2
* \file lib/signature.c
5
/* signature.c - RPM signature functions */
9
* Things have been cleaned up wrt PGP. We can now handle
10
* signatures of any length (which means you can use any
11
* size key you like). We also honor PGPPATH finally.
16
#if HAVE_ASM_BYTEORDER_H
17
#include <asm/byteorder.h>
21
#include <rpmmacro.h> /* XXX for rpmGetPath() */
24
#include "misc.h" /* XXX for dosetenv() and makeTempFile() */
26
#include "signature.h"
29
/*@access Header@*/ /* XXX compared with NULL */
30
/*@access FD_t@*/ /* XXX compared with NULL */
32
typedef unsigned char byte;
34
typedef int (*md5func)(const char * fn, /*@out@*/ byte * digest);
36
int rpmLookupSignatureType(int action)
38
static int disabled = 0;
42
case RPMLOOKUPSIG_DISABLE:
45
case RPMLOOKUPSIG_ENABLE:
48
case RPMLOOKUPSIG_QUERY:
51
{ const char *name = rpmExpand("%{_signature}", NULL);
52
if (!(name && *name != '%'))
54
else if (!xstrcasecmp(name, "none"))
56
else if (!xstrcasecmp(name, "pgp"))
58
else if (!xstrcasecmp(name, "pgp5")) /* XXX legacy */
60
else if (!xstrcasecmp(name, "gpg"))
63
rc = -1; /* Invalid %_signature spec in macro file */
70
/* rpmDetectPGPVersion() returns the absolute path to the "pgp" */
71
/* executable of the requested version, or NULL when none found. */
73
const char * rpmDetectPGPVersion(pgpVersion * pgpVer)
75
/* Actually this should support having more then one pgp version. */
76
/* At the moment only one version is possible since we only */
77
/* have one %_pgpbin and one %_pgp_path. */
79
static pgpVersion saved_pgp_version = PGP_UNKNOWN;
80
const char *pgpbin = rpmGetPath("%{_pgpbin}", NULL);
82
if (saved_pgp_version == PGP_UNKNOWN) {
86
if (!(pgpbin && pgpbin[0] != '%')) {
87
pgpbin = _free(pgpbin);
88
saved_pgp_version = -1;
91
pgpvbin = (char *)alloca(strlen(pgpbin) + sizeof("v"));
92
(void)stpcpy(stpcpy(pgpvbin, pgpbin), "v");
94
if (stat(pgpvbin, &st) == 0)
95
saved_pgp_version = PGP_5;
96
else if (stat(pgpbin, &st) == 0)
97
saved_pgp_version = PGP_2;
99
saved_pgp_version = PGP_NOTDETECTED;
102
if (pgpVer && pgpbin)
103
*pgpVer = saved_pgp_version;
108
* Check package size.
109
* @todo rpmio: use fdSize rather than fstat(2) to get file size.
110
* @param fd package file handle
111
* @param siglen signature header size
112
* @param pad signature padding
113
* @param datalen length of header+payload
114
* @return rpmRC return code
116
static inline rpmRC checkSize(FD_t fd, int siglen, int pad, int datalen)
117
/*@modifies fileSystem @*/
122
if (fstat(Fileno(fd), &st))
125
if (!S_ISREG(st.st_mode)) {
126
rpmMessage(RPMMESS_DEBUG,
127
_("file is not regular -- skipping size check\n"));
131
rc = (((sizeof(struct rpmlead) + siglen + pad + datalen) - st.st_size)
132
? RPMRC_BADSIZE : RPMRC_OK);
134
rpmMessage((rc == RPMRC_OK ? RPMMESS_DEBUG : RPMMESS_WARNING),
135
_("Expected size: %12d = lead(%d)+sigs(%d)+pad(%d)+data(%d)\n"),
136
(int)sizeof(struct rpmlead)+siglen+pad+datalen,
137
(int)sizeof(struct rpmlead), siglen, pad, datalen);
138
rpmMessage((rc == RPMRC_OK ? RPMMESS_DEBUG : RPMMESS_WARNING),
139
_(" Actual size: %12d\n"), (int)st.st_size);
144
rpmRC rpmReadSignature(FD_t fd, Header * headerp, sigType sig_type)
151
rpmRC rc = RPMRC_FAIL; /* assume failure */
158
case RPMSIGTYPE_NONE:
159
rpmMessage(RPMMESS_DEBUG, _("No signature\n"));
162
case RPMSIGTYPE_PGP262_1024:
163
rpmMessage(RPMMESS_DEBUG, _("Old PGP signature\n"));
164
/* These are always 256 bytes */
165
if (timedRead(fd, buf, 256) != 256)
168
(void) headerAddEntry(h, RPMSIGTAG_PGP, RPM_BIN_TYPE, buf, 152);
172
case RPMSIGTYPE_MD5_PGP:
173
rpmError(RPMERR_BADSIGTYPE,
174
_("Old (internal-only) signature! How did you get that!?\n"));
176
case RPMSIGTYPE_HEADERSIG:
177
case RPMSIGTYPE_DISABLE:
178
/* This is a new style signature */
179
h = headerRead(fd, HEADER_MAGIC_YES);
184
sigSize = headerSizeof(h, HEADER_MAGIC_YES);
186
/* XXX Legacy headers have a HEADER_IMAGE tag added. */
187
if (headerIsEntry(h, RPMTAG_HEADERIMAGE))
188
sigSize -= (16 + 16);
190
pad = (8 - (sigSize % 8)) % 8; /* 8-byte pad */
191
if (sig_type == RPMSIGTYPE_HEADERSIG) {
192
if (! headerGetEntry(h, RPMSIGTAG_SIZE, &type,
193
(void **)&archSize, &count))
195
rc = checkSize(fd, sigSize, pad, *archSize);
197
if (pad && timedRead(fd, buf, pad) != pad)
198
rc = RPMRC_SHORTREAD;
204
if (rc == 0 && headerp)
214
int rpmWriteSignature(FD_t fd, Header h)
216
static byte buf[8] = "\000\000\000\000\000\000\000\000";
220
rc = headerWrite(fd, h, HEADER_MAGIC_YES);
224
sigSize = headerSizeof(h, HEADER_MAGIC_YES);
225
pad = (8 - (sigSize % 8)) % 8;
227
if (Fwrite(buf, sizeof(buf[0]), pad, fd) != pad)
230
rpmMessage(RPMMESS_DEBUG, _("Signature: size(%d)+pad(%d)\n"), sigSize, pad);
234
Header rpmNewSignature(void)
236
Header h = headerNew();
240
Header rpmFreeSignature(Header h)
242
return headerFree(h);
245
static int makePGPSignature(const char * file, /*@out@*/ void ** sig,
246
/*@out@*/ int_32 * size, /*@null@*/ const char * passPhrase)
247
/*@modifies *sig, *size, fileSystem @*/
249
char * sigfile = alloca(1024);
254
(void) stpcpy( stpcpy(sigfile, file), ".sig");
256
inpipe[0] = inpipe[1] = 0;
259
if (!(pid = fork())) {
260
const char *pgp_path = rpmExpand("%{_pgp_path}", NULL);
261
const char *name = rpmExpand("+myname=\"%{_pgp_name}\"", NULL);
265
(void) close(STDIN_FILENO);
266
(void) dup2(inpipe[0], 3);
267
(void) close(inpipe[1]);
269
(void) dosetenv("PGPPASSFD", "3", 1);
270
if (pgp_path && *pgp_path != '%')
271
(void) dosetenv("PGPPATH", pgp_path, 1);
273
/* dosetenv("PGPPASS", passPhrase, 1); */
275
if ((path = rpmDetectPGPVersion(&pgpVer)) != NULL) {
278
(void) execlp(path, "pgp", "+batchmode=on", "+verbose=0", "+armor=off",
279
name, "-sb", file, sigfile, NULL);
282
(void) execlp(path,"pgps", "+batchmode=on", "+verbose=0", "+armor=off",
283
name, "-b", file, "-o", sigfile, NULL);
286
case PGP_NOTDETECTED:
290
rpmError(RPMERR_EXEC, _("Couldn't exec pgp (%s)\n"),
291
(path ? path : NULL));
295
(void) close(inpipe[0]);
297
(void) write(inpipe[1], passPhrase, strlen(passPhrase));
298
(void) write(inpipe[1], "\n", 1);
299
(void) close(inpipe[1]);
301
(void)waitpid(pid, &status, 0);
302
if (!WIFEXITED(status) || WEXITSTATUS(status)) {
303
rpmError(RPMERR_SIGGEN, _("pgp failed\n"));
307
if (stat(sigfile, &st)) {
308
/* PGP failed to write signature */
309
if (sigfile) (void) unlink(sigfile); /* Just in case */
310
rpmError(RPMERR_SIGGEN, _("pgp failed to write signature\n"));
315
rpmMessage(RPMMESS_DEBUG, _("PGP sig size: %d\n"), *size);
316
*sig = xmalloc(*size);
320
fd = Fopen(sigfile, "r.fdio");
321
if (fd != NULL && !Ferror(fd)) {
322
rc = timedRead(fd, *sig, *size);
323
if (sigfile) (void) unlink(sigfile);
328
rpmError(RPMERR_SIGGEN, _("unable to read the signature\n"));
333
rpmMessage(RPMMESS_DEBUG, _("Got %d bytes of PGP sig\n"), *size);
338
/* This is an adaptation of the makePGPSignature function to use GPG instead
339
* of PGP to create signatures. I think I've made all the changes necessary,
340
* but this could be a good place to start looking if errors in GPG signature
343
static int makeGPGSignature(const char * file, /*@out@*/ void ** sig,
344
/*@out@*/ int_32 * size, /*@null@*/ const char * passPhrase)
345
/*@modifies *sig, *size, fileSystem @*/
347
char * sigfile = alloca(1024);
353
(void) stpcpy( stpcpy(sigfile, file), ".sig");
355
inpipe[0] = inpipe[1] = 0;
358
if (!(pid = fork())) {
359
const char *gpg_path = rpmExpand("%{_gpg_path}", NULL);
360
const char *name = rpmExpand("%{_gpg_name}", NULL);
362
(void) close(STDIN_FILENO);
363
(void) dup2(inpipe[0], 3);
364
(void) close(inpipe[1]);
366
if (gpg_path && *gpg_path != '%')
367
(void) dosetenv("GNUPGHOME", gpg_path, 1);
368
(void) execlp("gpg", "gpg",
369
"--batch", "--no-verbose", "--no-armor", "--passphrase-fd", "3",
370
"-u", name, "-sbo", sigfile, file,
372
rpmError(RPMERR_EXEC, _("Couldn't exec gpg\n"));
376
fpipe = fdopen(inpipe[1], "w");
377
(void) close(inpipe[0]);
379
fprintf(fpipe, "%s\n", (passPhrase ? passPhrase : ""));
380
(void) fclose(fpipe);
383
(void)waitpid(pid, &status, 0);
384
if (!WIFEXITED(status) || WEXITSTATUS(status)) {
385
rpmError(RPMERR_SIGGEN, _("gpg failed\n"));
389
if (stat(sigfile, &st)) {
390
/* GPG failed to write signature */
391
if (sigfile) (void) unlink(sigfile); /* Just in case */
392
rpmError(RPMERR_SIGGEN, _("gpg failed to write signature\n"));
397
rpmMessage(RPMMESS_DEBUG, _("GPG sig size: %d\n"), *size);
398
*sig = xmalloc(*size);
402
fd = Fopen(sigfile, "r.fdio");
403
if (fd != NULL && !Ferror(fd)) {
404
rc = timedRead(fd, *sig, *size);
405
if (sigfile) (void) unlink(sigfile);
410
rpmError(RPMERR_SIGGEN, _("unable to read the signature\n"));
415
rpmMessage(RPMMESS_DEBUG, _("Got %d bytes of GPG sig\n"), *size);
420
int rpmAddSignature(Header h, const char * file, int_32 sigTag,
421
const char *passPhrase)
431
(void) stat(file, &st);
434
(void) headerAddEntry(h, RPMSIGTAG_SIZE, RPM_INT32_TYPE, &size, 1);
437
ret = mdbinfile(file, buf);
439
(void) headerAddEntry(h, sigTag, RPM_BIN_TYPE, buf, 16);
441
case RPMSIGTAG_PGP5: /* XXX legacy */
443
rpmMessage(RPMMESS_VERBOSE, _("Generating signature using PGP.\n"));
444
ret = makePGPSignature(file, &sig, &size, passPhrase);
446
(void) headerAddEntry(h, sigTag, RPM_BIN_TYPE, sig, size);
449
rpmMessage(RPMMESS_VERBOSE, _("Generating signature using GPG.\n"));
450
ret = makeGPGSignature(file, &sig, &size, passPhrase);
452
(void) headerAddEntry(h, sigTag, RPM_BIN_TYPE, sig, size);
459
static rpmVerifySignatureReturn
460
verifySizeSignature(const char * datafile, int_32 size, /*@out@*/ char * result)
461
/*@modifies *result, fileSystem @*/
465
(void) stat(datafile, &st);
466
if (size != st.st_size) {
467
sprintf(result, "Header+Archive size mismatch.\n"
468
"Expected %d, saw %d.\n",
469
size, (int)st.st_size);
473
sprintf(result, "Header+Archive size OK: %d bytes\n", size);
477
#define X(_x) (unsigned)((_x) & 0xff)
479
static rpmVerifySignatureReturn
480
verifyMD5Signature(const char * datafile, const byte * sig,
481
/*@out@*/ char * result, md5func fn)
482
/*@modifies *result, fileSystem @*/
486
memset(md5sum, 0, sizeof(md5sum));
487
(void) fn(datafile, md5sum);
488
if (memcmp(md5sum, sig, 16)) {
489
sprintf(result, "MD5 sum mismatch\n"
490
"Expected: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x"
491
"%02x%02x%02x%02x%02x\n"
492
"Saw : %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x"
493
"%02x%02x%02x%02x%02x\n",
494
X(sig[0]), X(sig[1]), X(sig[2]), X(sig[3]),
495
X(sig[4]), X(sig[5]), X(sig[6]), X(sig[7]),
496
X(sig[8]), X(sig[9]), X(sig[10]), X(sig[11]),
497
X(sig[12]), X(sig[13]), X(sig[14]), X(sig[15]),
498
X(md5sum[0]), X(md5sum[1]), X(md5sum[2]), X(md5sum[3]),
499
X(md5sum[4]), X(md5sum[5]), X(md5sum[6]), X(md5sum[7]),
500
X(md5sum[8]), X(md5sum[9]), X(md5sum[10]), X(md5sum[11]),
501
X(md5sum[12]), X(md5sum[13]), X(md5sum[14]), X(md5sum[15]) );
505
sprintf(result, "MD5 sum OK: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x"
506
"%02x%02x%02x%02x%02x\n",
507
X(md5sum[0]), X(md5sum[1]), X(md5sum[2]), X(md5sum[3]),
508
X(md5sum[4]), X(md5sum[5]), X(md5sum[6]), X(md5sum[7]),
509
X(md5sum[8]), X(md5sum[9]), X(md5sum[10]), X(md5sum[11]),
510
X(md5sum[12]), X(md5sum[13]), X(md5sum[14]), X(md5sum[15]) );
515
static rpmVerifySignatureReturn
516
verifyPGPSignature(const char * datafile, const void * sig, int count,
517
/*@out@*/ char * result)
518
/*@modifies *result, fileSystem @*/
520
int pid, status, outpipe[2];
521
/*@only@*/ /*@null@*/ const char * sigfile = NULL;
528
/* What version do we have? */
529
if ((path = rpmDetectPGPVersion(&pgpVer)) == NULL) {
531
rpmError(RPMERR_EXEC,
532
_("Could not run pgp. Use --nopgp to skip PGP checks.\n"));
537
* Sad but true: pgp-5.0 returns exit value of 0 on bad signature.
538
* Instead we have to use the text output to detect a bad signature.
543
/* Write out the signature */
545
{ const char *tmppath = rpmGetPath("%{_tmppath}", NULL);
546
sigfile = tempnam(tmppath, "rpmsig");
547
tmppath = _free(tmppath);
549
sfd = Fopen(sigfile, "w.fdio");
550
if (sfd != NULL && !Ferror(sfd)) {
551
(void) Fwrite(sig, sizeof(char), count, sfd);
556
if (!makeTempFile(NULL, &sigfile, &sfd)) {
557
(void) Fwrite(sig, sizeof(char), count, sfd);
567
outpipe[0] = outpipe[1] = 0;
568
(void) pipe(outpipe);
570
if (!(pid = fork())) {
571
const char *pgp_path = rpmExpand("%{_pgp_path}", NULL);
573
(void) close(outpipe[0]);
574
(void) close(STDOUT_FILENO); /* XXX unnecessary */
575
(void) dup2(outpipe[1], STDOUT_FILENO);
577
if (pgp_path && *pgp_path != '%')
578
(void) dosetenv("PGPPATH", pgp_path, 1);
582
/* Some output (in particular "This signature applies to */
583
/* another message") is _always_ written to stderr; we */
584
/* want to catch that output, so dup stdout to stderr: */
585
{ int save_stderr = dup(2);
587
(void) execlp(path, "pgpv", "+batchmode=on", "+verbose=0",
588
/* Write "Good signature..." to stdout: */
589
"+OutputInformationFD=1",
590
/* Write "WARNING: ... is not trusted to... to stdout: */
591
"+OutputWarningFD=1",
592
sigfile, "-o", datafile, NULL);
593
/* Restore stderr so we can print the error message below. */
594
(void) dup2(save_stderr, 2);
595
(void) close(save_stderr);
598
(void) execlp(path, "pgp", "+batchmode=on", "+verbose=0",
599
sigfile, datafile, NULL);
602
case PGP_NOTDETECTED:
606
rpmError(RPMERR_EXEC,
607
_("Could not run pgp. Use --nopgp to skip PGP checks.\n"));
611
(void) close(outpipe[1]);
612
file = fdopen(outpipe[0], "r");
615
while (fgets(buf, 1024, file)) {
616
if (strncmp("File '", buf, 6) &&
617
strncmp("Text is assu", buf, 12) &&
618
strncmp("This signature applies to another message", buf, 41) &&
622
if (!strncmp("WARNING: Can't find the right public key", buf, 40))
624
else if (!strncmp("Signature by unknown keyid:", buf, 27))
626
else if (!strncmp("WARNING: The signing key is not trusted", buf, 39))
627
res = RPMSIG_NOTTRUSTED;
628
else if (!strncmp("Good signature", buf, 14))
634
(void) waitpid(pid, &status, 0);
635
if (sigfile) (void) unlink(sigfile);
636
sigfile = _free(sigfile);
637
if (!res && (!WIFEXITED(status) || WEXITSTATUS(status))) {
644
static rpmVerifySignatureReturn
645
verifyGPGSignature(const char * datafile, const void * sig, int count,
646
/*@out@*/ char * result)
647
/*@modifies *result, fileSystem @*/
649
int pid, status, outpipe[2];
650
/*@only@*/ /*@null@*/ const char * sigfile = NULL;
655
/* Write out the signature */
657
{ const char *tmppath = rpmGetPath("%{_tmppath}", NULL);
658
sigfile = tempnam(tmppath, "rpmsig");
659
tmppath = _free(tmppath);
661
sfd = Fopen(sigfile, "w.fdio");
662
if (sfd != NULL && !Ferror(sfd)) {
663
(void) Fwrite(sig, sizeof(char), count, sfd);
668
if (!makeTempFile(NULL, &sigfile, &sfd)) {
669
(void) Fwrite(sig, sizeof(char), count, sfd);
679
outpipe[0] = outpipe[1] = 0;
680
(void) pipe(outpipe);
682
if (!(pid = fork())) {
683
const char *gpg_path = rpmExpand("%{_gpg_path}", NULL);
685
(void) close(outpipe[0]);
686
/* gpg version 0.9 sends its output to stderr. */
687
(void) dup2(outpipe[1], STDERR_FILENO);
689
if (gpg_path && *gpg_path != '%')
690
(void) dosetenv("GNUPGHOME", gpg_path, 1);
692
(void) execlp("gpg", "gpg",
693
"--batch", "--no-verbose",
694
"--verify", sigfile, datafile,
696
rpmError(RPMERR_EXEC,
697
_("Could not run gpg. Use --nogpg to skip GPG checks.\n"));
701
(void) close(outpipe[1]);
702
file = fdopen(outpipe[0], "r");
705
while (fgets(buf, 1024, file)) {
707
if (!xstrncasecmp("gpg: Can't check signature: Public key not found", buf, 48)) {
714
(void) waitpid(pid, &status, 0);
715
if (sigfile) (void) unlink(sigfile);
716
sigfile = _free(sigfile);
717
if (!res && (!WIFEXITED(status) || WEXITSTATUS(status))) {
724
static int checkPassPhrase(const char * passPhrase, const int sigTag)
725
/*@modifies fileSystem @*/
727
int passPhrasePipe[2];
731
passPhrasePipe[0] = passPhrasePipe[1] = 0;
732
(void) pipe(passPhrasePipe);
733
if (!(pid = fork())) {
734
(void) close(STDIN_FILENO);
735
(void) close(STDOUT_FILENO);
736
(void) close(passPhrasePipe[1]);
737
if (! rpmIsVerbose()) {
738
(void) close(STDERR_FILENO);
740
if ((fd = open("/dev/null", O_RDONLY)) != STDIN_FILENO) {
741
(void) dup2(fd, STDIN_FILENO);
744
if ((fd = open("/dev/null", O_WRONLY)) != STDOUT_FILENO) {
745
(void) dup2(fd, STDOUT_FILENO);
748
(void) dup2(passPhrasePipe[0], 3);
752
{ const char *gpg_path = rpmExpand("%{_gpg_path}", NULL);
753
const char *name = rpmExpand("%{_gpg_name}", NULL);
754
if (gpg_path && *gpg_path != '%')
755
(void) dosetenv("GNUPGHOME", gpg_path, 1);
756
(void) execlp("gpg", "gpg",
757
"--batch", "--no-verbose", "--passphrase-fd", "3",
758
"-u", name, "-so", "-",
760
rpmError(RPMERR_EXEC, _("Couldn't exec gpg\n"));
762
} /*@notreached@*/ break;
763
case RPMSIGTAG_PGP5: /* XXX legacy */
765
{ const char *pgp_path = rpmExpand("%{_pgp_path}", NULL);
766
const char *name = rpmExpand("+myname=\"%{_pgp_name}\"", NULL);
770
(void) dosetenv("PGPPASSFD", "3", 1);
771
if (pgp_path && *pgp_path != '%')
772
(void) dosetenv("PGPPATH", pgp_path, 1);
774
if ((path = rpmDetectPGPVersion(&pgpVer)) != NULL) {
777
(void) execlp(path, "pgp", "+batchmode=on", "+verbose=0",
780
case PGP_5: /* XXX legacy */
781
(void) execlp(path,"pgps", "+batchmode=on", "+verbose=0",
785
case PGP_NOTDETECTED:
789
rpmError(RPMERR_EXEC, _("Couldn't exec pgp\n"));
791
} /*@notreached@*/ break;
792
default: /* This case should have been screened out long ago. */
793
rpmError(RPMERR_SIGGEN, _("Invalid %%_signature spec in macro file\n"));
794
_exit(RPMERR_SIGGEN);
795
/*@notreached@*/ break;
799
(void) close(passPhrasePipe[0]);
800
(void) write(passPhrasePipe[1], passPhrase, strlen(passPhrase));
801
(void) write(passPhrasePipe[1], "\n", 1);
802
(void) close(passPhrasePipe[1]);
804
(void)waitpid(pid, &status, 0);
805
if (!WIFEXITED(status) || WEXITSTATUS(status)) {
809
/* passPhrase is good */
813
char * rpmGetPassPhrase(const char * prompt, const int sigTag)
820
{ const char *name = rpmExpand("%{_gpg_name}", NULL);
821
aok = (name && *name != '%');
825
rpmError(RPMERR_SIGGEN,
826
_("You must set \"%%_gpg_name\" in your macro file\n"));
830
case RPMSIGTAG_PGP5: /* XXX legacy */
832
{ const char *name = rpmExpand("%{_pgp_name}", NULL);
833
aok = (name && *name != '%');
837
rpmError(RPMERR_SIGGEN,
838
_("You must set \"%%_pgp_name\" in your macro file\n"));
843
/* Currently the calling function (rpm.c:main) is checking this and
844
* doing a better job. This section should never be accessed.
846
rpmError(RPMERR_SIGGEN, _("Invalid %%_signature spec in macro file\n"));
848
/*@notreached@*/ break;
851
pass = /*@-unrecog@*/ getpass( (prompt ? prompt : "") ) /*@=unrecog@*/ ;
853
if (checkPassPhrase(pass, sigTag))
859
rpmVerifySignatureReturn
860
rpmVerifySignature(const char * file, int_32 sigTag, const void * sig,
861
int count, char * result)
865
return verifySizeSignature(file, *(int_32 *)sig, result);
866
/*@notreached@*/ break;
868
return verifyMD5Signature(file, sig, result, mdbinfile);
869
/*@notreached@*/ break;
870
case RPMSIGTAG_LEMD5_1:
871
case RPMSIGTAG_LEMD5_2:
872
return verifyMD5Signature(file, sig, result, mdbinfileBroken);
873
/*@notreached@*/ break;
874
case RPMSIGTAG_PGP5: /* XXX legacy */
876
return verifyPGPSignature(file, sig, count, result);
877
/*@notreached@*/ break;
879
return verifyGPGSignature(file, sig, count, result);
880
/*@notreached@*/ break;
882
sprintf(result, "Do not know how to verify sig type %d\n", sigTag);
883
return RPMSIG_UNKNOWN;