Skip to content

Commit

Permalink
Properly import all public key certificates into rpmdb.
Browse files Browse the repository at this point in the history
When somebody tried to import public key certificates from one file
that contained several certificates then only one package gpg-pubkey-*
was created in rpmdb. And it contained all certificates but it behaves
as if it had contained just one certificate. The fix properly splits
certificates into several gpg-pubkey-* packages (rhbz:#1238717).
  • Loading branch information
Lubos Kardos committed Jul 14, 2015
1 parent 168a6a2 commit eb7b41a
Showing 1 changed file with 22 additions and 4 deletions.
26 changes: 22 additions & 4 deletions lib/rpmchecksig.c
Original file line number Diff line number Diff line change
Expand Up @@ -35,14 +35,32 @@ static int doImport(rpmts ts, const char *fn, char *buf, ssize_t blen)

do {
uint8_t *pkt = NULL;
uint8_t *pkti = NULL;
size_t pktlen = 0;
size_t certlen;

/* Read pgp packet. */
if (pgpParsePkts(start, &pkt, &pktlen) == PGPARMOR_PUBKEY) {
/* Import pubkey packet(s). */
if (rpmtsImportPubkey(ts, pkt, pktlen) != RPMRC_OK) {
rpmlog(RPMLOG_ERR, _("%s: key %d import failed.\n"), fn, keyno);
res++;
pkti = pkt;

/* Iterate over certificates in pkt */
while (pktlen > 0) {
if(pgpPubKeyCertLen(pkti, pktlen, &certlen)) {
rpmlog(RPMLOG_ERR, _("%s: key %d import failed.\n"), fn,
keyno);
res++;
continue;
}

/* Import pubkey certificate. */
if (rpmtsImportPubkey(ts, pkti, certlen) != RPMRC_OK) {
rpmlog(RPMLOG_ERR, _("%s: key %d import failed.\n"), fn,
keyno);
res++;
continue;
}
pkti += certlen;
pktlen -= certlen;
}
} else {
rpmlog(RPMLOG_ERR, _("%s: key %d not an armored public key.\n"),
Expand Down

0 comments on commit eb7b41a

Please sign in to comment.