Use keyring to implement rpmkeys --list

This changes the output of keys --list to show the full fingerprint. It
also requires the use of the fingerprint or full key ID for querying
specific keys.

Resolves: rpm-software-management#3332

docs/man/rpmkeys.8.md

@@ -19,7 +19,7 @@ DESCRIPTION
 
 The general forms of rpm digital signature commands are
 
-**rpmkeys** **\--list** \[*KEYHASH \...*\]
+**rpmkeys** **\--list** \[*KEYFINGERPRINT \...*\]
 
 **rpmkeys** **\--import** *PUBKEY \...*
 

tests/rpmdb.at

@@ -97,11 +97,15 @@ hello-2.0-1.x86_64
 
 RPMTEST_CHECK([
 runroot rpmkeys --import /data/keys/rpm.org-rsa-2048-test.pub
+runroot rpmkeys --import /data/keys/alice.asc
+runroot rpmkeys --import /data/keys/rpm.org-ed25519-test.pub
 runroot rpm -qa | sort
 ],
 [0],
 [foo-1.0-1.noarch
 gpg-pubkey-1964c5fc-58e63918
+gpg-pubkey-757bf69e-661d22a8
+gpg-pubkey-eb04e625-62521e00
 hello-2.0-1.x86_64
 ],
 [])
@@ -110,32 +114,45 @@ RPMTEST_CHECK([
 runroot rpmkeys --list
 ],
 [0],
-[1964c5fc-58e63918: rpm.org RSA testkey <[email protected]> public key
+[771b18d3d7baa28734333c424344591e1964c5fc rpm.org RSA testkey <[email protected]> public key
+152bb32fd9ca982797e835cfb0645aec757bf69e rpm.org ed25519 testkey <[email protected]> public key
+b6542f92f30650c36b6f41bcb3a771bfeb04e625 Alice <[email protected]> public key
 ],
 [])
 
 RPMTEST_CHECK([
-runroot rpmkeys --list 1964c5fc
+runroot rpmkeys --list 771b18d3d7baa28734333c424344591e1964c5fc
 ],
 [0],
-[1964c5fc-58e63918: rpm.org RSA testkey <[email protected]> public key
+[771b18d3d7baa28734333c424344591e1964c5fc rpm.org RSA testkey <[email protected]> public key
 ],
 [])
 
+RPMTEST_CHECK([
+runroot rpmkeys --list 4344591e1964c5fc
+],
+[0],
+[771b18d3d7baa28734333c424344591e1964c5fc rpm.org RSA testkey <[email protected]> public key
+],
+[])
+
+
 RPMTEST_CHECK([
 runroot rpmkeys --list XXX
 ],
 [1],
-[package gpg-pubkey-XXX is not installed
+[Key XXX not found
 ],
 [])
 
 RPMTEST_CHECK([
 runroot rpmkeys --delete 1964c5fc
+runroot rpmkeys --delete 757bf69e
+runroot rpmkeys --delete eb04e625
 runroot rpmkeys --list
 ],
 [1],
-[package gpg-pubkey is not installed
+[No keys installed
 ],
 [])
 RPMTEST_CLEANUP

tests/rpmsigdig.at

@@ -95,7 +95,7 @@ runroot rpmkeys --delete 1964c5fc
 RPMTEST_CHECK([
 # XXX rpmkeys on rpmdb returns "package gpg-pubkey is not installed" with
 # and error code when no keys are present, paper over
-runroot rpmkeys --list | grep -v "not installed" | wc -l
+runroot rpmkeys --list | grep -v "No keys installed" | wc -l
 exit 0
 ],
 [0],

tools/rpmkeys.cc

@@ -3,7 +3,9 @@
 #include <popt.h>
 #include <rpm/rpmcli.h>
 #include <rpm/rpmstring.h>
+#include <rpm/rpmkeyring.h>
 #include <rpm/rpmlog.h>
+
 #include "cliutils.hh"
 #include "debug.h"
 
@@ -42,19 +44,57 @@ static struct poptOption optionsTable[] = {
     POPT_TABLEEND
 };
 
-static ARGV_t gpgkeyargs(ARGV_const_t args) {
-    ARGV_t gpgargs = NULL;
-    for (char * const * arg = args; *arg; arg++) {
-	if (strncmp(*arg, "gpg-pubkey-", 11)) {
-	    char * gpgarg = NULL;
-	    rstrscat(&gpgarg, "gpg-pubkey-", *arg, NULL);
-	    argvAdd(&gpgargs, gpgarg);
-	    free(gpgarg);
-	} else {
-	    argvAdd(&gpgargs, *arg);
+static int matchingKeys(rpmKeyring keyring, ARGV_const_t args, void * userdata, int callback(rpmPubkey, void*))
+{
+    int ec = EXIT_SUCCESS;
+    if (args) {
+	for (char * const * arg = args; *arg; arg++) {
+	    int found = false;
+	    auto iter = rpmKeyringInitIterator(keyring, 0);
+	    rpmPubkey key = NULL;
+	    while ((key = rpmKeyringIteratorNext(iter))) {
+		char * fp = rpmPubkeyFingerprintAsHex(key);
+		char * keyid = rpmPubkeyKeyIDAsHex(key);
+		if (!strcmp(*arg, fp) || !strcmp(*arg, keyid)) {
+		    found = true;
+		}
+		free(fp);
+		free(keyid);
+		if (found)
+		    break;
+	    }
+	    rpmKeyringIteratorFree(iter);
+	    if (found) {
+		callback(key, userdata);
+	    } else {
+		rpmlog(RPMLOG_NOTICE, "Key %s not found\n", *arg);
+		ec = EXIT_FAILURE;
+	    }
+	}
+    } else {
+	int found = false;
+	auto iter = rpmKeyringInitIterator(keyring, 0);
+	rpmPubkey key = NULL;
+	while ((key = rpmKeyringIteratorNext(iter))) {
+	    found = true;
+	    callback(key, userdata);
+	}
+	rpmKeyringIteratorFree(iter);
+	if (!found) {
+	    rpmlog(RPMLOG_NOTICE, "No keys installed\n");
+	    ec = EXIT_FAILURE;
 	}
     }
-    return gpgargs;
+    return ec;
+}
+
+static int printKey(rpmPubkey key, void * data)
+{
+    char * fp = rpmPubkeyFingerprintAsHex(key);
+    pgpDigParams params = rpmPubkeyPgpDigParams(key);
+    rpmlog(RPMLOG_NOTICE, "%s %s public key\n", fp, pgpDigParamsUserID(params));
+    free(fp);
+    return 0;
 }
 
 int main(int argc, char *argv[])
@@ -63,6 +103,7 @@ int main(int argc, char *argv[])
     poptContext optCon = NULL;
     rpmts ts = NULL;
     ARGV_const_t args = NULL;
+    rpmKeyring keyring = NULL;
 
     optCon = rpmcliInit(argc, argv, optionsTable);
 
@@ -78,6 +119,7 @@ int main(int argc, char *argv[])
 
     ts = rpmtsCreate();
     rpmtsSetRootDir(ts, rpmcliRootDir);
+    keyring = rpmtsGetKeyring(ts, 1);
 
     switch (mode) {
     case MODE_CHECKSIG:
@@ -112,23 +154,15 @@ int main(int argc, char *argv[])
     }
     case MODE_LISTKEY:
     {
-	ARGV_t query = NULL;
-	if (args != NULL) {
-	    query = gpgkeyargs(args);
-	} else {
-	    argvAdd(&query, "gpg-pubkey");
-	}
-	QVA_t qva = &rpmQVKArgs;
-	rstrcat(&qva->qva_queryFormat, "%{version}-%{release}: %{summary}\n");
-	ec = rpmcliQuery(ts, &rpmQVKArgs, (ARGV_const_t) query);
-	query = argvFree(query);
+	ec = matchingKeys(keyring, args, NULL, printKey);
 	break;
     }
     default:
 	argerror(_("only one major mode may be specified"));
     }
 
 exit:
+    rpmKeyringFree(keyring);
     rpmtsFree(ts);
     rpmcliFini(optCon);
     fflush(stderr);