libzypp 17.37.17
KeyRing.cc
Go to the documentation of this file.
1/*---------------------------------------------------------------------\
2| ____ _ __ __ ___ |
3| |__ / \ / / . \ . \ |
4| / / \ V /| _/ _/ |
5| / /__ | | | | | | |
6| /_____||_| |_| |_| |
7| |
8\---------------------------------------------------------------------*/
12
13#include "zypp_detail/keyring_p.h"
14
15#include <iostream>
16#include <sys/file.h>
17#include <unistd.h>
18
19#include <zypp/TmpPath.h>
20#include <zypp/ZYppFactory.h>
21#include <zypp/ZYpp.h>
22
23#include <zypp/base/LogTools.h>
24#include <zypp/base/IOStream.h>
25#include <zypp/base/String.h>
26#include <zypp/base/Regex.h>
27#include <zypp/base/Gettext.h>
28#include <zypp-core/fs/WatchFile>
29#include <zypp/PathInfo.h>
30#include <zypp/ExternalProgram.h>
31#include <zypp/TmpPath.h>
32#include <zypp/ZYppCallbacks.h> // JobReport::instance
33#include <zypp-common/KeyManager.h>
34
35#include <zypp/ng/workflows/keyringwf.h>
36
37using std::endl;
38
39#undef ZYPP_BASE_LOGGER_LOGGROUP
40#define ZYPP_BASE_LOGGER_LOGGROUP "zypp::KeyRing"
41
43namespace zypp
44{
45
46 IMPL_PTR_TYPE(KeyRing);
47
48 namespace
49 {
50 KeyRing::DefaultAccept _keyRingDefaultAccept( KeyRing::ACCEPT_NOTHING );
51 }
52
53 KeyRing::DefaultAccept KeyRing::defaultAccept()
54 { return _keyRingDefaultAccept; }
55
56 void KeyRing::setDefaultAccept( DefaultAccept value_r )
57 {
58 MIL << "Set new KeyRing::DefaultAccept: " << value_r << endl;
59 _keyRingDefaultAccept = value_r;
60 }
61
62 void KeyRingReport::infoVerify( const std::string & file_r, const PublicKeyData & keyData_r, const KeyContext & keycontext )
63 {}
64
65 bool KeyRingReport::askUserToAcceptUnsignedFile( const std::string & file, const KeyContext & keycontext )
66 { return _keyRingDefaultAccept.testFlag( KeyRing::ACCEPT_UNSIGNED_FILE ); }
67
68 KeyRingReport::KeyTrust
69 KeyRingReport::askUserToAcceptKey( const PublicKey & key, const KeyContext & keycontext )
70 {
71 if ( _keyRingDefaultAccept.testFlag( KeyRing::TRUST_KEY_TEMPORARILY ) )
72 return KEY_TRUST_TEMPORARILY;
73 if ( _keyRingDefaultAccept.testFlag( KeyRing::TRUST_AND_IMPORT_KEY ) )
74 return KEY_TRUST_AND_IMPORT;
75 return KEY_DONT_TRUST;
76 }
77
78 bool KeyRingReport::askUserToAcceptUnknownKey( const std::string & file, const std::string & id, const KeyContext & keycontext )
79 { return _keyRingDefaultAccept.testFlag( KeyRing::ACCEPT_UNKNOWNKEY ); }
80
81 bool KeyRingReport::askUserToAcceptVerificationFailed( const std::string & file, const PublicKey & key, const KeyContext & keycontext )
82 { return _keyRingDefaultAccept.testFlag( KeyRing::ACCEPT_VERIFICATION_FAILED ); }
83
84 bool KeyRingReport::askUserToAcceptPackageKey(const PublicKey &key_r, const KeyContext &keycontext_r)
85 {
86 UserData data(ACCEPT_PACKAGE_KEY_REQUEST);
87 data.set("PublicKey", key_r);
88 data.set("KeyContext", keycontext_r);
89 report(data);
90
91 if ( data.hasvalue("TrustKey") )
92 return data.get<bool>("TrustKey");
93 return false;
94 }
95
96 void KeyRingReport::reportNonImportedKeys(const std::set<Edition> &keys_r)
97 {
98 UserData data(KEYS_NOT_IMPORTED_REPORT);
99 data.set("Keys", keys_r);
100 report(data);
101 }
102
103 void KeyRingReport::reportAutoImportKey( const std::list<PublicKeyData> & keyDataList_r,
104 const PublicKeyData & keySigning_r,
105 const KeyContext &keyContext_r )
106 {
107 UserData data { REPORT_AUTO_IMPORT_KEY };
108 data.set( "KeyDataList", keyDataList_r );
109 data.set( "KeySigning", keySigning_r );
110 data.set( "KeyContext", keyContext_r );
111 report( data );
112 }
113
114 namespace
115 {
117 struct ImportKeyCBHelper
118 {
119 void operator()( const PublicKey & key_r )
120 {
121 try {
122 _rpmdbEmitSignal->trustedKeyAdded( key_r );
123 _emitSignal->trustedKeyAdded( key_r );
124 }
125 catch ( const Exception & excp )
126 {
127 ERR << "Could not import key into rpmdb: " << excp << endl;
128 // TODO: JobReport as hotfix for bsc#1057188; should bubble up and go through some callback
129 JobReport::error( excp.asUserHistory() );
130 }
131 }
132
133 private:
134 callback::SendReport<target::rpm::KeyRingSignals> _rpmdbEmitSignal;
135 callback::SendReport<KeyRingSignals> _emitSignal;
136 };
137 } // namespace
138
139 KeyRing::Impl::Impl(const filesystem::Pathname &baseTmpDir)
140 : KeyRingImpl( baseTmpDir )
141 {
142 MIL << "Current KeyRing::DefaultAccept: " << _keyRingDefaultAccept << std::endl;
143
144 sigTrustedKeyAdded ().connect ([]( const PublicKey &key ){
145 ImportKeyCBHelper emit;
146 emit(key);
147 });
148
149 sigTrustedKeyRemoved ().connect ([]( const PublicKey &key ){
150 try {
151 callback::SendReport<target::rpm::KeyRingSignals> rpmdbEmitSignal;
152 rpmdbEmitSignal->trustedKeyRemoved( key );
153
154 callback::SendReport<KeyRingSignals> emitSignal;
155 emitSignal->trustedKeyRemoved( key );
156 }
157 catch ( const Exception & excp )
158 {
159 ERR << "Could not delete key from rpmmdb: " << excp << endl;
160 // TODO: JobReport as hotfix for bsc#1057188; should bubble up and go through some callback
161 JobReport::error( excp.asUserHistory() );
162 }
163 });
164 }
165
166
168 //
169 // CLASS NAME : KeyRing
170 //
172
173 KeyRing::KeyRing( const Pathname & baseTmpDir )
174 : _pimpl( new Impl( baseTmpDir ) )
175 {}
176
179
180 KeyRing::Impl &KeyRing::pimpl()
181 {
182 return *_pimpl;
183 }
184
185 void KeyRing::allowPreload( bool yesno_r )
186 { _pimpl->allowPreload( yesno_r ); }
187
188
189 void KeyRing::importKey( const PublicKey & key, bool trusted )
190 { _pimpl->importKey( key, trusted ); }
191
192 void KeyRing::multiKeyImport( const Pathname & keyfile_r, bool trusted_r )
193 { _pimpl->multiKeyImport( keyfile_r, trusted_r ); }
194
195 std::string KeyRing::readSignatureKeyId( const Pathname & signature )
196 { return _pimpl->readSignatureKeyId( signature ); }
197
198 void KeyRing::deleteKey( const std::string & id, bool trusted )
199 { _pimpl->deleteKey( id, trusted ); }
200
201 std::list<PublicKey> KeyRing::publicKeys()
202 { return _pimpl->publicKeys(); }
203
204 std:: list<PublicKey> KeyRing::trustedPublicKeys()
205 { return _pimpl->trustedPublicKeys(); }
206
207 std::list<PublicKeyData> KeyRing::publicKeyData()
208 { return _pimpl->publicKeyData(); }
209
210 std::list<PublicKeyData> KeyRing::trustedPublicKeyData()
211 { return _pimpl->trustedPublicKeyData(); }
212
213 PublicKeyData KeyRing::publicKeyData( const std::string &id_r )
214 { return _pimpl->publicKeyExists( id_r ); }
215
216 PublicKeyData KeyRing::trustedPublicKeyData(const std::string &id_r)
217 { return _pimpl->trustedPublicKeyExists( id_r ); }
218
219 bool KeyRing::verifyFileSignature( const Pathname & file, const Pathname & signature )
220 { return _pimpl->verifyFileSignature( file, signature ); }
221
222 bool KeyRing::verifyFileTrustedSignature( const Pathname & file, const Pathname & signature )
223 { return _pimpl->verifyFileTrustedSignature( file, signature ); }
224 void KeyRing::dumpPublicKey( const std::string & id, bool trusted, std::ostream & stream )
225 { _pimpl->dumpPublicKey( id, trusted, stream ); }
226
227 PublicKey KeyRing::exportPublicKey( const PublicKeyData & keyData )
228 { return _pimpl->exportPublicKey( keyData ); }
229
230 PublicKey KeyRing::exportTrustedPublicKey( const PublicKeyData & keyData )
231 { return _pimpl->exportTrustedPublicKey( keyData ); }
232
233 bool KeyRing::isKeyTrusted( const std::string & id )
234 { return _pimpl->isKeyTrusted( id ); }
235
236 bool KeyRing::isKeyKnown( const std::string & id )
237 { return _pimpl->isKeyKnown( id ); }
238
240} // namespace zypp
zypp::Arch::operator()
bool operator()(const zypp::Arch &lhs, const zypp::Arch &rhs) const
Default order for std::container based Arch::compare.
Definition Arch.h:370
zypp::Exception
Base class for Exception.
Definition Exception.h:153
zypp::Exception::asUserHistory
std::string asUserHistory() const
A single (multiline) string composed of asUserString and historyAsString.
Definition Exception.cc:140
zypp::KeyRing
Gpg key handling.
Definition KeyRing.h:170
zypp::KeyRing::pimpl
KeyRing::Impl & pimpl()
Access to private functions for the KeyRingWorkflow implementations.
Definition KeyRing.cc:180
zypp::KeyRing::verifyFileTrustedSignature
bool verifyFileTrustedSignature(const Pathname &file, const Pathname &signature) ZYPP_API
Definition KeyRing.cc:222
zypp::KeyRing::isKeyKnown
bool isKeyKnown(const std::string &id)
true if the key id is knows, that means at least exist on the untrusted keyring
Definition KeyRing.cc:236
zypp::KeyRing::publicKeys
std::list< PublicKey > publicKeys()
Get a list of public keys in the keyring (incl.
Definition KeyRing.cc:201
zypp::KeyRing::trustedPublicKeys
std::list< PublicKey > trustedPublicKeys()
Get a list of trusted public keys in the keyring (incl.
Definition KeyRing.cc:204
zypp::KeyRing::defaultAccept
static DefaultAccept defaultAccept()
Get the active accept bits.
Definition KeyRing.cc:53
zypp::KeyRing::~KeyRing
~KeyRing() override
Dtor.
Definition KeyRing.cc:177
zypp::KeyRing::dumpPublicKey
void dumpPublicKey(const std::string &id, bool trusted, std::ostream &stream)
Definition KeyRing.cc:224
zypp::KeyRing::multiKeyImport
void multiKeyImport(const Pathname &keyfile_r, bool trusted_r=false)
Initial import from RpmDb.
Definition KeyRing.cc:192
zypp::KeyRing::KeyRing
KeyRing(const Pathname &baseTmpDir)
Default ctor.
Definition KeyRing.cc:173
zypp::KeyRing::exportPublicKey
PublicKey exportPublicKey(const PublicKeyData &keyData)
Export a public key identified by its key data.
Definition KeyRing.cc:227
zypp::KeyRing::readSignatureKeyId
std::string readSignatureKeyId(const Pathname &signature)
reads the public key id from a signature
Definition KeyRing.cc:195
zypp::KeyRing::allowPreload
void allowPreload(bool yesno_r)
The general keyring may be populated with known keys stored on the system.
Definition KeyRing.cc:185
zypp::KeyRing::importKey
void importKey(const PublicKey &key, bool trusted=false)
imports a key from a file.
Definition KeyRing.cc:189
zypp::KeyRing::_pimpl
RW_pointer< Impl > _pimpl
Pointer to implementation.
Definition KeyRing.h:308
zypp::KeyRing::verifyFileSignature
bool verifyFileSignature(const Pathname &file, const Pathname &signature) ZYPP_API
Verifies a file against a signature, with no user interaction.
Definition KeyRing.cc:219
zypp::KeyRing::deleteKey
void deleteKey(const std::string &id, bool trusted=false)
removes a key from the keyring.
Definition KeyRing.cc:198
zypp::KeyRing::trustedPublicKeyData
std::list< PublicKeyData > trustedPublicKeyData()
Get a list of trusted public key data in the keyring (key data only)
Definition KeyRing.cc:210
zypp::KeyRing::setDefaultAccept
static void setDefaultAccept(DefaultAccept value_r)
Set the active accept bits.
Definition KeyRing.cc:56
zypp::KeyRing::publicKeyData
std::list< PublicKeyData > publicKeyData()
Get a list of public key data in the keyring (key data only)
Definition KeyRing.cc:207
zypp::KeyRing::TRUST_KEY_TEMPORARILY
@ TRUST_KEY_TEMPORARILY
Definition KeyRing.h:190
zypp::KeyRing::ACCEPT_VERIFICATION_FAILED
@ ACCEPT_VERIFICATION_FAILED
Definition KeyRing.h:192
zypp::KeyRing::ACCEPT_UNKNOWNKEY
@ ACCEPT_UNKNOWNKEY
Definition KeyRing.h:189
zypp::KeyRing::TRUST_AND_IMPORT_KEY
@ TRUST_AND_IMPORT_KEY
Definition KeyRing.h:191
zypp::KeyRing::ACCEPT_UNSIGNED_FILE
@ ACCEPT_UNSIGNED_FILE
Definition KeyRing.h:188
zypp::KeyRing::exportTrustedPublicKey
PublicKey exportTrustedPublicKey(const PublicKeyData &keyData)
Export a trusted public key identified by its key data.
Definition KeyRing.cc:230
zypp::KeyRing::isKeyTrusted
bool isKeyTrusted(const std::string &id)
true if the key id is trusted
Definition KeyRing.cc:233
zypp::callback::UserData::get
const Tp & get(const std::string &key_r) const
Pass back a const Tp & reference to key_r value.
Definition UserData.h:176
zypp::callback::UserData::hasvalue
bool hasvalue(const std::string &key_r) const
Whether key_r is in data and value is not empty.
Definition UserData.h:102
zypp::callback::UserData::set
bool set(const std::string &key_r, AnyType val_r)
Set the value for key (nonconst version always returns true).
Definition UserData.h:119
keyring_p.h
zypp
Easy-to use interface to the ZYPP dependency resolver.
Definition CodePitfalls.doc:2
zypp::JobReport::error
static bool error(const std::string &msg_r, const UserData &userData_r=UserData())
send error text
Definition ZYppCallbacks.h:1107
zypp::KeyRingReport::infoVerify
virtual void infoVerify(const std::string &file_r, const PublicKeyData &keyData_r, const KeyContext &keycontext=KeyContext())
Informal callback showing the trusted key that will be used for verification.
Definition KeyRing.cc:62
zypp::KeyRingReport::reportNonImportedKeys
void reportNonImportedKeys(const std::set< Edition > &keys_r)
Notify the user about keys that were not imported from the rpm key database into zypp keyring.
Definition KeyRing.cc:96
zypp::KeyRingReport::KeyTrust
KeyTrust
User reply options for the askUserToTrustKey callback.
Definition KeyRing.h:54
zypp::KeyRingReport::KEY_TRUST_AND_IMPORT
@ KEY_TRUST_AND_IMPORT
Import the key.
Definition KeyRing.h:72
zypp::KeyRingReport::KEY_DONT_TRUST
@ KEY_DONT_TRUST
User has chosen not to trust the key.
Definition KeyRing.h:58
zypp::KeyRingReport::KEY_TRUST_TEMPORARILY
@ KEY_TRUST_TEMPORARILY
This basically means, we knew the key, but it was not trusted.
Definition KeyRing.h:63
zypp::KeyRingReport::REPORT_AUTO_IMPORT_KEY
static constexpr const char * REPORT_AUTO_IMPORT_KEY
generic reports UserData::type
Definition KeyRing.h:151
zypp::KeyRingReport::askUserToAcceptUnsignedFile
virtual bool askUserToAcceptUnsignedFile(const std::string &file, const KeyContext &keycontext=KeyContext())
Definition KeyRing.cc:65
zypp::KeyRingReport::askUserToAcceptPackageKey
bool askUserToAcceptPackageKey(const PublicKey &key_r, const KeyContext &keycontext_r=KeyContext())
Ask user to trust and/or import the package key to trusted keyring, using ReportBase::report.
Definition KeyRing.cc:84
zypp::KeyRingReport::ACCEPT_PACKAGE_KEY_REQUEST
static constexpr const char * ACCEPT_PACKAGE_KEY_REQUEST
generic reports UserData::type
Definition KeyRing.h:119
zypp::KeyRingReport::KEYS_NOT_IMPORTED_REPORT
static constexpr const char * KEYS_NOT_IMPORTED_REPORT
generic reports UserData::type
Definition KeyRing.h:132
zypp::KeyRingReport::reportAutoImportKey
void reportAutoImportKey(const std::list< PublicKeyData > &keyDataList_r, const PublicKeyData &keySigning_r, const KeyContext &keyContext_r)
Notify that a repository auto imported new package signing keys.
Definition KeyRing.cc:103
zypp::KeyRingReport::askUserToAcceptKey
virtual KeyTrust askUserToAcceptKey(const PublicKey &key, const KeyContext &keycontext=KeyContext())
Ask user to trust and/or import the key to trusted keyring.
Definition KeyRing.cc:69
zypp::KeyRingReport::askUserToAcceptUnknownKey
virtual bool askUserToAcceptUnknownKey(const std::string &file, const std::string &id, const KeyContext &keycontext=KeyContext())
we DONT know the key, only its id, but we have never seen it, the difference with trust key is that i...
Definition KeyRing.cc:78
zypp::KeyRingReport::askUserToAcceptVerificationFailed
virtual bool askUserToAcceptVerificationFailed(const std::string &file, const PublicKey &key, const KeyContext &keycontext=KeyContext())
The file filedesc is signed but the verification failed.
Definition KeyRing.cc:81
zypp::KeyRing::Impl::Impl
Impl(const filesystem::Pathname &baseTmpDir)
Definition KeyRing.cc:139
zypp::callback::ReportBase::report
virtual void report(const UserData &userData_r=UserData())
The most generic way of sending/receiving data.
Definition Callback.h:155
zypp::callback::ReportBase::UserData
callback::UserData UserData
Definition Callback.h:151
MIL
#define MIL
Definition Logger.h:100
ERR
#define ERR
Definition Logger.h:102
IMPL_PTR_TYPE
#define IMPL_PTR_TYPE(NAME)
Definition ReferenceCounted.h:137
Gettext.h
Interface to gettext.