libzypp  14.29.1
KeyRing.cc
Go to the documentation of this file.
1 /*---------------------------------------------------------------------\
2 | ____ _ __ __ ___ |
3 | |__ / \ / / . \ . \ |
4 | / / \ V /| _/ _/ |
5 | / /__ | | | | | | |
6 | /_____||_| |_| |_| |
7 | |
8 \---------------------------------------------------------------------*/
12 #include <iostream>
13 #include <fstream>
14 #include <sys/file.h>
15 #include <cstdio>
16 #include <unistd.h>
17 
18 #include <boost/format.hpp>
19 
20 #include "zypp/TmpPath.h"
21 #include "zypp/ZYppFactory.h"
22 #include "zypp/ZYpp.h"
23 
24 #include "zypp/base/LogTools.h"
25 #include "zypp/base/IOStream.h"
26 #include "zypp/base/String.h"
27 #include "zypp/base/Regex.h"
28 #include "zypp/base/Gettext.h"
29 #include "zypp/base/WatchFile.h"
30 #include "zypp/PathInfo.h"
31 #include "zypp/KeyRing.h"
32 #include "zypp/ExternalProgram.h"
33 #include "zypp/TmpPath.h"
34 
35 using std::endl;
36 
37 #undef ZYPP_BASE_LOGGER_LOGGROUP
38 #define ZYPP_BASE_LOGGER_LOGGROUP "zypp::KeyRing"
39 
40 #define GPG_BINARY "/usr/bin/gpg2"
41 
43 namespace zypp
44 {
45 
46  IMPL_PTR_TYPE(KeyRing);
47 
48  namespace
49  {
50  KeyRing::DefaultAccept _keyRingDefaultAccept( KeyRing::ACCEPT_NOTHING );
51  }
52 
53  KeyRing::DefaultAccept KeyRing::defaultAccept()
54  { return _keyRingDefaultAccept; }
55 
56  void KeyRing::setDefaultAccept( DefaultAccept value_r )
57  {
58  MIL << "Set new KeyRing::DefaultAccept: " << value_r << endl;
59  _keyRingDefaultAccept = value_r;
60  }
61 
62  void KeyRingReport::infoVerify( const std::string & file_r, const PublicKeyData & keyData_r, const KeyContext & keycontext )
63  {}
64 
65  bool KeyRingReport::askUserToAcceptUnsignedFile( const std::string & file, const KeyContext & keycontext )
66  { return _keyRingDefaultAccept.testFlag( KeyRing::ACCEPT_UNSIGNED_FILE ); }
67 
68  KeyRingReport::KeyTrust
69  KeyRingReport::askUserToAcceptKey( const PublicKey & key, const KeyContext & keycontext )
70  {
71  if ( _keyRingDefaultAccept.testFlag( KeyRing::TRUST_KEY_TEMPORARILY ) )
72  return KEY_TRUST_TEMPORARILY;
73  if ( _keyRingDefaultAccept.testFlag( KeyRing::TRUST_AND_IMPORT_KEY ) )
74  return KEY_TRUST_AND_IMPORT;
75  return KEY_DONT_TRUST;
76  }
77 
78  bool KeyRingReport::askUserToAcceptUnknownKey( const std::string & file, const std::string & id, const KeyContext & keycontext )
79  { return _keyRingDefaultAccept.testFlag( KeyRing::ACCEPT_UNKNOWNKEY ); }
80 
81  bool KeyRingReport::askUserToAcceptVerificationFailed( const std::string & file, const PublicKey & key, const KeyContext & keycontext )
82  { return _keyRingDefaultAccept.testFlag( KeyRing::ACCEPT_VERIFICATION_FAILED ); }
83 
84  namespace
85  {
93  struct CachedPublicKeyData // : private base::NonCopyable - but KeyRing uses RWCOW though also NonCopyable :(
94  {
95  const std::list<PublicKeyData> & operator()( const Pathname & keyring_r ) const
96  { return getData( keyring_r ); }
97 
98  private:
99  struct Cache
100  {
101  scoped_ptr<WatchFile> _keyringP;
102  std::list<PublicKeyData> _data;
103 
104  // Empty copy ctor to allow insert into std::map as
105  // scoped_ptr is noncopyable.
106  Cache() {}
107  Cache( const Cache & rhs ) {}
108  };
109 
110  typedef std::map<Pathname,Cache> CacheMap;
111 
112  const std::list<PublicKeyData> & getData( const Pathname & keyring_r ) const
113  {
114  Cache & cache( _cacheMap[keyring_r] );
115  if ( ! cache._keyringP )
116  {
117  // init new cache entry
118  cache._keyringP.reset( new WatchFile( keyring_r/"pubring.gpg", WatchFile::NO_INIT ) );
119  }
120  return getData( keyring_r, cache );
121  }
122 
123  const std::list<PublicKeyData> & getData( const Pathname & keyring_r, Cache & cache_r ) const
124  {
125  if ( cache_r._keyringP->hasChanged() )
126  {
127  const char* argv[] =
128  {
129  GPG_BINARY,
130  "--list-public-keys",
131  "--homedir", keyring_r.c_str(),
132  "--no-default-keyring",
133  "--quiet",
134  "--with-colons",
135  "--fixed-list-mode",
136  "--with-fingerprint",
137  "--with-sig-list",
138  "--no-tty",
139  "--no-greeting",
140  "--batch",
141  "--status-fd", "1",
142  NULL
143  };
144 
145  PublicKeyScanner scanner;
146  ExternalProgram prog( argv ,ExternalProgram::Discard_Stderr, false, -1, true );
147  for( std::string line = prog.receiveLine(); !line.empty(); line = prog.receiveLine() )
148  {
149  scanner.scan( line );
150  }
151  prog.close();
152 
153  cache_r._data.swap( scanner._keys );
154  MIL << "Found keys: " << cache_r._data << endl;
155  }
156  return cache_r._data;
157  }
158 
159  mutable CacheMap _cacheMap;
160  };
162  }
163 
165  //
166  // CLASS NAME : KeyRing::Impl
167  //
169  struct KeyRing::Impl
170  {
171  Impl( const Pathname & baseTmpDir )
172  : _trusted_tmp_dir( baseTmpDir, "zypp-trusted-kr" )
173  , _general_tmp_dir( baseTmpDir, "zypp-general-kr" )
174  , _base_dir( baseTmpDir )
175  {
176  MIL << "Current KeyRing::DefaultAccept: " << _keyRingDefaultAccept << endl;
177  }
178 
179  void importKey( const PublicKey & key, bool trusted = false );
180  void multiKeyImport( const Pathname & keyfile_r, bool trusted_r = false );
181  void deleteKey( const std::string & id, bool trusted );
182 
183  std::string readSignatureKeyId( const Pathname & signature );
184 
185  bool isKeyTrusted( const std::string & id )
186  { return bool(publicKeyExists( id, trustedKeyRing() )); }
187  bool isKeyKnown( const std::string & id )
188  { return publicKeyExists( id, trustedKeyRing() ) || publicKeyExists( id, generalKeyRing() ); }
189 
190  std::list<PublicKey> trustedPublicKeys()
191  { return publicKeys( trustedKeyRing() ); }
192  std::list<PublicKey> publicKeys()
193  { return publicKeys( generalKeyRing() ); }
194 
195  const std::list<PublicKeyData> & trustedPublicKeyData()
196  { return publicKeyData( trustedKeyRing() ); }
197  const std::list<PublicKeyData> & publicKeyData()
198  { return publicKeyData( generalKeyRing() ); }
199 
200  void dumpPublicKey( const std::string & id, bool trusted, std::ostream & stream )
201  { dumpPublicKey( id, ( trusted ? trustedKeyRing() : generalKeyRing() ), stream ); }
202 
203  PublicKey exportPublicKey( const PublicKeyData & keyData )
204  { return exportKey( keyData, generalKeyRing() ); }
205  PublicKey exportTrustedPublicKey( const PublicKeyData & keyData )
206  { return exportKey( keyData, trustedKeyRing() ); }
207 
208  bool verifyFileSignatureWorkflow(
209  const Pathname & file,
210  const std::string & filedesc,
211  const Pathname & signature,
212  const KeyContext & keycontext = KeyContext());
213 
214  bool verifyFileSignature( const Pathname & file, const Pathname & signature )
215  { return verifyFile( file, signature, generalKeyRing() ); }
216  bool verifyFileTrustedSignature( const Pathname & file, const Pathname & signature )
217  { return verifyFile( file, signature, trustedKeyRing() ); }
218 
219  private:
220  bool verifyFile( const Pathname & file, const Pathname & signature, const Pathname & keyring );
221  void importKey( const Pathname & keyfile, const Pathname & keyring );
222 
223  PublicKey exportKey( const std::string & id, const Pathname & keyring );
224  PublicKey exportKey( const PublicKeyData & keyData, const Pathname & keyring );
225 
226  void dumpPublicKey( const std::string & id, const Pathname & keyring, std::ostream & stream );
227  filesystem::TmpFile dumpPublicKeyToTmp( const std::string & id, const Pathname & keyring );
228 
229  void deleteKey( const std::string & id, const Pathname & keyring );
230 
231  std::list<PublicKey> publicKeys( const Pathname & keyring);
232  const std::list<PublicKeyData> & publicKeyData( const Pathname & keyring )
233  { return cachedPublicKeyData( keyring ); }
234 
236  PublicKeyData publicKeyExists( const std::string & id, const Pathname & keyring );
237 
238  const Pathname generalKeyRing() const
239  { return _general_tmp_dir.path(); }
240  const Pathname trustedKeyRing() const
241  { return _trusted_tmp_dir.path(); }
242 
243  // Used for trusted and untrusted keyrings
244  filesystem::TmpDir _trusted_tmp_dir;
245  filesystem::TmpDir _general_tmp_dir;
246  Pathname _base_dir;
247 
248  private:
254  CachedPublicKeyData cachedPublicKeyData;
255  };
257 
258 
259  void KeyRing::Impl::importKey( const PublicKey & key, bool trusted )
260  {
261  importKey( key.path(), trusted ? trustedKeyRing() : generalKeyRing() );
262 
263  if ( trusted )
264  {
265  callback::SendReport<target::rpm::KeyRingSignals> rpmdbEmitSignal;
266  callback::SendReport<KeyRingSignals> emitSignal;
267 
268  rpmdbEmitSignal->trustedKeyAdded( key );
269  emitSignal->trustedKeyAdded( key );
270  }
271  }
272 
273  void KeyRing::Impl::multiKeyImport( const Pathname & keyfile_r, bool trusted_r )
274  {
275  importKey( keyfile_r, trusted_r ? trustedKeyRing() : generalKeyRing() );
276  }
277 
278  void KeyRing::Impl::deleteKey( const std::string & id, bool trusted )
279  {
280  PublicKey key;
281 
282  if ( trusted )
283  {
284  key = exportKey( id, trustedKeyRing() );
285  }
286 
287  deleteKey( id, trusted ? trustedKeyRing() : generalKeyRing() );
288 
289  if ( trusted )
290  {
291  callback::SendReport<target::rpm::KeyRingSignals> rpmdbEmitSignal;
292  callback::SendReport<KeyRingSignals> emitSignal;
293 
294  rpmdbEmitSignal->trustedKeyRemoved( key );
295  emitSignal->trustedKeyRemoved( key );
296  }
297  }
298 
299  PublicKeyData KeyRing::Impl::publicKeyExists( const std::string & id, const Pathname & keyring )
300  {
301  MIL << "Searching key [" << id << "] in keyring " << keyring << endl;
302  const std::list<PublicKeyData> & keys( publicKeyData( keyring ) );
303  for_( it, keys.begin(), keys.end() )
304  {
305  if ( id == (*it).id() )
306  {
307  return *it;
308  }
309  }
310  return PublicKeyData();
311  }
312 
313  PublicKey KeyRing::Impl::exportKey( const PublicKeyData & keyData, const Pathname & keyring )
314  {
315  return PublicKey( dumpPublicKeyToTmp( keyData.id(), keyring ), keyData );
316  }
317 
318  PublicKey KeyRing::Impl::exportKey( const std::string & id, const Pathname & keyring )
319  {
320  PublicKeyData keyData( publicKeyExists( id, keyring ) );
321  if ( keyData )
322  return PublicKey( dumpPublicKeyToTmp( keyData.id(), keyring ), keyData );
323 
324  // Here: key not found
325  WAR << "No key " << id << " to export from " << keyring << endl;
326  return PublicKey();
327  }
328 
329 
330  void KeyRing::Impl::dumpPublicKey( const std::string & id, const Pathname & keyring, std::ostream & stream )
331  {
332  const char* argv[] =
333  {
334  GPG_BINARY,
335  "-a",
336  "--export",
337  "--homedir", keyring.asString().c_str(),
338  "--no-default-keyring",
339  "--quiet",
340  "--no-tty",
341  "--no-greeting",
342  "--no-permission-warning",
343  "--batch",
344  id.c_str(),
345  NULL
346  };
347  ExternalProgram prog( argv,ExternalProgram::Discard_Stderr, false, -1, true );
348  for ( std::string line = prog.receiveLine(); !line.empty(); line = prog.receiveLine() )
349  {
350  stream << line;
351  }
352  prog.close();
353  }
354 
355  filesystem::TmpFile KeyRing::Impl::dumpPublicKeyToTmp( const std::string & id, const Pathname & keyring )
356  {
357  filesystem::TmpFile tmpFile( _base_dir, "pubkey-"+id+"-" );
358  MIL << "Going to export key " << id << " from " << keyring << " to " << tmpFile.path() << endl;
359 
360  std::ofstream os( tmpFile.path().c_str() );
361  dumpPublicKey( id, keyring, os );
362  os.close();
363  return tmpFile;
364  }
365 
366  bool KeyRing::Impl::verifyFileSignatureWorkflow(
367  const Pathname & file,
368  const std::string & filedesc,
369  const Pathname & signature,
370  const KeyContext & context )
371  {
372  callback::SendReport<KeyRingReport> report;
373  MIL << "Going to verify signature for " << filedesc << " ( " << file << " ) with " << signature << endl;
374 
375  // if signature does not exists, ask user if he wants to accept unsigned file.
376  if( signature.empty() || (!PathInfo( signature ).isExist()) )
377  {
378  bool res = report->askUserToAcceptUnsignedFile( filedesc, context );
379  MIL << "User decision on unsigned file: " << res << endl;
380  return res;
381  }
382 
383  // get the id of the signature
384  std::string id = readSignatureKeyId( signature );
385 
386  // doeskey exists in trusted keyring
387  PublicKeyData trustedKeyData( publicKeyExists( id, trustedKeyRing() ) );
388  if ( trustedKeyData )
389  {
390  MIL << "Key is trusted: " << trustedKeyData << endl;
391 
392  // lets look if there is an updated key in the
393  // general keyring
394  PublicKeyData generalKeyData( publicKeyExists( id, generalKeyRing() ) );
395  if ( generalKeyData )
396  {
397  // bnc #393160: Comment #30: Compare at least the fingerprint
398  // in case an attacker created a key the the same id.
399  if ( trustedKeyData.fingerprint() == generalKeyData.fingerprint()
400  && trustedKeyData.created() < generalKeyData.created() )
401  {
402  MIL << "Key was updated. Saving new version into trusted keyring: " << generalKeyData << endl;
403  importKey( exportKey( generalKeyData, generalKeyRing() ), true );
404  trustedKeyData = generalKeyData = PublicKeyData(); // invalidated by import.
405  }
406  }
407 
408  if ( ! trustedKeyData ) // invalidated by previous import
409  trustedKeyData = publicKeyExists( id, trustedKeyRing() );
410  report->infoVerify( filedesc, trustedKeyData, context );
411 
412  // it exists, is trusted, does it validates?
413  if ( verifyFile( file, signature, trustedKeyRing() ) )
414  return true;
415  else
416  {
417  return report->askUserToAcceptVerificationFailed( filedesc, exportKey( trustedKeyData, trustedKeyRing() ), context );
418  }
419  }
420  else
421  {
422  PublicKeyData generalKeyData( publicKeyExists( id, generalKeyRing() ) );
423  if ( generalKeyData )
424  {
425  PublicKey key( exportKey( generalKeyData, generalKeyRing() ) );
426  MIL << "Exported key " << id << " to " << key.path() << endl;
427  MIL << "Key " << id << " " << key.name() << " is not trusted" << endl;
428 
429  // ok the key is not trusted, ask the user to trust it or not
430  KeyRingReport::KeyTrust reply = report->askUserToAcceptKey( key, context );
431  if ( reply == KeyRingReport::KEY_TRUST_TEMPORARILY ||
432  reply == KeyRingReport::KEY_TRUST_AND_IMPORT )
433  {
434  MIL << "User wants to trust key " << id << " " << key.name() << endl;
435  //dumpFile( unKey.path() );
436 
437  Pathname whichKeyring;
438  if ( reply == KeyRingReport::KEY_TRUST_AND_IMPORT )
439  {
440  MIL << "User wants to import key " << id << " " << key.name() << endl;
441  importKey( key, true );
442  whichKeyring = trustedKeyRing();
443  }
444  else
445  whichKeyring = generalKeyRing();
446 
447  // emit key added
448  if ( verifyFile( file, signature, whichKeyring ) )
449  {
450  MIL << "File signature is verified" << endl;
451  return true;
452  }
453  else
454  {
455  MIL << "File signature check fails" << endl;
456  if ( report->askUserToAcceptVerificationFailed( filedesc, key, context ) )
457  {
458  MIL << "User continues anyway." << endl;
459  return true;
460  }
461  else
462  {
463  MIL << "User does not want to continue" << endl;
464  return false;
465  }
466  }
467  }
468  else
469  {
470  MIL << "User does not want to trust key " << id << " " << key.name() << endl;
471  return false;
472  }
473  }
474  else
475  {
476  // unknown key...
477  MIL << "File [" << file << "] ( " << filedesc << " ) signed with unknown key [" << id << "]" << endl;
478  if ( report->askUserToAcceptUnknownKey( filedesc, id, context ) )
479  {
480  MIL << "User wants to accept unknown key " << id << endl;
481  return true;
482  }
483  else
484  {
485  MIL << "User does not want to accept unknown key " << id << endl;
486  return false;
487  }
488  }
489  }
490  return false;
491  }
492 
493  std::list<PublicKey> KeyRing::Impl::publicKeys( const Pathname & keyring )
494  {
495  const std::list<PublicKeyData> & keys( publicKeyData( keyring ) );
496  std::list<PublicKey> ret;
497 
498  for_( it, keys.begin(), keys.end() )
499  {
500  PublicKey key( exportKey( *it, keyring ) );
501  ret.push_back( key );
502  MIL << "Found key " << key << endl;
503  }
504  return ret;
505  }
506 
507  void KeyRing::Impl::importKey( const Pathname & keyfile, const Pathname & keyring )
508  {
509  if ( ! PathInfo( keyfile ).isExist() )
510  // TranslatorExplanation first %s is key name, second is keyring name
511  ZYPP_THROW(KeyRingException(boost::str(boost::format(
512  _("Tried to import not existent key %s into keyring %s"))
513  % keyfile.asString() % keyring.asString())));
514 
515  const char* argv[] =
516  {
517  GPG_BINARY,
518  "--import",
519  "--homedir", keyring.asString().c_str(),
520  "--no-default-keyring",
521  "--quiet",
522  "--no-tty",
523  "--no-greeting",
524  "--no-permission-warning",
525  "--status-fd", "1",
526  keyfile.asString().c_str(),
527  NULL
528  };
529 
530  ExternalProgram prog( argv,ExternalProgram::Discard_Stderr, false, -1, true );
531  prog.close();
532  }
533 
534  void KeyRing::Impl::deleteKey( const std::string & id, const Pathname & keyring )
535  {
536  const char* argv[] =
537  {
538  GPG_BINARY,
539  "--delete-keys",
540  "--homedir", keyring.asString().c_str(),
541  "--no-default-keyring",
542  "--yes",
543  "--quiet",
544  "--no-tty",
545  "--batch",
546  "--status-fd", "1",
547  id.c_str(),
548  NULL
549  };
550 
551  ExternalProgram prog( argv,ExternalProgram::Discard_Stderr, false, -1, true );
552 
553  int code = prog.close();
554  if ( code )
555  ZYPP_THROW(Exception(_("Failed to delete key.")));
556  else
557  MIL << "Deleted key " << id << " from keyring " << keyring << endl;
558  }
559 
560 
561  std::string KeyRing::Impl::readSignatureKeyId( const Pathname & signature )
562  {
563  if ( ! PathInfo( signature ).isFile() )
564  ZYPP_THROW(Exception(boost::str(boost::format(
565  _("Signature file %s not found"))% signature.asString())));
566 
567  MIL << "Determining key id if signature " << signature << endl;
568  // HACK create a tmp keyring with no keys
569  filesystem::TmpDir dir( _base_dir, "fake-keyring" );
570 
571  const char* argv[] =
572  {
573  GPG_BINARY,
574  "--homedir", dir.path().asString().c_str(),
575  "--no-default-keyring",
576  "--quiet",
577  "--no-tty",
578  "--no-greeting",
579  "--batch",
580  "--status-fd", "1",
581  signature.asString().c_str(),
582  NULL
583  };
584 
585  ExternalProgram prog( argv,ExternalProgram::Discard_Stderr, false, -1, true );
586 
587  std::string line;
588  int count = 0;
589 
590  str::regex rxNoKey( "^\\[GNUPG:\\] NO_PUBKEY (.+)\n$" );
591  std::string id;
592  for( line = prog.receiveLine(), count=0; !line.empty(); line = prog.receiveLine(), count++ )
593  {
594  //MIL << "[" << line << "]" << endl;
595  str::smatch what;
596  if( str::regex_match( line, what, rxNoKey ) )
597  {
598  if ( what.size() >= 1 )
599  {
600  id = what[1];
601  break;
602  }
603  //dumpRegexpResults( what );
604  }
605  }
606 
607  if ( count == 0 )
608  {
609  MIL << "no output" << endl;
610  }
611 
612  MIL << "Determined key id [" << id << "] for signature " << signature << endl;
613  prog.close();
614  return id;
615  }
616 
617  bool KeyRing::Impl::verifyFile( const Pathname & file, const Pathname & signature, const Pathname & keyring )
618  {
619  const char* argv[] =
620  {
621  GPG_BINARY,
622  "--verify",
623  "--homedir", keyring.asString().c_str(),
624  "--no-default-keyring",
625  "--quiet",
626  "--no-tty",
627  "--batch",
628  "--no-greeting",
629  "--status-fd", "1",
630  signature.asString().c_str(),
631  file.asString().c_str(),
632  NULL
633  };
634 
635  // no need to parse output for now
636  // [GNUPG:] SIG_ID yCc4u223XRJnLnVAIllvYbUd8mQ 2006-03-29 1143618744
637  // [GNUPG:] GOODSIG A84EDAE89C800ACA SuSE Package Signing Key <build@suse.de>
638  // gpg: Good signature from "SuSE Package Signing Key <build@suse.de>"
639  // [GNUPG:] VALIDSIG 79C179B2E1C820C1890F9994A84EDAE89C800ACA 2006-03-29 1143618744 0 3 0 17 2 00 79C179B2E1C820C1890F9994A84EDAE89C800ACA
640  // [GNUPG:] TRUST_UNDEFINED
641 
642  // [GNUPG:] ERRSIG A84EDAE89C800ACA 17 2 00 1143618744 9
643  // [GNUPG:] NO_PUBKEY A84EDAE89C800ACA
644 
645  ExternalProgram prog( argv,ExternalProgram::Discard_Stderr, false, -1, true );
646 
647  return ( prog.close() == 0 ) ? true : false;
648  }
649 
651 
653  //
654  // CLASS NAME : KeyRing
655  //
657 
658  KeyRing::KeyRing( const Pathname & baseTmpDir )
659  : _pimpl( new Impl( baseTmpDir ) )
660  {}
661 
662  KeyRing::~KeyRing()
663  {}
664 
665 
666  void KeyRing::importKey( const PublicKey & key, bool trusted )
667  { _pimpl->importKey( key, trusted ); }
668 
669  void KeyRing::multiKeyImport( const Pathname & keyfile_r, bool trusted_r )
670  { _pimpl->multiKeyImport( keyfile_r, trusted_r ); }
671 
672  std::string KeyRing::readSignatureKeyId( const Pathname & signature )
673  { return _pimpl->readSignatureKeyId( signature ); }
674 
675  void KeyRing::deleteKey( const std::string & id, bool trusted )
676  { _pimpl->deleteKey( id, trusted ); }
677 
678  std::list<PublicKey> KeyRing::publicKeys()
679  { return _pimpl->publicKeys(); }
680 
681  std:: list<PublicKey> KeyRing::trustedPublicKeys()
682  { return _pimpl->trustedPublicKeys(); }
683 
684  std::list<PublicKeyData> KeyRing::publicKeyData()
685  { return _pimpl->publicKeyData(); }
686 
687  std::list<PublicKeyData> KeyRing::trustedPublicKeyData()
688  { return _pimpl->trustedPublicKeyData(); }
689 
690  bool KeyRing::verifyFileSignatureWorkflow(
691  const Pathname & file,
692  const std::string filedesc,
693  const Pathname & signature,
694  const KeyContext & keycontext )
695  { return _pimpl->verifyFileSignatureWorkflow( file, filedesc, signature, keycontext ); }
696 
697  bool KeyRing::verifyFileSignature( const Pathname & file, const Pathname & signature )
698  { return _pimpl->verifyFileSignature( file, signature ); }
699 
700  bool KeyRing::verifyFileTrustedSignature( const Pathname & file, const Pathname & signature )
701  { return _pimpl->verifyFileTrustedSignature( file, signature ); }
702 
703  void KeyRing::dumpPublicKey( const std::string & id, bool trusted, std::ostream & stream )
704  { _pimpl->dumpPublicKey( id, trusted, stream ); }
705 
706  PublicKey KeyRing::exportPublicKey( const PublicKeyData & keyData )
707  { return _pimpl->exportPublicKey( keyData ); }
708 
709  PublicKey KeyRing::exportTrustedPublicKey( const PublicKeyData & keyData )
710  { return _pimpl->exportTrustedPublicKey( keyData ); }
711 
712  bool KeyRing::isKeyTrusted( const std::string & id )
713  { return _pimpl->isKeyTrusted( id ); }
714 
715  bool KeyRing::isKeyKnown( const std::string & id )
716  { return _pimpl->isKeyKnown( id ); }
717 
719 } // namespace zypp
zypp::KeyRing::importKey
void importKey(const PublicKey &key, bool trusted=false)
imports a key from a file.
Definition: KeyRing.cc:666
zypp::KeyRing::Impl::publicKeyData
const std::list< PublicKeyData > & publicKeyData()
Definition: KeyRing.cc:197
Gettext.h
Interface to gettext.
MIL
#define MIL
Definition: Logger.h:47
zypp::KeyRing::exportTrustedPublicKey
PublicKey exportTrustedPublicKey(const PublicKeyData &keyData)
Export a trusted public key identified by its key data.
Definition: KeyRing.cc:709
zypp::KeyRing::Impl::exportPublicKey
PublicKey exportPublicKey(const PublicKeyData &keyData)
Definition: KeyRing.cc:203
zypp::KeyRing::Impl::trustedKeyRing
const Pathname trustedKeyRing() const
Definition: KeyRing.cc:240
zypp::KeyRing::Impl::dumpPublicKey
void dumpPublicKey(const std::string &id, bool trusted, std::ostream &stream)
Definition: KeyRing.cc:200
zypp::KeyRing::Impl::deleteKey
void deleteKey(const std::string &id, bool trusted)
Definition: KeyRing.cc:278
zypp::KeyRing::Impl::exportKey
PublicKey exportKey(const std::string &id, const Pathname &keyring)
Definition: KeyRing.cc:318
zypp::KeyRing::Impl::isKeyTrusted
bool isKeyTrusted(const std::string &id)
Definition: KeyRing.cc:185
zypp::KeyRing::verifyFileSignatureWorkflow
bool verifyFileSignatureWorkflow(const Pathname &file, const std::string filedesc, const Pathname &signature, const KeyContext &keycontext=KeyContext())
Follows a signature verification interacting with the user.
Definition: KeyRing.cc:690
ZYPP_THROW
#define ZYPP_THROW(EXCPT)
Drops a logline and throws the Exception.
Definition: Exception.h:320
zypp::KeyRing::Impl::trustedPublicKeyData
const std::list< PublicKeyData > & trustedPublicKeyData()
Definition: KeyRing.cc:195
zypp::str::regex
Regular expression.
Definition: Regex.h:86
zypp::filesystem::TmpPath::path
Pathname path() const
Definition: TmpPath.cc:146
zypp::KeyRingReport::KEY_TRUST_TEMPORARILY
This basically means, we knew the key, but it was not trusted.
Definition: KeyRing.h:61
zypp::KeyRing::exportPublicKey
PublicKey exportPublicKey(const PublicKeyData &keyData)
Export a public key identified by its key data.
Definition: KeyRing.cc:706
zypp::PublicKeyData
Class representing one GPG Public Keys data.
Definition: PublicKey.h:74
zypp::filesystem::Pathname::asString
const std::string & asString() const
String representation.
Definition: Pathname.h:90
zypp::KeyRing::Impl::isKeyKnown
bool isKeyKnown(const std::string &id)
Definition: KeyRing.cc:187
zypp::KeyRing::dumpPublicKey
void dumpPublicKey(const std::string &id, bool trusted, std::ostream &stream)
Definition: KeyRing.cc:703
zypp::KeyRing::Impl::publicKeyExists
PublicKeyData publicKeyExists(const std::string &id, const Pathname &keyring)
Get PublicKeyData for ID (false if ID is not found).
Definition: KeyRing.cc:299
zypp::KeyRing::Impl::multiKeyImport
void multiKeyImport(const Pathname &keyfile_r, bool trusted_r=false)
Definition: KeyRing.cc:273
zypp::KeyRing::trustedPublicKeys
std::list< PublicKey > trustedPublicKeys()
Get a list of trusted public keys in the keyring (incl.
Definition: KeyRing.cc:681
zypp::KeyRing::Impl::verifyFile
bool verifyFile(const Pathname &file, const Pathname &signature, const Pathname &keyring)
Definition: KeyRing.cc:617
zypp::KeyRingReport::askUserToAcceptUnsignedFile
virtual bool askUserToAcceptUnsignedFile(const std::string &file, const KeyContext &keycontext=KeyContext())
Definition: KeyRing.cc:65
zypp::KeyRing::KeyRing
KeyRing(const Pathname &baseTmpDir)
Default ctor.
Definition: KeyRing.cc:658
scoped_ptr
zypp::KeyRing::trustedPublicKeyData
std::list< PublicKeyData > trustedPublicKeyData()
Get a list of trusted public key data in the keyring (key data only)
Definition: KeyRing.cc:687
for_
#define for_(IT, BEG, END)
Convenient for-loops using iterator.
Definition: Easy.h:27
zypp::filesystem::TmpFile
Provide a new empty temporary file and delete it when no longer needed.
Definition: TmpPath.h:126
zypp::KeyRingReport::askUserToAcceptUnknownKey
virtual bool askUserToAcceptUnknownKey(const std::string &file, const std::string &id, const KeyContext &keycontext=KeyContext())
we DONT know the key, only its id, but we have never seen it, the difference with trust key is that i...
Definition: KeyRing.cc:78
zypp::KeyRing::Impl::cachedPublicKeyData
CachedPublicKeyData cachedPublicKeyData
Functor returning the keyrings data (cached).
Definition: KeyRing.cc:254
zypp::KeyRingReport::infoVerify
virtual void infoVerify(const std::string &file_r, const PublicKeyData &keyData_r, const KeyContext &keycontext=KeyContext())
Informal callback showing the trusted key that will be used for verification.
Definition: KeyRing.cc:62
zypp::str::smatch::size
unsigned size() const
Definition: Regex.cc:87
zypp::KeyRing::Impl::exportTrustedPublicKey
PublicKey exportTrustedPublicKey(const PublicKeyData &keyData)
Definition: KeyRing.cc:205
zypp::KeyRingReport::KeyTrust
KeyTrust
User reply options for the askUserToTrustKey callback.
Definition: KeyRing.h:51
zypp::KeyRing::~KeyRing
~KeyRing()
Dtor.
Definition: KeyRing.cc:662
zypp::PublicKey::path
Pathname path() const
File containig the ASCII armored key.
Definition: PublicKey.cc:446
zypp::KeyRing::setDefaultAccept
static void setDefaultAccept(DefaultAccept value_r)
Set the active accept bits.
Definition: KeyRing.cc:56
zypp::filesystem::TmpDir
Provide a new empty temporary directory and recursively delete it when no longer needed.
Definition: TmpPath.h:170
zypp::KeyRing::Impl::_trusted_tmp_dir
filesystem::TmpDir _trusted_tmp_dir
Definition: KeyRing.cc:244
zypp::KeyRing::Impl::verifyFileSignature
bool verifyFileSignature(const Pathname &file, const Pathname &signature)
Definition: KeyRing.cc:214
zypp::ExternalProgram
Execute a program and give access to its io An object of this class encapsulates the execution of an ...
Definition: ExternalProgram.h:58
_data
std::list< PublicKeyData > _data
Definition: KeyRing.cc:102
zypp::KeyRing::Impl::dumpPublicKeyToTmp
filesystem::TmpFile dumpPublicKeyToTmp(const std::string &id, const Pathname &keyring)
Definition: KeyRing.cc:355
zypp::filesystem::Pathname::c_str
const char * c_str() const
String representation.
Definition: Pathname.h:109
zypp::PublicKeyData::fingerprint
std::string fingerprint() const
Key fingerprint.
Definition: PublicKey.cc:85
WAR
#define WAR
Definition: Logger.h:48
zypp::IMPL_PTR_TYPE
IMPL_PTR_TYPE(Application)
zypp::KeyRing::Impl
KeyRing implementation.
Definition: KeyRing.cc:169
zypp::KeyRing::Impl::trustedPublicKeys
std::list< PublicKey > trustedPublicKeys()
Definition: KeyRing.cc:190
_keyringP
scoped_ptr< WatchFile > _keyringP
Definition: KeyRing.cc:101
zypp::KeyRing::Impl::importKey
void importKey(const PublicKey &key, bool trusted=false)
Definition: KeyRing.cc:259
_
#define _(MSG)
Return translated text.
Definition: Gettext.h:21
zypp::externalprogram::ExternalDataSource::receiveLine
std::string receiveLine()
Read one line from the input stream.
Definition: ExternalDataSource.cc:126
zypp::KeyRing::Impl::Impl
Impl(const Pathname &baseTmpDir)
Definition: KeyRing.cc:171
zypp::KeyRing::isKeyKnown
bool isKeyKnown(const std::string &id)
true if the key id is knows, that means at least exist on the untrusted keyring
Definition: KeyRing.cc:715
zypp::KeyRing::Impl::_base_dir
Pathname _base_dir
Definition: KeyRing.cc:246
zypp::KeyRing::multiKeyImport
void multiKeyImport(const Pathname &keyfile_r, bool trusted_r=false)
Initial import from RpmDb.
Definition: KeyRing.cc:669
zypp::KeyRing::Impl::generalKeyRing
const Pathname generalKeyRing() const
Definition: KeyRing.cc:238
zypp::KeyRingReport::KEY_DONT_TRUST
User has chosen not to trust the key.
Definition: KeyRing.h:56
zypp::ExternalProgram::close
int close()
Wait for the progamm to complete.
Definition: ExternalProgram.cc:407
zypp::KeyRingReport::askUserToAcceptKey
virtual KeyTrust askUserToAcceptKey(const PublicKey &key, const KeyContext &keycontext=KeyContext())
Ask user to trust and/or import the key to trusted keyring.
Definition: KeyRing.cc:69
zypp::KeyRing::defaultAccept
static DefaultAccept defaultAccept()
Get the active accept bits.
Definition: KeyRing.cc:53
zypp::KeyRing::_pimpl
RW_pointer< Impl > _pimpl
Pointer to implementation.
Definition: KeyRing.h:288
zypp::str::smatch
Regular expression match result.
Definition: Regex.h:145
zypp::PublicKey
Class representing one GPG Public Key (PublicKeyData + ASCII armored in a tempfile).
Definition: PublicKey.h:208
zypp::KeyRing::publicKeyData
std::list< PublicKeyData > publicKeyData()
Get a list of public key data in the keyring (key data only)
Definition: KeyRing.cc:684
zypp::Exception
Base class for Exception.
Definition: Exception.h:143
report
callback::SendReport< DownloadProgressReport > * report
Definition: MediaCurl.cc:178
zypp::KeyRing::Impl::publicKeys
std::list< PublicKey > publicKeys()
Definition: KeyRing.cc:192
zypp::KeyRing::Impl::verifyFileSignatureWorkflow
bool verifyFileSignatureWorkflow(const Pathname &file, const std::string &filedesc, const Pathname &signature, const KeyContext &keycontext=KeyContext())
Definition: KeyRing.cc:366
zypp::PublicKeyData::id
std::string id() const
Key ID.
Definition: PublicKey.cc:79
zypp::KeyRing::deleteKey
void deleteKey(const std::string &id, bool trusted=false)
removes a key from the keyring.
Definition: KeyRing.cc:675
zypp::KeyRing::verifyFileTrustedSignature
bool verifyFileTrustedSignature(const Pathname &file, const Pathname &signature)
Definition: KeyRing.cc:700
zypp::KeyRing::Impl::verifyFileTrustedSignature
bool verifyFileTrustedSignature(const Pathname &file, const Pathname &signature)
Definition: KeyRing.cc:216
zypp::str::regex_match
bool regex_match(const std::string &s, smatch &matches, const regex &regex)
regex ZYPP_STR_REGEX regex ZYPP_STR_REGEX
Definition: Regex.h:70
zypp::KeyRing::Impl::publicKeyData
const std::list< PublicKeyData > & publicKeyData(const Pathname &keyring)
Definition: KeyRing.cc:232
_cacheMap
CacheMap _cacheMap
Definition: KeyRing.cc:159
GPG_BINARY
#define GPG_BINARY
Definition: KeyRing.cc:40
zypp::KeyRing::isKeyTrusted
bool isKeyTrusted(const std::string &id)
true if the key id is trusted
Definition: KeyRing.cc:712
zypp::PublicKeyData::created
Date created() const
Creation / last modification date (latest selfsig).
Definition: PublicKey.cc:88
zypp
Easy-to use interface to the ZYPP dependency resolver.
Definition: CodePitfalls.doc:1
zypp::KeyRing::readSignatureKeyId
std::string readSignatureKeyId(const Pathname &signature)
reads the public key id from a signature
Definition: KeyRing.cc:672
zypp::KeyRing::verifyFileSignature
bool verifyFileSignature(const Pathname &file, const Pathname &signature)
Verifies a file against a signature, with no user interaction.
Definition: KeyRing.cc:697
zypp::PublicKey::name
std::string name() const
Definition: PublicKey.cc:455
zypp::KeyRing::Impl::readSignatureKeyId
std::string readSignatureKeyId(const Pathname &signature)
Definition: KeyRing.cc:561
zypp::KeyRingReport::askUserToAcceptVerificationFailed
virtual bool askUserToAcceptVerificationFailed(const std::string &file, const PublicKey &key, const KeyContext &keycontext=KeyContext())
The file filedesc is signed but the verification failed.
Definition: KeyRing.cc:81
zypp::KeyRing::publicKeys
std::list< PublicKey > publicKeys()
Get a list of public keys in the keyring (incl.
Definition: KeyRing.cc:678
zypp::KeyRing::Impl::_general_tmp_dir
filesystem::TmpDir _general_tmp_dir
Definition: KeyRing.cc:245