted" << endl;
455 
456  // ok the key is not trusted, ask the user to trust it or not
457  KeyRingReport::KeyTrust reply = report->askUserToAcceptKey( key, context );
458  if ( reply == KeyRingReport::KEY_TRUST_TEMPORARILY ||
459  reply == KeyRingReport::KEY_TRUST_AND_IMPORT )
460  {
461  MIL << "User wants to trust key " << id << " " << key.name() << endl;
462 
463  Pathname whichKeyring;
464  if ( reply == KeyRingReport::KEY_TRUST_AND_IMPORT )
465  {
466  MIL << "User wants to import key " << id << " " << key.name() << endl;
467  importKey( key, true );
468  whichKeyring = trustedKeyRing();
469  }
470  else
471  whichKeyring = generalKeyRing();
472 
473  // does it validate?
474  report->infoVerify( filedesc, generalKeyData, context );
475  if ( verifyFile( file, signature, whichKeyring ) )
476  {
477  return (sigValid_r=true); // signature is actually successfully validated!
478  }
479  else
480  {
481  bool res = report->askUserToAcceptVerificationFailed( filedesc, key, context );
482  MIL << "askUserToAcceptVerificationFailed: " << res << endl;
483  return res;
484  }
485  }
486  else
487  {
488  MIL << "User does not want to trust key " << id << " " << key.name() << endl;
489  return false;
490  }
491  }
492  else
493  {
494  // signed with an unknown key...
495  MIL << "File [" << file << "] ( " << filedesc << " ) signed with unknown key [" << id << "]" << endl;
496  bool res = report->askUserToAcceptUnknownKey( filedesc, id, context );
497  MIL << "askUserToAcceptUnknownKey: " << res << endl;
498  return res;
499  }
500  }
501  return false;
502  }
503 
504  std::list<PublicKey> KeyRing::Impl::publicKeys( const Pathname & keyring )
505  {
506  const std::list<PublicKeyData> & keys( publicKeyData( keyring ) );
507  std::list<PublicKey> ret;
508 
509  for_( it, keys.begin(), keys.end() )
510  {
511  PublicKey key( exportKey( *it, keyring ) );
512  ret.push_back( key );
513  MIL << "Found key " << key << endl;
514  }
515  return ret;
516  }
517 
518  void KeyRing::Impl::importKey( const Pathname & keyfile, const Pathname & keyring )
519  {
520  if ( ! PathInfo( keyfile ).isExist() )
521  // TranslatorExplanation first %s is key name, second is keyring name
522  ZYPP_THROW(KeyRingException( str::Format(_("Tried to import not existent key %s into keyring %s"))
523  % keyfile.asString()
524  % keyring.asString() ));
525 
526  const char* argv[] =
527  {
528  GPG_BINARY,
529  "--import",
530  "--homedir", keyring.asString().c_str(),
531  "--no-default-keyring",
532  "--quiet",
533  "--no-tty",
534  "--no-greeting",
535  "--no-permission-warning",
536  "--status-fd", "1",
537  keyfile.asString().c_str(),
538  NULL
539  };
540 
541  ExternalProgram prog( argv,ExternalProgram::Discard_Stderr, false, -1, true );
542  prog.close();
543  }
544 
545  void KeyRing::Impl::deleteKey( const std::string & id, const Pathname & keyring )
546  {
547  const char* argv[] =
548  {
549  GPG_BINARY,
550  "--delete-keys",
551  "--homedir", keyring.asString().c_str(),
552  "--no-default-keyring",
553  "--yes",
554  "--quiet",
555  "--no-tty",
556  "--batch",
557  "--status-fd", "1",
558  id.c_str(),
559  NULL
560  };
561 
562  ExternalProgram prog( argv,ExternalProgram::Discard_Stderr, false, -1, true );
563 
564  int code = prog.close();
565  if ( code )
566  ZYPP_THROW(Exception(_("Failed to delete key.")));
567  else
568  MIL << "Deleted key " << id << " from keyring " << keyring << endl;
569  }
570 
571  std::string KeyRing::Impl::readSignatureKeyId( const Pathname & signature )
572  {
573  if ( ! PathInfo( signature ).isFile() )
574  ZYPP_THROW(Exception( str::Format(_("Signature file %s not found")) % signature.asString() ));
575 
576  MIL << "Determining key id of signature " << signature << endl;
577  const char* argv[] =
578  {
579  GPG_BINARY,
580  "--list-packets",
581  signature.asString().c_str(),
582  NULL
583  };
584  ExternalProgram prog( argv ,ExternalProgram::Discard_Stderr, false, -1, true );
585 
586  // :signature packet: algo 1, keyid 1397BC53640DB551
587  // version 4, created 1501094968, md5len 0, sigclass 0x00
588  // digest algo 8, begin of digest 15 89
589  // hashed subpkt 2 len 4 (sig created 2017-07-26)
590  // subpkt 16 len 8 (issuer key ID 1397BC53640DB551)
591  // data: [4095 bits]
592  std::string id;
593  for( std::string line = prog.receiveLine(); !line.empty(); line = prog.receiveLine() )
594  {
595  if ( id.empty() && str::startsWith( line, ":signature packet:" ) )
596  {
597  static const str::regex rxKeyId( " keyid +([0-9A-Z]+)" );
598  str::smatch what;
599  if( str::regex_match( line, what, rxKeyId ) )
600  id = what[1];
601  }
602  }
603 
604  MIL << "Determined key id [" << id << "] for signature " << signature << endl;
605  prog.close();
606  return id;
607  }
608 
609  bool KeyRing::Impl::verifyFile( const Pathname & file, const Pathname & signature, const Pathname & keyring )
610  {
611  const char* argv[] =
612  {
613  GPG_BINARY,
614  "--verify",
615  "--homedir", keyring.asString().c_str(),
616  "--no-default-keyring",
617  "--quiet",
618  "--no-tty",
619  "--batch",
620  "--no-greeting",
621  "--status-fd", "1",
622  signature.asString().c_str(),
623  file.asString().c_str(),
624  NULL
625  };
626 
627  // no need to parse output for now
628  // [GNUPG:] SIG_ID yCc4u223XRJnLnVAIllvYbUd8mQ 2006-03-29 1143618744
629  // [GNUPG:] GOODSIG A84EDAE89C800ACA SuSE Package Signing Key <build@suse.de>
630  // gpg: Good signature from "SuSE Package Signing Key <build@suse.de>"
631  // [GNUPG:] VALIDSIG 79C179B2E1C820C1890F9994A84EDAE89C800ACA 2006-03-29 1143618744 0 3 0 17 2 00 79C179B2E1C820C1890F9994A84EDAE89C800ACA
632  // [GNUPG:] TRUST_UNDEFINED
633 
634  // [GNUPG:] ERRSIG A84EDAE89C800ACA 17 2 00 1143618744 9
635  // [GNUPG:] NO_PUBKEY A84EDAE89C800ACA
636 
637  ExternalProgram prog( argv,ExternalProgram::Discard_Stderr, false, -1, true );
638 
639  return ( prog.close() == 0 ) ? true : false;
640  }
641 
643 
645  //
646  // CLASS NAME : KeyRing
647  //
649 
650  KeyRing::KeyRing( const Pathname & baseTmpDir )
651  : _pimpl( new Impl( baseTmpDir ) )
652  {}
653 
654  KeyRing::~KeyRing()
655  {}
656 
657 
658  void KeyRing::importKey( const PublicKey & key, bool trusted )
659  { _pimpl->importKey( key, trusted ); }
660 
661  void KeyRing::multiKeyImport( const Pathname & keyfile_r, bool trusted_r )
662  { _pimpl->multiKeyImport( keyfile_r, trusted_r ); }
663 
664  std::string KeyRing::readSignatureKeyId( const Pathname & signature )
665  { return _pimpl->readSignatureKeyId( signature ); }
666 
667  void KeyRing::deleteKey( const std::string & id, bool trusted )
668  { _pimpl->deleteKey( id, trusted ); }
669 
670  std::list<PublicKey> KeyRing::publicKeys()
671  { return _pimpl->publicKeys(); }
672 
673  std:: list<PublicKey> KeyRing::trustedPublicKeys()
674  { return _pimpl->trustedPublicKeys(); }
675 
676  std::list<PublicKeyData> KeyRing::publicKeyData()
677  { return _pimpl->publicKeyData(); }
678 
679  std::list<PublicKeyData> KeyRing::trustedPublicKeyData()
680  { return _pimpl->trustedPublicKeyData(); }
681 
682  bool KeyRing::verifyFileSignatureWorkflow( const Pathname & file, const std::string & filedesc, const Pathname & signature, bool & sigValid_r, const KeyContext & keycontext )
683  { return _pimpl->verifyFileSignatureWorkflow( file, filedesc, signature, sigValid_r, keycontext ); }
684 
685  bool KeyRing::verifyFileSignatureWorkflow( const Pathname & file, const std::string filedesc, const Pathname & signature, const KeyContext & keycontext )
686  { bool unused; return _pimpl->verifyFileSignatureWorkflow( file, filedesc, signature, unused, keycontext ); }
687 
688  bool KeyRing::verifyFileSignature( const Pathname & file, const Pathname & signature )
689  { return _pimpl->verifyFileSignature( file, signature ); }
690 
691  bool KeyRing::verifyFileTrustedSignature( const Pathname & file, const Pathname & signature )
692  { return _pimpl->verifyFileTrustedSignature( file, signature ); }
693 
694  void KeyRing::dumpPublicKey( const std::string & id, bool trusted, std::ostream & stream )
695  { _pimpl->dumpPublicKey( id, trusted, stream ); }
696 
697  PublicKey KeyRing::exportPublicKey( const PublicKeyData & keyData )
698  { return _pimpl->exportPublicKey( keyData ); }
699 
700  PublicKey KeyRing::exportTrustedPublicKey( const PublicKeyData & keyData )
701  { return _pimpl->exportTrustedPublicKey( keyData ); }
702 
703  bool KeyRing::isKeyTrusted( const std::string & id )
704  { return _pimpl->isKeyTrusted( id ); }
705 
706  bool KeyRing::isKeyKnown( const std::string & id )
707  { return _pimpl->isKeyKnown( id ); }
708 
710 } // namespace zypp
for_
#define for_(IT, BEG, END)
Convenient for-loops using iterator.
Definition: Easy.h:27
ZYPP_THROW
#define ZYPP_THROW(EXCPT)
Drops a logline and throws the Exception.
Definition: Exception.h:350
Gettext.h
Interface to gettext.
_
#define _(MSG)
Definition: Gettext.h:29
_data
std::list< PublicKeyData > _data
Definition: KeyRing.cc:122
GPG_BINARY
#define GPG_BINARY
Definition: KeyRing.cc:40
_keyringK
scoped_ptr< WatchFile > _keyringK
Definition: KeyRing.cc:125
_keyringP
scoped_ptr< WatchFile > _keyringP
Definition: KeyRing.cc:126
_cacheMap
CacheMap _cacheMap
Definition: KeyRing.cc:175
MIL
#define MIL
Definition: Logger.h:64
ERR
#define ERR
Definition: Logger.h:66
WAR
#define WAR
Definition: Logger.h:65
report
callback::SendReport< DownloadProgressReport > * report
Definition: MediaCurl.cc:203
scoped_ptr
zypp::Exception
Base class for Exception.
Definition: Exception.h:144
zypp::Exception::asUserHistory
std::string asUserHistory() const
A single (multiline) string composed of asUserString and historyAsString.
Definition: Exception.cc:91
zypp::ExternalProgram
Execute a program and give access to its io An object of this class encapsulates the execution of an ...
Definition: ExternalProgram.h:59
zypp::ExternalProgram::close
int close()
Wait for the progamm to complete.
Definition: ExternalProgram.cc:424
zypp::KeyRing
Gpg key handling.
Definition: KeyRing.h:136
zypp::KeyRing::isKeyKnown
bool isKeyKnown(const std::string &id)
true if the key id is knows, that means at least exist on the untrusted keyring
Definition: KeyRing.cc:706
zypp::KeyRing::publicKeys
std::list< PublicKey > publicKeys()
Get a list of public keys in the keyring (incl.
Definition: KeyRing.cc:670
zypp::KeyRing::trustedPublicKeys
std::list< PublicKey > trustedPublicKeys()
Get a list of trusted public keys in the keyring (incl.
Definition: KeyRing.cc:673
zypp::KeyRing::defaultAccept
static DefaultAccept defaultAccept()
Get the active accept bits.
Definition: KeyRing.cc:53
zypp::KeyRing::dumpPublicKey
void dumpPublicKey(const std::string &id, bool trusted, std::ostream &stream)
Definition: KeyRing.cc:694
zypp::KeyRing::verifyFileSignature
bool verifyFileSignature(const Pathname &file, const Pathname &signature)
Verifies a file against a signature, with no user interaction.
Definition: KeyRing.cc:688
zypp::KeyRing::multiKeyImport
void multiKeyImport(const Pathname &keyfile_r, bool trusted_r=false)
Initial import from RpmDb.
Definition: KeyRing.cc:661
zypp::KeyRing::KeyRing
KeyRing(const Pathname &baseTmpDir)
Default ctor.
Definition: KeyRing.cc:650
zypp::KeyRing::~KeyRing
~KeyRing()
Dtor.
Definition: KeyRing.cc:654
zypp::KeyRing::exportPublicKey
PublicKey exportPublicKey(const PublicKeyData &keyData)
Export a public key identified by its key data.
Definition: KeyRing.cc:697
zypp::KeyRing::readSignatureKeyId
std::string readSignatureKeyId(const Pathname &signature)
reads the public key id from a signature
Definition: KeyRing.cc:664
zypp::KeyRing::verifyFileTrustedSignature
bool verifyFileTrustedSignature(const Pathname &file, const Pathname &signature)
Definition: KeyRing.cc:691
zypp::KeyRing::importKey
void importKey(const PublicKey &key, bool trusted=false)
imports a key from a file.
Definition: KeyRing.cc:658
zypp::KeyRing::verifyFileSignatureWorkflow
bool verifyFileSignatureWorkflow(const Pathname &file, const std::string &filedesc, const Pathname &signature, bool &sigValid_r, const KeyContext &keycontext=KeyContext())
Follows a signature verification interacting with the user.
Definition: KeyRing.cc:682
zypp::KeyRing::_pimpl
RW_pointer< Impl > _pimpl
Pointer to implementation.
Definition: KeyRing.h:291
zypp::KeyRing::deleteKey
void deleteKey(const std::string &id, bool trusted=false)
removes a key from the keyring.
Definition: KeyRing.cc:667
zypp::KeyRing::trustedPublicKeyData
std::list< PublicKeyData > trustedPublicKeyData()
Get a list of trusted public key data in the keyring (key data only)
Definition: KeyRing.cc:679
zypp::KeyRing::setDefaultAccept
static void setDefaultAccept(DefaultAccept value_r)
Set the active accept bits.
Definition: KeyRing.cc:56
zypp::KeyRing::publicKeyData
std::list< PublicKeyData > publicKeyData()
Get a list of public key data in the keyring (key data only)
Definition: KeyRing.cc:676
zypp::KeyRing::TRUST_KEY_TEMPORARILY
@ TRUST_KEY_TEMPORARILY
Definition: KeyRing.h:156
zypp::KeyRing::ACCEPT_VERIFICATION_FAILED
@ ACCEPT_VERIFICATION_FAILED
Definition: KeyRing.h:158
zypp::KeyRing::ACCEPT_UNKNOWNKEY
@ ACCEPT_UNKNOWNKEY
Definition: KeyRing.h:155
zypp::KeyRing::ACCEPT_NOTHING
@ ACCEPT_NOTHING
Definition: KeyRing.h:153
zypp::KeyRing::TRUST_AND_IMPORT_KEY
@ TRUST_AND_IMPORT_KEY
Definition: KeyRing.h:157
zypp::KeyRing::ACCEPT_UNSIGNED_FILE
@ ACCEPT_UNSIGNED_FILE
Definition: KeyRing.h:154
zypp::KeyRing::exportTrustedPublicKey
PublicKey exportTrustedPublicKey(const PublicKeyData &keyData)
Export a trusted public key identified by its key data.
Definition: KeyRing.cc:700
zypp::KeyRing::isKeyTrusted
bool isKeyTrusted(const std::string &id)
true if the key id is trusted
Definition: KeyRing.cc:703
zypp::PublicKeyData
Class representing one GPG Public Keys data.
Definition: PublicKey.h:133
zypp::PublicKeyData::created
Date created() const
Creation / last modification date (latest selfsig).
Definition: PublicKey.cc:231
zypp::PublicKeyData::id
std::string id() const
Key ID.
Definition: PublicKey.cc:222
zypp::PublicKeyData::fingerprint
std::string fingerprint() const
Key fingerprint.
Definition: PublicKey.cc:228
zypp::PublicKey
Class representing one GPG Public Key (PublicKeyData + ASCII armored in a tempfile).
Definition: PublicKey.h:278
zypp::PublicKey::path
Pathname path() const
File containig the ASCII armored key.
Definition: PublicKey.cc:582
zypp::PublicKey::name
std::string name() const
Definition: PublicKey.cc:591
zypp::externalprogram::ExternalDataSource::receiveLine
std::string receiveLine()
Read one line from the input stream.
Definition: ExternalDataSource.cc:126
zypp::filesystem::PathInfo
Wrapper class for ::stat/::lstat.
Definition: PathInfo.h:221
zypp::filesystem::Pathname::asString
const std::string & asString() const
String representation.
Definition: Pathname.h:90
zypp::filesystem::Pathname::empty
bool empty() const
Test for an empty path.
Definition: Pathname.h:113
zypp::filesystem::Pathname::c_str
const char * c_str() const
String representation.
Definition: Pathname.h:109
zypp::filesystem::TmpDir
Provide a new empty temporary directory and recursively delete it when no longer needed.
Definition: TmpPath.h:171
zypp::filesystem::TmpFile
Provide a new empty temporary file and delete it when no longer needed.
Definition: TmpPath.h:127
zypp::filesystem::TmpPath::path
Pathname path() const
Definition: TmpPath.cc:146
zypp::str::regex
Regular expression.
Definition: Regex.h:87
zypp::str::smatch
Regular expression match result.
Definition: Regex.h:146
zypp::str::startsWith
bool startsWith(const C_Str &str_r, const C_Str &prefix_r)
alias for hasPrefix
Definition: String.h:1095
zypp::str::regex_match
bool regex_match(const std::string &s, smatch &matches, const regex &regex)
\relates regex \ingroup ZYPP_STR_REGEX \relates regex \ingroup ZYPP_STR_REGEX
Definition: Regex.h:70
zypp
Easy-to use interface to the ZYPP dependency resolver.
Definition: CodePitfalls.doc:2
zypp::IMPL_PTR_TYPE
IMPL_PTR_TYPE(Application)
zypp::JobReport::error
static bool error(const std::string &msg_r, const UserData &userData_r=UserData())
send error text
Definition: ZYppCallbacks.h:824
zypp::KeyRingReport::infoVerify
virtual void infoVerify(const std::string &file_r, const PublicKeyData &keyData_r, const KeyContext &keycontext=KeyContext())
Informal callback showing the trusted key that will be used for verification.
Definition: KeyRing.cc:62
zypp::KeyRingReport::KeyTrust
KeyTrust
User reply options for the askUserToTrustKey callback.
Definition: KeyRing.h:52
zypp::KeyRingReport::KEY_TRUST_AND_IMPORT
@ KEY_TRUST_AND_IMPORT
Import the key.
Definition: KeyRing.h:70
zypp::KeyRingReport::KEY_DONT_TRUST
@ KEY_DONT_TRUST
User has chosen not to trust the key.
Definition: KeyRing.h:56
zypp::KeyRingReport::KEY_TRUST_TEMPORARILY
@ KEY_TRUST_TEMPORARILY
This basically means, we knew the key, but it was not trusted.
Definition: KeyRing.h:61
zypp::KeyRingReport::askUserToAcceptUnsignedFile
virtual bool askUserToAcceptUnsignedFile(const std::string &file, const KeyContext &keycontext=KeyContext())
Definition: KeyRing.cc:65
zypp::KeyRingReport::askUserToAcceptKey
virtual KeyTrust askUserToAcceptKey(const PublicKey &key, const KeyContext &keycontext=KeyContext())
Ask user to trust and/or import the key to trusted keyring.
Definition: KeyRing.cc:69
zypp::KeyRingReport::askUserToAcceptUnknownKey
virtual bool askUserToAcceptUnknownKey(const std::string &file, const std::string &id, const KeyContext &keycontext=KeyContext())
we DONT know the key, only its id, but we have never seen it, the difference with trust key is that i...
Definition: KeyRing.cc:78
zypp::KeyRingReport::askUserToAcceptVerificationFailed
virtual bool askUserToAcceptVerificationFailed(const std::string &file, const PublicKey &key, const KeyContext &keycontext=KeyContext())
The file filedesc is signed but the verification failed.
Definition: KeyRing.cc:81
zypp::KeyRing::Impl
KeyRing implementation.
Definition: KeyRing.cc:186
zypp::KeyRing::Impl::importKey
void importKey(const PublicKey &key, bool trusted=false)
Definition: KeyRing.cc:271
zypp::KeyRing::Impl::publicKeyExists
PublicKeyData publicKeyExists(const std::string &id, const Pathname &keyring)
Get PublicKeyData for ID (false if ID is not found).
Definition: KeyRing.cc:320
zypp::KeyRing::Impl::exportKey
PublicKey exportKey(const std::string &id, const Pathname &keyring)
Definition: KeyRing.cc:340
zypp::KeyRing::Impl::exportPublicKey
PublicKey exportPublicKey(const PublicKeyData &keyData)
Definition: KeyRing.cc:219
zypp::KeyRing::Impl::trustedPublicKeyData
const std::list< PublicKeyData > & trustedPublicKeyData()
Definition: KeyRing.cc:211
zypp::KeyRing::Impl::isKeyKnown
bool isKeyKnown(const std::string &id)
Definition: KeyRing.cc:203
zypp::KeyRing::Impl::verifyFileTrustedSignature
bool verifyFileTrustedSignature(const Pathname &file, const Pathname &signature)
Definition: KeyRing.cc:228
zypp::KeyRing::Impl::exportTrustedPublicKey
PublicKey exportTrustedPublicKey(const PublicKeyData &keyData)
Definition: KeyRing.cc:221
zypp::KeyRing::Impl::publicKeys
std::list< PublicKey > publicKeys()
Definition: KeyRing.cc:208
zypp::KeyRing::Impl::Impl
Impl(const Pathname &baseTmpDir)
Definition: KeyRing.cc:187
zypp::KeyRing::Impl::verifyFile
bool verifyFile(const Pathname &file, const Pathname &signature, const Pathname &keyring)
Definition: KeyRing.cc:609
zypp::KeyRing::Impl::generalKeyRing
const Pathname generalKeyRing() const
Definition: KeyRing.cc:250
zypp::KeyRing::Impl::_general_tmp_dir
filesystem::TmpDir _general_tmp_dir
Definition: KeyRing.cc:257
zypp::KeyRing::Impl::publicKeyData
const std::list< PublicKeyData > & publicKeyData()
Definition: KeyRing.cc:213
zypp::KeyRing::Impl::verifyFileSignature
bool verifyFileSignature(const Pathname &file, const Pathname &signature)
Definition: KeyRing.cc:226
zypp::KeyRing::Impl::trustedPublicKeys
std::list< PublicKey > trustedPublicKeys()
Definition: KeyRing.cc:206
zypp::KeyRing::Impl::verifyFileSignatureWorkflow
bool verifyFileSignatureWorkflow(const Pathname &file, const std::string &filedesc, const Pathname &signature, bool &sigValid_r, const KeyContext &keycontext=KeyContext())
Definition: KeyRing.cc:388
zypp::KeyRing::Impl::cachedPublicKeyData
CachedPublicKeyData cachedPublicKeyData
Functor returning the keyrings data (cached).
Definition: KeyRing.cc:266
zypp::KeyRing::Impl::readSignatureKeyId
std::string readSignatureKeyId(const Pathname &signature)
Definition: KeyRing.cc:571
zypp::KeyRing::Impl::publicKeyData
const std::list< PublicKeyData > & publicKeyData(const Pathname &keyring)
Definition: KeyRing.cc:244
zypp::KeyRing::Impl::multiKeyImport
void multiKeyImport(const Pathname &keyfile_r, bool trusted_r=false)
Definition: KeyRing.cc:291
zypp::KeyRing::Impl::deleteKey
void deleteKey(const std::string &id, bool trusted)
Definition: KeyRing.cc:296
zypp::KeyRing::Impl::trustedKeyRing
const Pathname trustedKeyRing() const
Definition: KeyRing.cc:252
zypp::KeyRing::Impl::dumpPublicKeyToTmp
filesystem::TmpFile dumpPublicKeyToTmp(const std::string &id, const Pathname &keyring)
Definition: KeyRing.cc:377
zypp::KeyRing::Impl::_base_dir
Pathname _base_dir
Definition: KeyRing.cc:258
zypp::KeyRing::Impl::_trusted_tmp_dir
filesystem::TmpDir _trusted_tmp_dir
Definition: KeyRing.cc:256
zypp::KeyRing::Impl::isKeyTrusted
bool isKeyTrusted(const std::string &id)
Definition: KeyRing.cc:201
zypp::KeyRing::Impl::dumpPublicKey
void dumpPublicKey(const std::string &id, bool trusted, std::ostream &stream)
Definition: KeyRing.cc:216
zypp::str::Format
Convenient building of std::string with boost::format.
Definition: String.h:249