From 9a9514e665c30554a4d72c7c79475af315b83dc3 Mon Sep 17 00:00:00 2001 Message-Id: <9a9514e665c30554a4d72c7c79475af315b83dc3.1683531413.git.pmatilai@redhat.com> From: Panu Matilainen Date: Mon, 8 May 2023 09:26:46 +0300 Subject: [PATCH] Forward-port obsoleted crypto needed by current libdnf Provide the minimum required bits to allow the old PackageKit-inherited signature in libdnf to work until the switch to dnf5 happens, allegedly during this release cycle. --- include/rpm/rpmkeyring.h | 4 ++++ include/rpm/rpmpgp.h | 15 ++++++++++++ rpmio/rpmkeyring.c | 52 ++++++++++++++++++++++++++++++++++++++++ rpmio/rpmpgp_sequoia.c | 11 +++++++++ 4 files changed, 82 insertions(+) diff --git a/include/rpm/rpmkeyring.h b/include/rpm/rpmkeyring.h index 3d8d55773..c84292ff8 100644 --- a/include/rpm/rpmkeyring.h +++ b/include/rpm/rpmkeyring.h @@ -101,6 +101,10 @@ char * rpmPubkeyBase64(rpmPubkey key); */ pgpDigParams rpmPubkeyPgpDigParams(rpmPubkey key); +/* Obsolete APIs required by libdnf, do not use */ +rpmRC rpmKeyringLookup(rpmKeyring keyring, pgpDig sig); +pgpDig rpmPubkeyDig(rpmPubkey key); + #ifdef __cplusplus } #endif diff --git a/include/rpm/rpmpgp.h b/include/rpm/rpmpgp.h index 675cbad73..f83642c18 100644 --- a/include/rpm/rpmpgp.h +++ b/include/rpm/rpmpgp.h @@ -1225,6 +1225,21 @@ int pgpSignatureType(pgpDigParams sig); */ char *pgpIdentItem(pgpDigParams digp); +/* Obsolete APIs required by libdnf, do not use */ +typedef struct pgpDig_s * pgpDig; + +RPM_GNUC_DEPRECATED +pgpDig pgpNewDig(void); + +RPM_GNUC_DEPRECATED +pgpDig pgpFreeDig(pgpDig dig); + +RPM_GNUC_DEPRECATED +pgpDigParams pgpDigGetParams(pgpDig dig, unsigned int pkttype); + +RPM_GNUC_DEPRECATED +int pgpPrtPkts(const uint8_t *pkts, size_t pktlen, pgpDig dig, int printing); + #ifdef __cplusplus } #endif diff --git a/rpmio/rpmkeyring.c b/rpmio/rpmkeyring.c index e3eb9e6ea..464163895 100644 --- a/rpmio/rpmkeyring.c +++ b/rpmio/rpmkeyring.c @@ -289,3 +289,55 @@ rpmRC rpmKeyringVerifySig(rpmKeyring keyring, pgpDigParams sig, DIGEST_CTX ctx) return rc; } + +rpmRC rpmKeyringLookup(rpmKeyring keyring, pgpDig sig) +{ + pthread_rwlock_rdlock(&keyring->lock); + + rpmRC res = RPMRC_NOKEY; + pgpDigParams sigp = pgpDigGetParams(sig, PGPTAG_SIGNATURE); + rpmPubkey key = findbySig(keyring, sigp); + + if (key) { + /* + * Callers expect sig to have the key data parsed into pgpDig + * on (successful) return, sigh. No need to check for return + * here as this is validated at rpmPubkeyNew() already. + */ + pgpPrtPkts(key->pkt, key->pktlen, sig, _print_pkts); + res = RPMRC_OK; + } + + pthread_rwlock_unlock(&keyring->lock); + return res; +} + +pgpDig rpmPubkeyDig(rpmPubkey key) +{ + pgpDig dig = NULL; + static unsigned char zeros[] = + { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; + int rc; + if (key == NULL) + return NULL; + + dig = pgpNewDig(); + + pthread_rwlock_rdlock(&key->lock); + rc = pgpPrtPkts(key->pkt, key->pktlen, dig, _print_pkts); + pthread_rwlock_unlock(&key->lock); + + if (rc == 0) { + pgpDigParams pubp = pgpDigGetParams(dig, PGPTAG_PUBLIC_KEY); + if (!pubp || !memcmp(pgpDigParamsSignID(pubp), zeros, sizeof(zeros)) || + pgpDigParamsCreationTime(pubp) == 0 || + pgpDigParamsUserID(pubp) == NULL) { + rc = -1; + } + } + + if (rc) + dig = pgpFreeDig(dig); + + return dig; +} diff --git a/rpmio/rpmpgp_sequoia.c b/rpmio/rpmpgp_sequoia.c index d0b673953..0c1c848dc 100644 --- a/rpmio/rpmpgp_sequoia.c +++ b/rpmio/rpmpgp_sequoia.c @@ -80,3 +80,14 @@ W(int, rpmDigestUpdate, (DIGEST_CTX ctx, const void * data, size_t len), W(int, rpmDigestFinal, (DIGEST_CTX ctx, void ** datap, size_t *lenp, int asAscii), (ctx, datap, lenp, asAscii)) + +// Minimal backport of APIs required by libdnf until dnf5 takes over +W(int, pgpPrtPkts, + (const uint8_t *pkts, size_t pktlen, pgpDig dig, int printing), + (pkts, pktlen, dig, printing)) +W(pgpDig, pgpNewDig, (void), ()) +W(pgpDig, pgpFreeDig, (pgpDig dig), (dig)) +W(pgpDigParams, pgpDigGetParams, + (pgpDig dig, unsigned int pkttype), + (dig, pkttype)) + -- 2.40.1