Move subkey handling into rpmKeyringModify

Drop true "modify" behaviour and replace it by delete then insert. This way a change in subkeys is fully reflected. Resolves: rpm-software-management#3350
ffesti · Oct 8, 2024 · b24c756 · b24c756
1 parent 9ac1c0d
commit b24c756
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 43 deletions.
diff --git a/lib/rpmts.cc b/lib/rpmts.cc
@@ -288,8 +288,6 @@ static int loadKeyringFromFiles(rpmts ts)
     }
 
     for (char **f = files; *f; f++) {
-	int subkeysCount, i;
-	rpmPubkey *subkeys;
 	rpmPubkey key = rpmPubkeyRead(*f);
 
 	if (!key) {
@@ -300,22 +298,7 @@ static int loadKeyringFromFiles(rpmts ts)
 	    nkeys++;
 	    rpmlog(RPMLOG_DEBUG, "added key %s to keyring\n", *f);
 	}
-	subkeys = rpmGetSubkeys(key, &subkeysCount);
 	rpmPubkeyFree(key);
-
-	for (i = 0; i < subkeysCount; i++) {
-	    rpmPubkey subkey = subkeys[i];
-
-	    if (rpmKeyringAddKey(ts->keyring, subkey) == 0) {
-		rpmlog(RPMLOG_DEBUG,
-		    "added subkey %d of main key %s to keyring\n",
-		    i, *f);
-
-		nkeys++;
-	    }
-	    rpmPubkeyFree(subkey);
-	}
-	free(subkeys);
     }
 exit:
     free(pkpath);
@@ -344,8 +327,6 @@ static int loadKeyringFromDB(rpmts ts)
 
 	    if (rpmBase64Decode(key, (void **) &pkt, &pktlen) == 0) {
 		rpmPubkey key = rpmPubkeyNew(pkt, pktlen);
-		int subkeysCount, i;
-		rpmPubkey *subkeys = rpmGetSubkeys(key, &subkeysCount);
 
 		if (rpmKeyringAddKey(ts->keyring, key) == 0) {
 		    char *nvr = headerGetAsString(h, RPMTAG_NVR);
@@ -354,22 +335,6 @@ static int loadKeyringFromDB(rpmts ts)
 		    nkeys++;
 		}
 		rpmPubkeyFree(key);
-
-		for (i = 0; i < subkeysCount; i++) {
-		    rpmPubkey subkey = subkeys[i];
-
-		    if (rpmKeyringAddKey(ts->keyring, subkey) == 0) {
-			char *nvr = headerGetAsString(h, RPMTAG_NVR);
-			rpmlog(RPMLOG_DEBUG,
-			    "added subkey %d of main key %s to keyring\n",
-			    i, nvr);
-
-			free(nvr);
-			nkeys++;
-		    }
-		    rpmPubkeyFree(subkey);
-		}
-		free(subkeys);
 		free(pkt);
 	    }
 	}
@@ -711,8 +676,6 @@ rpmRC rpmtsImportPubkey(const rpmts ts, const unsigned char * pkt, size_t pktlen
     krc = rpmKeyringModify(keyring, pubkey, oldkey ? RPMKEYRING_REPLACE : RPMKEYRING_ADD);
     if (krc < 0)
 	goto exit;
-    for (i = 0; i < subkeysCount; i++)
-	rpmKeyringModify(keyring, subkeys[i], oldkey ? RPMKEYRING_REPLACE : RPMKEYRING_ADD);
 
     /* If we dont already have the key, make a persistent record of it */
     if (krc == 0) {

diff --git a/rpmio/rpmkeyring.cc b/rpmio/rpmkeyring.cc
@@ -73,16 +73,30 @@ int rpmKeyringModify(rpmKeyring keyring, rpmPubkey key, rpmKeyringModifyMode mod
     /* check if we already have this key, but always wrlock for simplicity */
     wrlock lock(keyring->mutex);
     auto item = keyring->keys.find(key->keyid);
-    if (item != keyring->keys.end() && mode == RPMKEYRING_DELETE) {
+    if (item != keyring->keys.end() && (mode == RPMKEYRING_DELETE || mode == RPMKEYRING_REPLACE)) {
+	/* remove subkeys first */
+	if (key->subkeys) {
+	    rdlock sklock(key->subkeys->mutex);
+            for (auto i : key->subkeys->keys) {
+		auto skitem = keyring->keys.find(i.second->keyid);
+		if (skitem != keyring->keys.end()) {
+		    rpmPubkeyFree(skitem->second);
+		    keyring->keys.erase(skitem);
+		}
+	    }
+	}
 	rpmPubkeyFree(item->second);
 	keyring->keys.erase(item);
 	rc = 0;
-    } else if (item != keyring->keys.end() && mode == RPMKEYRING_REPLACE) {
-	rpmPubkeyFree(item->second);
-	item->second = rpmPubkeyLink(key);
-	rc = 0;
-    } else if (item == keyring->keys.end() && (mode == RPMKEYRING_ADD ||mode == RPMKEYRING_REPLACE) ) {
+    }
+    if ((item == keyring->keys.end() && mode == RPMKEYRING_ADD) || mode == RPMKEYRING_REPLACE) {
 	keyring->keys.insert({key->keyid, rpmPubkeyLink(key)});
+	if (key->subkeys) {
+	    rdlock sklock(key->subkeys->mutex);
+	    for (auto i : key->subkeys->keys) {
+		keyring->keys.insert({i.first, rpmPubkeyLink(i.second)});
+	    }
+	}
 	rc = 0;
     }