diff --git a/include/rpm/rpmts.h b/include/rpm/rpmts.h index 7c92a605b3..75e2067a0c 100644 --- a/include/rpm/rpmts.h +++ b/include/rpm/rpmts.h @@ -14,6 +14,7 @@ #include #include #include +#include #ifdef __cplusplus extern "C" { @@ -359,7 +360,18 @@ rpmRC rpmtxnImportPubkey(rpmtxn txn, const unsigned char * pkt, size_t pktlen); * RPMRC_NOKEY on invalid keyid * RPMRC_FAIL on other failure */ -rpmRC rpmtxnDeletePubkey(rpmtxn txn, const char *keyid); +rpmRC rpmtxnDeletePubkeyByID(rpmtxn txn, const char *keyid); + +/** \ingroup rpmts + * Delete public key from transaction keystore. + * @param txn transaction handle + * @param key public key + * @return RPMRC_OK on success + * RPMRC_NOTFOUND if key not found + * RPMRC_NOKEY on invalid keyid + * RPMRC_FAIL on other failure + */ +rpmRC rpmtxnDeletePubkey(rpmtxn txn, rpmPubkey key); /** \ingroup rpmts * Retrieve handle for keyring used for this transaction set diff --git a/lib/rpmts.cc b/lib/rpmts.cc index 6ba46a7c1b..4fb2b8a01c 100644 --- a/lib/rpmts.cc +++ b/lib/rpmts.cc @@ -781,10 +781,11 @@ rpmRC rpmtxnImportPubkey(rpmtxn txn, const unsigned char * pkt, size_t pktlen) return rc; } -rpmRC rpmtxnDeletePubkey(rpmtxn txn, const char *keyid) +rpmRC rpmtxnDeletePubkeyByID(rpmtxn txn, const char *keyid) { rpmRC rc = RPMRC_FAIL; size_t klen = strlen(keyid); + const char * shortid = NULL; /* Allow short keyid while we're transitioning */ if (klen != 40 && klen != 16 && klen != 8) @@ -793,6 +794,8 @@ rpmRC rpmtxnDeletePubkey(rpmtxn txn, const char *keyid) if (!rpmIsValidHex(keyid, klen)) return RPMRC_NOKEY; + shortid = keyid + klen - 8; + if (txn) { /* force keyring load */ rpmVSFlags oflags = rpmtsVSFlags(txn->ts); @@ -804,12 +807,22 @@ rpmRC rpmtxnDeletePubkey(rpmtxn txn, const char *keyid) rc = RPMRC_OK; if (!(rpmtsFlags(txn->ts) & RPMTRANS_FLAG_TEST)) { if (txn->ts->keyringtype == KEYRING_FS) - rc = rpmtsDeleteFSKey(txn, keyid); + rc = rpmtsDeleteFSKey(txn, shortid); else - rc = rpmtsDeleteDBKey(txn, keyid); + rc = rpmtsDeleteDBKey(txn, shortid); } rpmKeyringFree(keyring); } + + return rc; +} + +rpmRC rpmtxnDeletePubkey(rpmtxn txn, rpmPubkey key) +{ + char * keyid = rpmPubkeyKeyIDAsHex(key); + rpmRC rc = rpmtxnDeletePubkeyByID(txn, keyid); + free(keyid); + return rc; } diff --git a/tests/rpmsigdig.at b/tests/rpmsigdig.at index e3209a36d0..2d75b83959 100644 --- a/tests/rpmsigdig.at +++ b/tests/rpmsigdig.at @@ -78,7 +78,7 @@ runroot rpmkeys -Kv /data/RPMS/hello-2.0-1.x86_64-signed-with-new-subkey.rpm RPMTEST_CHECK([ runroot rpmkeys --delete abcd gimmekey 1111aaaa2222bbbb ], -[3], +[1], [], [error: invalid key id: abcd error: invalid key id: gimmekey @@ -147,7 +147,7 @@ runroot rpmkeys -Kv /data/RPMS/hello-2.0-1.x86_64-signed-with-new-subkey.rpm RPMTEST_CHECK([ runroot rpmkeys --delete abcd gimmekey 1111aaaa2222bbbb ], -[3], +[1], [], [error: invalid key id: abcd error: invalid key id: gimmekey diff --git a/tools/rpmkeys.cc b/tools/rpmkeys.cc index 9f59b465a7..dcbffcd79b 100644 --- a/tools/rpmkeys.cc +++ b/tools/rpmkeys.cc @@ -122,6 +122,13 @@ static int printKey(rpmPubkey key, void * data) return 0; } +static int deleteKey(rpmPubkey key, void * data) +{ + rpmtxn txn = (rpmtxn) data; + rpmtxnDeletePubkey(txn, key); + return 0; +} + int main(int argc, char *argv[]) { int ec = EXIT_FAILURE; @@ -157,20 +164,7 @@ int main(int argc, char *argv[]) { rpmtxn txn = rpmtxnBegin(ts, RPMTXN_WRITE); if (txn) { - int nfail = 0; - for (char const * const *arg = args; *arg && **arg; arg++) { - rpmRC delrc = rpmtxnDeletePubkey(txn, *arg); - if (delrc) { - if (delrc == RPMRC_NOTFOUND) - rpmlog(RPMLOG_ERR, ("key not found: %s\n"), *arg); - else if (delrc == RPMRC_NOKEY) - rpmlog(RPMLOG_ERR, ("invalid key id: %s\n"), *arg); - else if (delrc == RPMRC_FAIL) - rpmlog(RPMLOG_ERR, ("failed to delete key: %s\n"), *arg); - nfail++; - } - } - ec = nfail; + ec = matchingKeys(ts, args, deleteKey, txn); rpmtxnEnd(txn); } break;