From b24c756cb80241ffc35bc4dc468dace39f465583 Mon Sep 17 00:00:00 2001 From: Florian Festi Date: Fri, 4 Oct 2024 19:58:37 +0200 Subject: [PATCH] Move subkey handling into rpmKeyringModify Drop true "modify" behaviour and replace it by delete then insert. This way a change in subkeys is fully reflected. Resolves: #3350 --- lib/rpmts.cc | 37 ------------------------------------- rpmio/rpmkeyring.cc | 26 ++++++++++++++++++++------ 2 files changed, 20 insertions(+), 43 deletions(-) diff --git a/lib/rpmts.cc b/lib/rpmts.cc index 2119b0f72c..916707d86a 100644 --- a/lib/rpmts.cc +++ b/lib/rpmts.cc @@ -288,8 +288,6 @@ static int loadKeyringFromFiles(rpmts ts) } for (char **f = files; *f; f++) { - int subkeysCount, i; - rpmPubkey *subkeys; rpmPubkey key = rpmPubkeyRead(*f); if (!key) { @@ -300,22 +298,7 @@ static int loadKeyringFromFiles(rpmts ts) nkeys++; rpmlog(RPMLOG_DEBUG, "added key %s to keyring\n", *f); } - subkeys = rpmGetSubkeys(key, &subkeysCount); rpmPubkeyFree(key); - - for (i = 0; i < subkeysCount; i++) { - rpmPubkey subkey = subkeys[i]; - - if (rpmKeyringAddKey(ts->keyring, subkey) == 0) { - rpmlog(RPMLOG_DEBUG, - "added subkey %d of main key %s to keyring\n", - i, *f); - - nkeys++; - } - rpmPubkeyFree(subkey); - } - free(subkeys); } exit: free(pkpath); @@ -344,8 +327,6 @@ static int loadKeyringFromDB(rpmts ts) if (rpmBase64Decode(key, (void **) &pkt, &pktlen) == 0) { rpmPubkey key = rpmPubkeyNew(pkt, pktlen); - int subkeysCount, i; - rpmPubkey *subkeys = rpmGetSubkeys(key, &subkeysCount); if (rpmKeyringAddKey(ts->keyring, key) == 0) { char *nvr = headerGetAsString(h, RPMTAG_NVR); @@ -354,22 +335,6 @@ static int loadKeyringFromDB(rpmts ts) nkeys++; } rpmPubkeyFree(key); - - for (i = 0; i < subkeysCount; i++) { - rpmPubkey subkey = subkeys[i]; - - if (rpmKeyringAddKey(ts->keyring, subkey) == 0) { - char *nvr = headerGetAsString(h, RPMTAG_NVR); - rpmlog(RPMLOG_DEBUG, - "added subkey %d of main key %s to keyring\n", - i, nvr); - - free(nvr); - nkeys++; - } - rpmPubkeyFree(subkey); - } - free(subkeys); free(pkt); } } @@ -711,8 +676,6 @@ rpmRC rpmtsImportPubkey(const rpmts ts, const unsigned char * pkt, size_t pktlen krc = rpmKeyringModify(keyring, pubkey, oldkey ? RPMKEYRING_REPLACE : RPMKEYRING_ADD); if (krc < 0) goto exit; - for (i = 0; i < subkeysCount; i++) - rpmKeyringModify(keyring, subkeys[i], oldkey ? RPMKEYRING_REPLACE : RPMKEYRING_ADD); /* If we dont already have the key, make a persistent record of it */ if (krc == 0) { diff --git a/rpmio/rpmkeyring.cc b/rpmio/rpmkeyring.cc index 87a957e1e9..57bd3156cf 100644 --- a/rpmio/rpmkeyring.cc +++ b/rpmio/rpmkeyring.cc @@ -73,16 +73,30 @@ int rpmKeyringModify(rpmKeyring keyring, rpmPubkey key, rpmKeyringModifyMode mod /* check if we already have this key, but always wrlock for simplicity */ wrlock lock(keyring->mutex); auto item = keyring->keys.find(key->keyid); - if (item != keyring->keys.end() && mode == RPMKEYRING_DELETE) { + if (item != keyring->keys.end() && (mode == RPMKEYRING_DELETE || mode == RPMKEYRING_REPLACE)) { + /* remove subkeys first */ + if (key->subkeys) { + rdlock sklock(key->subkeys->mutex); + for (auto i : key->subkeys->keys) { + auto skitem = keyring->keys.find(i.second->keyid); + if (skitem != keyring->keys.end()) { + rpmPubkeyFree(skitem->second); + keyring->keys.erase(skitem); + } + } + } rpmPubkeyFree(item->second); keyring->keys.erase(item); rc = 0; - } else if (item != keyring->keys.end() && mode == RPMKEYRING_REPLACE) { - rpmPubkeyFree(item->second); - item->second = rpmPubkeyLink(key); - rc = 0; - } else if (item == keyring->keys.end() && (mode == RPMKEYRING_ADD ||mode == RPMKEYRING_REPLACE) ) { + } + if ((item == keyring->keys.end() && mode == RPMKEYRING_ADD) || mode == RPMKEYRING_REPLACE) { keyring->keys.insert({key->keyid, rpmPubkeyLink(key)}); + if (key->subkeys) { + rdlock sklock(key->subkeys->mutex); + for (auto i : key->subkeys->keys) { + keyring->keys.insert({i.first, rpmPubkeyLink(i.second)}); + } + } rc = 0; }