libzypp 17.25.7
KeyRing.cc
Go to the documentation of this file.
1/*---------------------------------------------------------------------\
2| ____ _ __ __ ___ |
3| |__ / \ / / . \ . \ |
4| / / \ V /| _/ _/ |
5| / /__ | | | | | | |
6| /_____||_| |_| |_| |
7| |
8\---------------------------------------------------------------------*/
12#include <iostream>
13#include <fstream>
14#include <sys/file.h>
15#include <cstdio>
16#include <unistd.h>
17
18#include <zypp/TmpPath.h>
19#include <zypp/ZYppFactory.h>
20#include <zypp/ZYpp.h>
21
22#include <zypp/base/LogTools.h>
23#include <zypp/base/IOStream.h>
24#include <zypp/base/String.h>
25#include <zypp/base/Regex.h>
26#include <zypp/base/Gettext.h>
27#include <zypp/base/WatchFile.h>
28#include <zypp/PathInfo.h>
29#include <zypp/KeyRing.h>
30#include <zypp/ExternalProgram.h>
31#include <zypp/TmpPath.h>
32#include <zypp/ZYppCallbacks.h> // JobReport::instance
33#include <zypp/KeyManager.h>
34
35using std::endl;
36
37#undef ZYPP_BASE_LOGGER_LOGGROUP
38#define ZYPP_BASE_LOGGER_LOGGROUP "zypp::KeyRing"
39
41namespace zypp
42{
43
44 IMPL_PTR_TYPE(KeyRing);
45
46 namespace
47 {
48 KeyRing::DefaultAccept _keyRingDefaultAccept( KeyRing::ACCEPT_NOTHING );
49 }
50
51 KeyRing::DefaultAccept KeyRing::defaultAccept()
52 { return _keyRingDefaultAccept; }
53
54 void KeyRing::setDefaultAccept( DefaultAccept value_r )
55 {
56 MIL << "Set new KeyRing::DefaultAccept: " << value_r << endl;
57 _keyRingDefaultAccept = value_r;
58 }
59
60 void KeyRingReport::infoVerify( const std::string & file_r, const PublicKeyData & keyData_r, const KeyContext & keycontext )
61 {}
62
63 bool KeyRingReport::askUserToAcceptUnsignedFile( const std::string & file, const KeyContext & keycontext )
64 { return _keyRingDefaultAccept.testFlag( KeyRing::ACCEPT_UNSIGNED_FILE ); }
65
66 KeyRingReport::KeyTrust
67 KeyRingReport::askUserToAcceptKey( const PublicKey & key, const KeyContext & keycontext )
68 {
69 if ( _keyRingDefaultAccept.testFlag( KeyRing::TRUST_KEY_TEMPORARILY ) )
70 return KEY_TRUST_TEMPORARILY;
71 if ( _keyRingDefaultAccept.testFlag( KeyRing::TRUST_AND_IMPORT_KEY ) )
72 return KEY_TRUST_AND_IMPORT;
73 return KEY_DONT_TRUST;
74 }
75
76 bool KeyRingReport::askUserToAcceptUnknownKey( const std::string & file, const std::string & id, const KeyContext & keycontext )
77 { return _keyRingDefaultAccept.testFlag( KeyRing::ACCEPT_UNKNOWNKEY ); }
78
79 bool KeyRingReport::askUserToAcceptVerificationFailed( const std::string & file, const PublicKey & key, const KeyContext & keycontext )
80 { return _keyRingDefaultAccept.testFlag( KeyRing::ACCEPT_VERIFICATION_FAILED ); }
81
82 bool KeyRingReport::askUserToAcceptPackageKey(const PublicKey &key_r, const KeyContext &keycontext_r)
83 {
84 UserData data(ACCEPT_PACKAGE_KEY_REQUEST);
85 data.set("PublicKey", key_r);
86 data.set("KeyContext", keycontext_r);
87 report(data);
88
89 if ( data.hasvalue("TrustKey") )
90 return data.get<bool>("TrustKey");
91 return false;
92 }
93
94 void KeyRingReport::reportNonImportedKeys(const std::set<Edition> &keys_r)
95 {
96 UserData data(KEYS_NOT_IMPORTED_REPORT);
97 data.set("Keys", keys_r);
98 report(data);
99 }
100
101 namespace
102 {
110 struct CachedPublicKeyData : private base::NonCopyable
111 {
112 const std::list<PublicKeyData> & operator()( const Pathname & keyring_r ) const
113 { return getData( keyring_r ); }
114
115 void setDirty( const Pathname & keyring_r )
116 { _cacheMap[keyring_r].setDirty(); }
117
118 private:
119 struct Cache
120 {
121 Cache() {}
122
123 void setDirty()
124 {
125 _keyringK.reset();
126 _keyringP.reset();
127 }
128
129 void assertCache( const Pathname & keyring_r )
130 {
131 // .kbx since gpg2-2.1
132 if ( !_keyringK )
133 _keyringK.reset( new WatchFile( keyring_r/"pubring.kbx", WatchFile::NO_INIT ) );
134 if ( !_keyringP )
135 _keyringP.reset( new WatchFile( keyring_r/"pubring.gpg", WatchFile::NO_INIT ) );
136 }
137
138 bool hasChanged() const
139 {
140 bool k = _keyringK->hasChanged(); // be sure both files are checked
141 bool p = _keyringP->hasChanged();
142 return k || p;
143 }
144
145 std::list<PublicKeyData> _data;
146
147 private:
148 scoped_ptr<WatchFile> _keyringK;
149 scoped_ptr<WatchFile> _keyringP;
150 };
151
152 typedef std::map<Pathname,Cache> CacheMap;
153
154 const std::list<PublicKeyData> & getData( const Pathname & keyring_r ) const
155 {
156 Cache & cache( _cacheMap[keyring_r] );
157 // init new cache entry
158 cache.assertCache( keyring_r );
159 return getData( keyring_r, cache );
160 }
161
162 const std::list<PublicKeyData> & getData( const Pathname & keyring_r, Cache & cache_r ) const
163 {
164 if ( cache_r.hasChanged() ) {
165 cache_r._data = KeyManagerCtx::createForOpenPGP( keyring_r ).listKeys();
166 MIL << "Found keys: " << cache_r._data << endl;
167 }
168 return cache_r._data;
169 }
170
171 mutable CacheMap _cacheMap;
172 };
174 }
175
177 //
178 // CLASS NAME : KeyRing::Impl
179 //
181 struct KeyRing::Impl
182 {
183 Impl( const Pathname & baseTmpDir )
184 : _trusted_tmp_dir( baseTmpDir, "zypp-trusted-kr" )
185 , _general_tmp_dir( baseTmpDir, "zypp-general-kr" )
186 , _base_dir( baseTmpDir )
187 {
188 MIL << "Current KeyRing::DefaultAccept: " << _keyRingDefaultAccept << endl;
189 }
190
191 void importKey( const PublicKey & key, bool trusted = false );
192 void multiKeyImport( const Pathname & keyfile_r, bool trusted_r = false );
193 void deleteKey( const std::string & id, bool trusted );
194
195 std::string readSignatureKeyId( const Pathname & signature );
196
197 bool isKeyTrusted( const std::string & id )
198 { return bool(publicKeyExists( id, trustedKeyRing() )); }
199 bool isKeyKnown( const std::string & id )
200 { return publicKeyExists( id, trustedKeyRing() ) || publicKeyExists( id, generalKeyRing() ); }
201
202 std::list<PublicKey> trustedPublicKeys()
203 { return publicKeys( trustedKeyRing() ); }
204 std::list<PublicKey> publicKeys()
205 { return publicKeys( generalKeyRing() ); }
206
207 const std::list<PublicKeyData> & trustedPublicKeyData()
208 { return publicKeyData( trustedKeyRing() ); }
209 const std::list<PublicKeyData> & publicKeyData()
210 { return publicKeyData( generalKeyRing() ); }
211
212 void dumpPublicKey( const std::string & id, bool trusted, std::ostream & stream )
213 { dumpPublicKey( id, ( trusted ? trustedKeyRing() : generalKeyRing() ), stream ); }
214
215 PublicKey exportPublicKey( const PublicKeyData & keyData )
216 { return exportKey( keyData, generalKeyRing() ); }
217 PublicKey exportTrustedPublicKey( const PublicKeyData & keyData )
218 { return exportKey( keyData, trustedKeyRing() ); }
219
220 bool verifyFileSignatureWorkflow( const Pathname & file, const std::string & filedesc, const Pathname & signature, bool & sigValid_r, const KeyContext & keycontext = KeyContext());
221
222 bool verifyFileSignature( const Pathname & file, const Pathname & signature )
223 { return verifyFile( file, signature, generalKeyRing() ); }
224 bool verifyFileTrustedSignature( const Pathname & file, const Pathname & signature )
225 { return verifyFile( file, signature, trustedKeyRing() ); }
226
227 PublicKeyData trustedPublicKeyExists( const std::string & id )
228 { return publicKeyExists(id, trustedKeyRing());}
229
230 bool provideAndImportKeyFromRepositoryWorkflow (const std::string &id_r , const RepoInfo &info_r );
231
232 private:
233 bool verifyFile( const Pathname & file, const Pathname & signature, const Pathname & keyring );
234 void importKey( const Pathname & keyfile, const Pathname & keyring );
235
236 PublicKey exportKey( const std::string & id, const Pathname & keyring );
237 PublicKey exportKey( const PublicKeyData & keyData, const Pathname & keyring );
238 PublicKey exportKey( const PublicKey & key, const Pathname & keyring )
239 { return exportKey( key.keyData(), keyring ); }
240
241 void dumpPublicKey( const std::string & id, const Pathname & keyring, std::ostream & stream );
242 filesystem::TmpFile dumpPublicKeyToTmp( const std::string & id, const Pathname & keyring );
243
244 void deleteKey( const std::string & id, const Pathname & keyring );
245
246 std::list<PublicKey> publicKeys( const Pathname & keyring);
247 const std::list<PublicKeyData> & publicKeyData( const Pathname & keyring )
248 { return cachedPublicKeyData( keyring ); }
249
251 PublicKeyData publicKeyExists( const std::string & id, const Pathname & keyring );
252
253 const Pathname generalKeyRing() const
254 { return _general_tmp_dir.path(); }
255 const Pathname trustedKeyRing() const
256 { return _trusted_tmp_dir.path(); }
257
258 // Used for trusted and untrusted keyrings
259 filesystem::TmpDir _trusted_tmp_dir;
260 filesystem::TmpDir _general_tmp_dir;
261 Pathname _base_dir;
262
263 private:
269 CachedPublicKeyData cachedPublicKeyData;
270 };
272
273 namespace
274 {
276 struct ImportKeyCBHelper
277 {
278 void operator()( const PublicKey & key_r )
279 {
280 try {
281 _rpmdbEmitSignal->trustedKeyAdded( key_r );
282 _emitSignal->trustedKeyAdded( key_r );
283 }
284 catch ( const Exception & excp )
285 {
286 ERR << "Could not import key into rpmdb: " << excp << endl;
287 // TODO: JobReport as hotfix for bsc#1057188; should bubble up and go through some callback
288 JobReport::error( excp.asUserHistory() );
289 }
290 }
291
292 private:
293 callback::SendReport<target::rpm::KeyRingSignals> _rpmdbEmitSignal;
294 callback::SendReport<KeyRingSignals> _emitSignal;
295 };
296 } // namespace
297
298
299 void KeyRing::Impl::importKey( const PublicKey & key, bool trusted )
300 {
301 importKey( key.path(), trusted ? trustedKeyRing() : generalKeyRing() );
302 MIL << "Imported key " << key << " to " << (trusted ? "trustedKeyRing" : "generalKeyRing" ) << endl;
303
304 if ( trusted )
305 {
306 ImportKeyCBHelper emitSignal;
307 if ( key.hiddenKeys().empty() )
308 {
309 emitSignal( key );
310 }
311 else
312 {
313 // multiple keys: Export individual keys ascii armored to import in rpmdb
314 emitSignal( exportKey( key, trustedKeyRing() ) );
315 for ( const PublicKeyData & hkey : key.hiddenKeys() )
316 emitSignal( exportKey( hkey, trustedKeyRing() ) );
317 }
318 }
319 }
320
321 void KeyRing::Impl::multiKeyImport( const Pathname & keyfile_r, bool trusted_r )
322 {
323 importKey( keyfile_r, trusted_r ? trustedKeyRing() : generalKeyRing() );
324 }
325
326 void KeyRing::Impl::deleteKey( const std::string & id, bool trusted )
327 {
328 PublicKeyData keyDataToDel( publicKeyExists( id, trusted ? trustedKeyRing() : generalKeyRing() ) );
329 if ( ! keyDataToDel )
330 {
331 WAR << "Key to delete [" << id << "] is not in " << (trusted ? "trustedKeyRing" : "generalKeyRing" ) << endl;
332 return;
333 }
334 deleteKey( id, trusted ? trustedKeyRing() : generalKeyRing() );
335 MIL << "Deleted key [" << id << "] from " << (trusted ? "trustedKeyRing" : "generalKeyRing" ) << endl;
336
337 if ( trusted )
338 try {
339 PublicKey key( keyDataToDel );
340
341 callback::SendReport<target::rpm::KeyRingSignals> rpmdbEmitSignal;
342 rpmdbEmitSignal->trustedKeyRemoved( key );
343
344 callback::SendReport<KeyRingSignals> emitSignal;
345 emitSignal->trustedKeyRemoved( key );
346 }
347 catch ( const Exception & excp )
348 {
349 ERR << "Could not delete key from rpmmdb: " << excp << endl;
350 // TODO: JobReport as hotfix for bsc#1057188; should bubble up and go through some callback
351 JobReport::error( excp.asUserHistory() );
352 }
353 }
354
355 PublicKeyData KeyRing::Impl::publicKeyExists( const std::string & id, const Pathname & keyring )
356 {
357 PublicKeyData ret;
358 for ( const PublicKeyData & key : publicKeyData( keyring ) )
359 {
360 if ( key.providesKey( id ) )
361 {
362 ret = key;
363 break;
364 }
365 }
366 MIL << (ret ? "Found" : "No") << " key [" << id << "] in keyring " << keyring << endl;
367 return ret;
368 }
369
370 PublicKey KeyRing::Impl::exportKey( const PublicKeyData & keyData, const Pathname & keyring )
371 {
372 return PublicKey( dumpPublicKeyToTmp( keyData.id(), keyring ), keyData );
373 }
374
375 PublicKey KeyRing::Impl::exportKey( const std::string & id, const Pathname & keyring )
376 {
377 PublicKeyData keyData( publicKeyExists( id, keyring ) );
378 if ( keyData )
379 return PublicKey( dumpPublicKeyToTmp( keyData.id(), keyring ), keyData );
380
381 // Here: key not found
382 WAR << "No key [" << id << "] to export from " << keyring << endl;
383 return PublicKey();
384 }
385
386
387 void KeyRing::Impl::dumpPublicKey( const std::string & id, const Pathname & keyring, std::ostream & stream )
388 {
389 KeyManagerCtx::createForOpenPGP( keyring ).exportKey(id, stream);
390 }
391
392 filesystem::TmpFile KeyRing::Impl::dumpPublicKeyToTmp( const std::string & id, const Pathname & keyring )
393 {
394 filesystem::TmpFile tmpFile( _base_dir, "pubkey-"+id+"-" );
395 MIL << "Going to export key [" << id << "] from " << keyring << " to " << tmpFile.path() << endl;
396
397 std::ofstream os( tmpFile.path().c_str() );
398 dumpPublicKey( id, keyring, os );
399 os.close();
400 return tmpFile;
401 }
402
403 bool KeyRing::Impl::verifyFileSignatureWorkflow( const Pathname & file, const std::string & filedesc, const Pathname & signature, bool & sigValid_r, const KeyContext & context )
404 {
405 sigValid_r = false; // set true if signature is actually successfully validated!
406
407 callback::SendReport<KeyRingReport> report;
408 MIL << "Going to verify signature for " << filedesc << " ( " << file << " ) with " << signature << endl;
409
410 // if signature does not exists, ask user if he wants to accept unsigned file.
411 if( signature.empty() || (!PathInfo( signature ).isExist()) )
412 {
413 bool res = report->askUserToAcceptUnsignedFile( filedesc, context );
414 MIL << "askUserToAcceptUnsignedFile: " << res << endl;
415 return res;
416 }
417
418 // get the id of the signature (it might be a subkey id!)
419 std::string id = readSignatureKeyId( signature );
420
421 PublicKeyData foundKey;
422 Pathname whichKeyring;
423
424 if ( !id.empty() ) {
425
426 // does key exists in trusted keyring
427 PublicKeyData trustedKeyData( publicKeyExists( id, trustedKeyRing() ) );
428 if ( trustedKeyData )
429 {
430 MIL << "Key is trusted: " << trustedKeyData << endl;
431
432 // lets look if there is an updated key in the
433 // general keyring
434 PublicKeyData generalKeyData( publicKeyExists( id, generalKeyRing() ) );
435 if ( generalKeyData )
436 {
437 // bnc #393160: Comment #30: Compare at least the fingerprint
438 // in case an attacker created a key the the same id.
439 //
440 // FIXME: bsc#1008325: For keys using subkeys, we'd actually need
441 // to compare the subkey sets, to tell whether a key was updated.
442 // because created() remains unchanged if the primary key is not touched.
443 // For now we wait until a new subkey signs the data and treat it as a
444 // new key (else part below).
445 if ( trustedKeyData.fingerprint() == generalKeyData.fingerprint()
446 && trustedKeyData.created() < generalKeyData.created() )
447 {
448 MIL << "Key was updated. Saving new version into trusted keyring: " << generalKeyData << endl;
449 importKey( exportKey( generalKeyData, generalKeyRing() ), true );
450 trustedKeyData = publicKeyExists( id, trustedKeyRing() ); // re-read: invalidated by import?
451 }
452 }
453
454 foundKey = trustedKeyData;
455 whichKeyring = trustedKeyRing();
456 }
457 else
458 {
459 PublicKeyData generalKeyData( publicKeyExists( id, generalKeyRing() ) );
460 if ( generalKeyData )
461 {
462 PublicKey key( exportKey( generalKeyData, generalKeyRing() ) );
463 MIL << "Key [" << id << "] " << key.name() << " is not trusted" << endl;
464
465 // ok the key is not trusted, ask the user to trust it or not
466 KeyRingReport::KeyTrust reply = report->askUserToAcceptKey( key, context );
467 if ( reply == KeyRingReport::KEY_TRUST_TEMPORARILY ||
468 reply == KeyRingReport::KEY_TRUST_AND_IMPORT )
469 {
470 MIL << "User wants to trust key [" << id << "] " << key.name() << endl;
471
472 if ( reply == KeyRingReport::KEY_TRUST_AND_IMPORT )
473 {
474 MIL << "User wants to import key [" << id << "] " << key.name() << endl;
475 importKey( key, true );
476 whichKeyring = trustedKeyRing();
477 }
478 else
479 whichKeyring = generalKeyRing();
480
481 foundKey = generalKeyData;
482 }
483 else
484 {
485 MIL << "User does not want to trust key [" << id << "] " << key.name() << endl;
486 return false;
487 }
488 }
489 else if ( ! context.empty() )
490 {
491 // try to find the key in the repository info
492 if ( provideAndImportKeyFromRepositoryWorkflow( id, context.repoInfo() ) ) {
493 whichKeyring = trustedKeyRing();
494 foundKey = PublicKeyData( publicKeyExists( id, trustedKeyRing() ) );
495 }
496 }
497 }
498 }
499
500 if ( foundKey ) {
501 // it exists, is trusted, does it validate?
502 report->infoVerify( filedesc, foundKey, context );
503 if ( verifyFile( file, signature, whichKeyring ) )
504 {
505 return (sigValid_r=true); // signature is actually successfully validated!
506 }
507 else
508 {
509 bool res = report->askUserToAcceptVerificationFailed( filedesc, exportKey( foundKey, whichKeyring ), context );
510 MIL << "askUserToAcceptVerificationFailed: " << res << endl;
511 return res;
512 }
513 } else {
514 // signed with an unknown key...
515 MIL << "File [" << file << "] ( " << filedesc << " ) signed with unknown key [" << id << "]" << endl;
516 bool res = report->askUserToAcceptUnknownKey( filedesc, id, context );
517 MIL << "askUserToAcceptUnknownKey: " << res << endl;
518 return res;
519 }
520
521 return false;
522 }
523
524 bool KeyRing::Impl::provideAndImportKeyFromRepositoryWorkflow(const std::string &id_r, const RepoInfo &info_r)
525 {
526 if ( id_r.empty() )
527 return false;
528
529 const ZConfig &conf = ZConfig::instance();
530 Pathname cacheDir = conf.repoManagerRoot() / conf.pubkeyCachePath();
531
532 Pathname myKey = info_r.provideKey( id_r, cacheDir );
533 if ( myKey.empty() )
534 // if we did not find any keys, there is no point in checking again, break
535 return false;
536
537 callback::SendReport<KeyRingReport> report;
538
539 PublicKey key;
540 try {
541 key = PublicKey( myKey );
542 } catch ( const Exception &e ) {
543 ZYPP_CAUGHT(e);
544 return false;
545 }
546
547 if ( !key.isValid() ) {
548 ERR << "Key [" << id_r << "] from cache: " << cacheDir << " is not valid" << endl;
549 return false;
550 }
551
552 MIL << "Key [" << id_r << "] " << key.name() << " loaded from cache" << endl;
553
554 KeyContext context;
555 context.setRepoInfo( info_r );
556 if ( ! report->askUserToAcceptPackageKey( key, context ) ) {
557 return false;
558 }
559
560 MIL << "User wants to import key [" << id_r << "] " << key.name() << " from cache" << endl;
561 try {
562 importKey( key, true );
563 } catch ( const KeyRingException &e ) {
564 ZYPP_CAUGHT(e);
565 ERR << "Failed to import key: "<<id_r;
566 return false;
567 }
568
569 return true;
570 }
571
572 std::list<PublicKey> KeyRing::Impl::publicKeys( const Pathname & keyring )
573 {
574 const std::list<PublicKeyData> & keys( publicKeyData( keyring ) );
575 std::list<PublicKey> ret;
576
577 for_( it, keys.begin(), keys.end() )
578 {
579 PublicKey key( exportKey( *it, keyring ) );
580 ret.push_back( key );
581 MIL << "Found key " << key << endl;
582 }
583 return ret;
584 }
585
586 void KeyRing::Impl::importKey( const Pathname & keyfile, const Pathname & keyring )
587 {
588 if ( ! PathInfo( keyfile ).isExist() )
589 // TranslatorExplanation first %s is key name, second is keyring name
590 ZYPP_THROW(KeyRingException( str::Format(_("Tried to import not existent key %s into keyring %s"))
591 % keyfile.asString()
592 % keyring.asString() ));
593
594 cachedPublicKeyData.setDirty( keyring );
595 if ( ! KeyManagerCtx::createForOpenPGP( keyring ).importKey( keyfile ) )
596 ZYPP_THROW(KeyRingException(_("Failed to import key.")));
597 }
598
599 void KeyRing::Impl::deleteKey( const std::string & id, const Pathname & keyring )
600 {
601 cachedPublicKeyData.setDirty( keyring );
602 if ( ! KeyManagerCtx::createForOpenPGP( keyring ).deleteKey( id ) )
603 ZYPP_THROW(KeyRingException(_("Failed to delete key.")));
604 }
605
606 std::string KeyRing::Impl::readSignatureKeyId( const Pathname & signature )
607 {
608 if ( ! PathInfo( signature ).isFile() )
609 ZYPP_THROW(KeyRingException( str::Format(_("Signature file %s not found")) % signature.asString() ));
610
611 MIL << "Determining key id of signature " << signature << endl;
612
613 std::list<std::string> fprs = KeyManagerCtx::createForOpenPGP().readSignatureFingerprints( signature );
614 if ( ! fprs.empty() ) {
615 std::string &id = fprs.back();
616 MIL << "Determined key id [" << id << "] for signature " << signature << endl;
617 return id;
618 }
619 return std::string();
620 }
621
622 bool KeyRing::Impl::verifyFile( const Pathname & file, const Pathname & signature, const Pathname & keyring )
623 {
624 return KeyManagerCtx::createForOpenPGP( keyring ).verify( file, signature );
625 }
626
628
630 //
631 // CLASS NAME : KeyRing
632 //
634
635 KeyRing::KeyRing( const Pathname & baseTmpDir )
636 : _pimpl( new Impl( baseTmpDir ) )
637 {}
638
639 KeyRing::~KeyRing()
640 {}
641
642
643 void KeyRing::importKey( const PublicKey & key, bool trusted )
644 { _pimpl->importKey( key, trusted ); }
645
646 void KeyRing::multiKeyImport( const Pathname & keyfile_r, bool trusted_r )
647 { _pimpl->multiKeyImport( keyfile_r, trusted_r ); }
648
649 std::string KeyRing::readSignatureKeyId( const Pathname & signature )
650 { return _pimpl->readSignatureKeyId( signature ); }
651
652 void KeyRing::deleteKey( const std::string & id, bool trusted )
653 { _pimpl->deleteKey( id, trusted ); }
654
655 std::list<PublicKey> KeyRing::publicKeys()
656 { return _pimpl->publicKeys(); }
657
658 std:: list<PublicKey> KeyRing::trustedPublicKeys()
659 { return _pimpl->trustedPublicKeys(); }
660
661 std::list<PublicKeyData> KeyRing::publicKeyData()
662 { return _pimpl->publicKeyData(); }
663
664 std::list<PublicKeyData> KeyRing::trustedPublicKeyData()
665 { return _pimpl->trustedPublicKeyData(); }
666
667 PublicKeyData KeyRing::trustedPublicKeyData(const std::string &id_r)
668 { return _pimpl->trustedPublicKeyExists( id_r ); }
669
670 bool KeyRing::verifyFileSignatureWorkflow( const Pathname & file, const std::string & filedesc, const Pathname & signature, bool & sigValid_r, const KeyContext & keycontext )
671 { return _pimpl->verifyFileSignatureWorkflow( file, filedesc, signature, sigValid_r, keycontext ); }
672
673 bool KeyRing::verifyFileSignatureWorkflow( const Pathname & file, const std::string filedesc, const Pathname & signature, const KeyContext & keycontext )
674 { bool unused; return _pimpl->verifyFileSignatureWorkflow( file, filedesc, signature, unused, keycontext ); }
675
676 bool KeyRing::verifyFileSignature( const Pathname & file, const Pathname & signature )
677 { return _pimpl->verifyFileSignature( file, signature ); }
678
679 bool KeyRing::verifyFileTrustedSignature( const Pathname & file, const Pathname & signature )
680 { return _pimpl->verifyFileTrustedSignature( file, signature ); }
681
682 bool KeyRing::provideAndImportKeyFromRepositoryWorkflow(const std::string &id, const RepoInfo &info)
683 {
684 return _pimpl->provideAndImportKeyFromRepositoryWorkflow( id, info );
685 }
686
687 void KeyRing::dumpPublicKey( const std::string & id, bool trusted, std::ostream & stream )
688 { _pimpl->dumpPublicKey( id, trusted, stream ); }
689
690 PublicKey KeyRing::exportPublicKey( const PublicKeyData & keyData )
691 { return _pimpl->exportPublicKey( keyData ); }
692
693 PublicKey KeyRing::exportTrustedPublicKey( const PublicKeyData & keyData )
694 { return _pimpl->exportTrustedPublicKey( keyData ); }
695
696 bool KeyRing::isKeyTrusted( const std::string & id )
697 { return _pimpl->isKeyTrusted( id ); }
698
699 bool KeyRing::isKeyKnown( const std::string & id )
700 { return _pimpl->isKeyKnown( id ); }
701
703} // namespace zypp
for_
#define for_(IT, BEG, END)
Convenient for-loops using iterator.
Definition: Easy.h:28
ZYPP_CAUGHT
#define ZYPP_CAUGHT(EXCPT)
Drops a logline telling the Exception was caught (in order to handle it).
Definition: Exception.h:396
ZYPP_THROW
#define ZYPP_THROW(EXCPT)
Drops a logline and throws the Exception.
Definition: Exception.h:392
Gettext.h
Interface to gettext.
_
#define _(MSG)
Definition: Gettext.h:37
_emitSignal
callback::SendReport< KeyRingSignals > _emitSignal
Definition: KeyRing.cc:294
_data
std::list< PublicKeyData > _data
Definition: KeyRing.cc:145
_keyringK
scoped_ptr< WatchFile > _keyringK
Definition: KeyRing.cc:148
_keyringP
scoped_ptr< WatchFile > _keyringP
Definition: KeyRing.cc:149
_rpmdbEmitSignal
callback::SendReport< target::rpm::KeyRingSignals > _rpmdbEmitSignal
Definition: KeyRing.cc:293
_cacheMap
CacheMap _cacheMap
Definition: KeyRing.cc:171
MIL
#define MIL
Definition: Logger.h:79
ERR
#define ERR
Definition: Logger.h:81
WAR
#define WAR
Definition: Logger.h:80
report
callback::SendReport< DownloadProgressReport > * report
Definition: MediaCurl.cc:70
scoped_ptr
zypp::Exception
Base class for Exception.
Definition: Exception.h:146
zypp::Exception::asUserHistory
std::string asUserHistory() const
A single (multiline) string composed of asUserString and historyAsString.
Definition: Exception.cc:91
zypp::KeyManagerCtx::exportKey
bool exportKey(const std::string &id, std::ostream &stream)
Exports the key with id into the given stream, returns true on success.
Definition: KeyManager.cc:383
zypp::KeyManagerCtx::listKeys
std::list< PublicKeyData > listKeys()
Returns a list of all public keys found in the current keyring.
Definition: KeyManager.cc:287
zypp::KeyManagerCtx::verify
bool verify(const Pathname &file, const Pathname &signature)
Tries to verify file using signature, returns true on success.
Definition: KeyManager.cc:378
zypp::KeyManagerCtx::createForOpenPGP
static KeyManagerCtx createForOpenPGP()
Creates a new KeyManagerCtx for PGP using a volatile temp.
Definition: KeyManager.cc:238
zypp::KeyManagerCtx::readSignatureFingerprints
std::list< std::string > readSignatureFingerprints(const Pathname &signature)
Reads all fingerprints from the signature file , returns a list of all found fingerprints.
Definition: KeyManager.cc:517
zypp::KeyRing
Gpg key handling.
Definition: KeyRing.h:169
zypp::KeyRing::provideAndImportKeyFromRepositoryWorkflow
bool provideAndImportKeyFromRepositoryWorkflow(const std::string &id, const RepoInfo &info)
Try to find the id in key cache or repository specified in info.
Definition: KeyRing.cc:682
zypp::KeyRing::isKeyKnown
bool isKeyKnown(const std::string &id)
true if the key id is knows, that means at least exist on the untrusted keyring
Definition: KeyRing.cc:699
zypp::KeyRing::publicKeys
std::list< PublicKey > publicKeys()
Get a list of public keys in the keyring (incl.
Definition: KeyRing.cc:655
zypp::KeyRing::trustedPublicKeys
std::list< PublicKey > trustedPublicKeys()
Get a list of trusted public keys in the keyring (incl.
Definition: KeyRing.cc:658
zypp::KeyRing::defaultAccept
static DefaultAccept defaultAccept()
Get the active accept bits.
Definition: KeyRing.cc:51
zypp::KeyRing::dumpPublicKey
void dumpPublicKey(const std::string &id, bool trusted, std::ostream &stream)
Definition: KeyRing.cc:687
zypp::KeyRing::verifyFileSignature
bool verifyFileSignature(const Pathname &file, const Pathname &signature)
Verifies a file against a signature, with no user interaction.
Definition: KeyRing.cc:676
zypp::KeyRing::multiKeyImport
void multiKeyImport(const Pathname &keyfile_r, bool trusted_r=false)
Initial import from RpmDb.
Definition: KeyRing.cc:646
zypp::KeyRing::KeyRing
KeyRing(const Pathname &baseTmpDir)
Default ctor.
Definition: KeyRing.cc:635
zypp::KeyRing::~KeyRing
~KeyRing()
Dtor.
Definition: KeyRing.cc:639
zypp::KeyRing::exportPublicKey
PublicKey exportPublicKey(const PublicKeyData &keyData)
Export a public key identified by its key data.
Definition: KeyRing.cc:690
zypp::KeyRing::readSignatureKeyId
std::string readSignatureKeyId(const Pathname &signature)
reads the public key id from a signature
Definition: KeyRing.cc:649
zypp::KeyRing::verifyFileTrustedSignature
bool verifyFileTrustedSignature(const Pathname &file, const Pathname &signature)
Definition: KeyRing.cc:679
zypp::KeyRing::importKey
void importKey(const PublicKey &key, bool trusted=false)
imports a key from a file.
Definition: KeyRing.cc:643
zypp::KeyRing::verifyFileSignatureWorkflow
bool verifyFileSignatureWorkflow(const Pathname &file, const std::string &filedesc, const Pathname &signature, bool &sigValid_r, const KeyContext &keycontext=KeyContext())
Follows a signature verification interacting with the user.
Definition: KeyRing.cc:670
zypp::KeyRing::_pimpl
RW_pointer< Impl > _pimpl
Pointer to implementation.
Definition: KeyRing.h:335
zypp::KeyRing::deleteKey
void deleteKey(const std::string &id, bool trusted=false)
removes a key from the keyring.
Definition: KeyRing.cc:652
zypp::KeyRing::trustedPublicKeyData
std::list< PublicKeyData > trustedPublicKeyData()
Get a list of trusted public key data in the keyring (key data only)
Definition: KeyRing.cc:664
zypp::KeyRing::setDefaultAccept
static void setDefaultAccept(DefaultAccept value_r)
Set the active accept bits.
Definition: KeyRing.cc:54
zypp::KeyRing::publicKeyData
std::list< PublicKeyData > publicKeyData()
Get a list of public key data in the keyring (key data only)
Definition: KeyRing.cc:661
zypp::KeyRing::TRUST_KEY_TEMPORARILY
@ TRUST_KEY_TEMPORARILY
Definition: KeyRing.h:189
zypp::KeyRing::ACCEPT_VERIFICATION_FAILED
@ ACCEPT_VERIFICATION_FAILED
Definition: KeyRing.h:191
zypp::KeyRing::ACCEPT_UNKNOWNKEY
@ ACCEPT_UNKNOWNKEY
Definition: KeyRing.h:188
zypp::KeyRing::ACCEPT_NOTHING
@ ACCEPT_NOTHING
Definition: KeyRing.h:186
zypp::KeyRing::TRUST_AND_IMPORT_KEY
@ TRUST_AND_IMPORT_KEY
Definition: KeyRing.h:190
zypp::KeyRing::ACCEPT_UNSIGNED_FILE
@ ACCEPT_UNSIGNED_FILE
Definition: KeyRing.h:187
zypp::KeyRing::exportTrustedPublicKey
PublicKey exportTrustedPublicKey(const PublicKeyData &keyData)
Export a trusted public key identified by its key data.
Definition: KeyRing.cc:693
zypp::KeyRing::isKeyTrusted
bool isKeyTrusted(const std::string &id)
true if the key id is trusted
Definition: KeyRing.cc:696
zypp::PublicKeyData
Class representing one GPG Public Keys data.
Definition: PublicKey.h:140
zypp::PublicKeyData::created
Date created() const
Creation / last modification date (latest selfsig).
Definition: PublicKey.cc:323
zypp::PublicKeyData::id
std::string id() const
Key ID.
Definition: PublicKey.cc:311
zypp::PublicKeyData::fingerprint
std::string fingerprint() const
Key fingerprint.
Definition: PublicKey.cc:317
zypp::PublicKey
Class representing one GPG Public Key (PublicKeyData + ASCII armored in a tempfile).
Definition: PublicKey.h:276
zypp::PublicKey::path
Pathname path() const
File containig the ASCII armored key.
Definition: PublicKey.cc:526
zypp::PublicKey::hiddenKeys
const std::list< PublicKeyData > & hiddenKeys() const
Additional keys data in case the ASCII armored blob containes multiple keys.
Definition: PublicKey.cc:529
zypp::PublicKey::name
std::string name() const
Definition: PublicKey.cc:535
zypp::PublicKey::keyData
const PublicKeyData & keyData() const
The public keys data (.
Definition: PublicKey.cc:523
zypp::PublicKey::isValid
bool isValid() const
Definition: PublicKey.h:311
zypp::RepoInfo
What is known about a repository.
Definition: RepoInfo.h:72
zypp::RepoInfo::provideKey
Pathname provideKey(const std::string &keyID_r, const Pathname &targetDirectory_r) const
downloads all configured gpg keys into the defined directory
Definition: RepoInfo.cc:536
zypp::ZConfig
Interim helper class to collect global options and settings.
Definition: ZConfig.h:60
zypp::ZConfig::repoManagerRoot
Pathname repoManagerRoot() const
The RepoManager root directory.
Definition: ZConfig.cc:828
zypp::ZConfig::instance
static ZConfig & instance()
Singleton ctor.
Definition: Resolver.cc:126
zypp::ZConfig::pubkeyCachePath
Pathname pubkeyCachePath() const
Path where the pubkey caches.
Definition: ZConfig.cc:920
zypp::callback::UserData
Typesafe passing of user data via callbacks.
Definition: UserData.h:39
zypp::callback::UserData::get
const Tp & get(const std::string &key_r) const
Pass back a const Tp & reference to key_r value.
Definition: UserData.h:175
zypp::callback::UserData::hasvalue
bool hasvalue(const std::string &key_r) const
Whether key_r is in data and value is not empty.
Definition: UserData.h:101
zypp::callback::UserData::set
bool set(const std::string &key_r, AnyType val_r)
Set the value for key (nonconst version always returns true).
Definition: UserData.h:118
zypp::filesystem::PathInfo
Wrapper class for ::stat/::lstat.
Definition: PathInfo.h:221
zypp::filesystem::Pathname::c_str
const char * c_str() const
String representation.
Definition: Pathname.h:110
zypp::filesystem::Pathname::asString
const std::string & asString() const
String representation.
Definition: Pathname.h:91
zypp::filesystem::Pathname::empty
bool empty() const
Test for an empty path.
Definition: Pathname.h:114
zypp::filesystem::TmpDir
Provide a new empty temporary directory and recursively delete it when no longer needed.
Definition: TmpPath.h:178
zypp::filesystem::TmpFile
Provide a new empty temporary file and delete it when no longer needed.
Definition: TmpPath.h:128
zypp::filesystem::TmpPath::path
Pathname path() const
Definition: TmpPath.cc:146
zypp::base::NonCopyable
boost::noncopyable NonCopyable
Ensure derived classes cannot be copied.
Definition: NonCopyable.h:26
zypp
Easy-to use interface to the ZYPP dependency resolver.
Definition: CodePitfalls.doc:2
zypp::IMPL_PTR_TYPE
IMPL_PTR_TYPE(Application)
zypp::JobReport::error
static bool error(const std::string &msg_r, const UserData &userData_r=UserData())
send error text
Definition: ZYppCallbacks.h:830
zypp::KeyContext::setRepoInfo
void setRepoInfo(const RepoInfo &repoinfo)
Definition: KeyContext.h:16
zypp::KeyContext::repoInfo
const RepoInfo repoInfo() const
Definition: KeyContext.h:15
zypp::KeyContext::empty
bool empty() const
Is the context unknown?
Definition: KeyContext.h:12
zypp::KeyRingReport::infoVerify
virtual void infoVerify(const std::string &file_r, const PublicKeyData &keyData_r, const KeyContext &keycontext=KeyContext())
Informal callback showing the trusted key that will be used for verification.
Definition: KeyRing.cc:60
zypp::KeyRingReport::reportNonImportedKeys
void reportNonImportedKeys(const std::set< Edition > &keys_r)
Notify the user about keys that were not imported from the rpm key database into zypp keyring.
Definition: KeyRing.cc:94
zypp::KeyRingReport::KeyTrust
KeyTrust
User reply options for the askUserToTrustKey callback.
Definition: KeyRing.h:52
zypp::KeyRingReport::KEY_TRUST_AND_IMPORT
@ KEY_TRUST_AND_IMPORT
Import the key.
Definition: KeyRing.h:70
zypp::KeyRingReport::KEY_DONT_TRUST
@ KEY_DONT_TRUST
User has chosen not to trust the key.
Definition: KeyRing.h:56
zypp::KeyRingReport::KEY_TRUST_TEMPORARILY
@ KEY_TRUST_TEMPORARILY
This basically means, we knew the key, but it was not trusted.
Definition: KeyRing.h:61
zypp::KeyRingReport::askUserToAcceptUnsignedFile
virtual bool askUserToAcceptUnsignedFile(const std::string &file, const KeyContext &keycontext=KeyContext())
Definition: KeyRing.cc:63
zypp::KeyRingReport::askUserToAcceptPackageKey
bool askUserToAcceptPackageKey(const PublicKey &key_r, const KeyContext &keycontext_r=KeyContext())
Ask user to trust and/or import the package key to trusted keyring, using ReportBase::report.
Definition: KeyRing.cc:82
zypp::KeyRingReport::ACCEPT_PACKAGE_KEY_REQUEST
static constexpr const char * ACCEPT_PACKAGE_KEY_REQUEST
generic reports UserData::type
Definition: KeyRing.h:117
zypp::KeyRingReport::KEYS_NOT_IMPORTED_REPORT
static constexpr const char * KEYS_NOT_IMPORTED_REPORT
generic reports UserData::type
Definition: KeyRing.h:130
zypp::KeyRingReport::askUserToAcceptKey
virtual KeyTrust askUserToAcceptKey(const PublicKey &key, const KeyContext &keycontext=KeyContext())
Ask user to trust and/or import the key to trusted keyring.
Definition: KeyRing.cc:67
zypp::KeyRingReport::askUserToAcceptUnknownKey
virtual bool askUserToAcceptUnknownKey(const std::string &file, const std::string &id, const KeyContext &keycontext=KeyContext())
we DONT know the key, only its id, but we have never seen it, the difference with trust key is that i...
Definition: KeyRing.cc:76
zypp::KeyRingReport::askUserToAcceptVerificationFailed
virtual bool askUserToAcceptVerificationFailed(const std::string &file, const PublicKey &key, const KeyContext &keycontext=KeyContext())
The file filedesc is signed but the verification failed.
Definition: KeyRing.cc:79
zypp::KeyRing::Impl
KeyRing implementation.
Definition: KeyRing.cc:182
zypp::KeyRing::Impl::importKey
void importKey(const PublicKey &key, bool trusted=false)
Definition: KeyRing.cc:299
zypp::KeyRing::Impl::trustedPublicKeyExists
PublicKeyData trustedPublicKeyExists(const std::string &id)
Definition: KeyRing.cc:227
zypp::KeyRing::Impl::publicKeyExists
PublicKeyData publicKeyExists(const std::string &id, const Pathname &keyring)
Get PublicKeyData for ID (false if ID is not found).
Definition: KeyRing.cc:355
zypp::KeyRing::Impl::provideAndImportKeyFromRepositoryWorkflow
bool provideAndImportKeyFromRepositoryWorkflow(const std::string &id_r, const RepoInfo &info_r)
Definition: KeyRing.cc:524
zypp::KeyRing::Impl::trustedPublicKeys
std::list< PublicKey > trustedPublicKeys()
Definition: KeyRing.cc:202
zypp::KeyRing::Impl::exportKey
PublicKey exportKey(const std::string &id, const Pathname &keyring)
Definition: KeyRing.cc:375
zypp::KeyRing::Impl::exportPublicKey
PublicKey exportPublicKey(const PublicKeyData &keyData)
Definition: KeyRing.cc:215
zypp::KeyRing::Impl::isKeyKnown
bool isKeyKnown(const std::string &id)
Definition: KeyRing.cc:199
zypp::KeyRing::Impl::publicKeyData
const std::list< PublicKeyData > & publicKeyData()
Definition: KeyRing.cc:209
zypp::KeyRing::Impl::verifyFileTrustedSignature
bool verifyFileTrustedSignature(const Pathname &file, const Pathname &signature)
Definition: KeyRing.cc:224
zypp::KeyRing::Impl::exportTrustedPublicKey
PublicKey exportTrustedPublicKey(const PublicKeyData &keyData)
Definition: KeyRing.cc:217
zypp::KeyRing::Impl::Impl
Impl(const Pathname &baseTmpDir)
Definition: KeyRing.cc:183
zypp::KeyRing::Impl::verifyFile
bool verifyFile(const Pathname &file, const Pathname &signature, const Pathname &keyring)
Definition: KeyRing.cc:622
zypp::KeyRing::Impl::generalKeyRing
const Pathname generalKeyRing() const
Definition: KeyRing.cc:253
zypp::KeyRing::Impl::trustedPublicKeyData
const std::list< PublicKeyData > & trustedPublicKeyData()
Definition: KeyRing.cc:207
zypp::KeyRing::Impl::_general_tmp_dir
filesystem::TmpDir _general_tmp_dir
Definition: KeyRing.cc:260
zypp::KeyRing::Impl::verifyFileSignature
bool verifyFileSignature(const Pathname &file, const Pathname &signature)
Definition: KeyRing.cc:222
zypp::KeyRing::Impl::verifyFileSignatureWorkflow
bool verifyFileSignatureWorkflow(const Pathname &file, const std::string &filedesc, const Pathname &signature, bool &sigValid_r, const KeyContext &keycontext=KeyContext())
Definition: KeyRing.cc:403
zypp::KeyRing::Impl::cachedPublicKeyData
CachedPublicKeyData cachedPublicKeyData
Functor returning the keyrings data (cached).
Definition: KeyRing.cc:269
zypp::KeyRing::Impl::readSignatureKeyId
std::string readSignatureKeyId(const Pathname &signature)
Definition: KeyRing.cc:606
zypp::KeyRing::Impl::multiKeyImport
void multiKeyImport(const Pathname &keyfile_r, bool trusted_r=false)
Definition: KeyRing.cc:321
zypp::KeyRing::Impl::publicKeys
std::list< PublicKey > publicKeys()
Definition: KeyRing.cc:204
zypp::KeyRing::Impl::publicKeyData
const std::list< PublicKeyData > & publicKeyData(const Pathname &keyring)
Definition: KeyRing.cc:247
zypp::KeyRing::Impl::deleteKey
void deleteKey(const std::string &id, bool trusted)
Definition: KeyRing.cc:326
zypp::KeyRing::Impl::trustedKeyRing
const Pathname trustedKeyRing() const
Definition: KeyRing.cc:255
zypp::KeyRing::Impl::dumpPublicKeyToTmp
filesystem::TmpFile dumpPublicKeyToTmp(const std::string &id, const Pathname &keyring)
Definition: KeyRing.cc:392
zypp::KeyRing::Impl::exportKey
PublicKey exportKey(const PublicKey &key, const Pathname &keyring)
Definition: KeyRing.cc:238
zypp::KeyRing::Impl::_base_dir
Pathname _base_dir
Definition: KeyRing.cc:261
zypp::KeyRing::Impl::_trusted_tmp_dir
filesystem::TmpDir _trusted_tmp_dir
Definition: KeyRing.cc:259
zypp::KeyRing::Impl::isKeyTrusted
bool isKeyTrusted(const std::string &id)
Definition: KeyRing.cc:197
zypp::KeyRing::Impl::dumpPublicKey
void dumpPublicKey(const std::string &id, bool trusted, std::ostream &stream)
Definition: KeyRing.cc:212
zypp::callback::ReportBase::report
virtual void report(const UserData &userData_r=UserData())
The most generic way of sending/receiving data.
Definition: Callback.h:155
zypp::str::Format
Convenient building of std::string with boost::format.
Definition: String.h:250