libzypp  17.38.7
KeyRing.cc
Go to the documentation of this file.
1 /*---------------------------------------------------------------------\
2 | ____ _ __ __ ___ |
3 | |__ / \ / / . \ . \ |
4 | / / \ V /| _/ _/ |
5 | / /__ | | | | | | |
6 | /_____||_| |_| |_| |
7 | |
8 \---------------------------------------------------------------------*/
13 #include "zypp_detail/keyring_p.h"
14 
15 #include <iostream>
16 #include <sys/file.h>
17 #include <unistd.h>
18 
19 #include <zypp/TmpPath.h>
20 #include <zypp/ZYppFactory.h>
21 #include <zypp/ZYpp.h>
22 
23 #include <zypp-core/base/LogTools.h>
24 #include <zypp-core/base/IOStream.h>
25 #include <zypp-core/base/String.h>
26 #include <zypp-core/base/Regex.h>
27 #include <zypp-core/base/Gettext.h>
28 #include <zypp-core/fs/WatchFile>
29 #include <zypp/PathInfo.h>
30 #include <zypp-core/ExternalProgram.h>
31 #include <zypp/TmpPath.h>
32 #include <zypp/ZYppCallbacks.h> // JobReport::instance
33 #include <zypp-common/KeyManager.h>
34 
35 #include <zypp/ng/workflows/keyringwf.h>
36 
37 using std::endl;
38 
39 #undef ZYPP_BASE_LOGGER_LOGGROUP
40 #define ZYPP_BASE_LOGGER_LOGGROUP "zypp::KeyRing"
41 
43 namespace zypp
44 {
45 
46  IMPL_PTR_TYPE(KeyRing);
47 
48  namespace
49  {
50  KeyRing::DefaultAccept _keyRingDefaultAccept( KeyRing::ACCEPT_NOTHING );
51  }
52 
53  KeyRing::DefaultAccept KeyRing::defaultAccept()
54  { return _keyRingDefaultAccept; }
55 
56  void KeyRing::setDefaultAccept( DefaultAccept value_r )
57  {
58  MIL << "Set new KeyRing::DefaultAccept: " << value_r << endl;
59  _keyRingDefaultAccept = value_r;
60  }
61 
62  void KeyRingReport::infoVerify( const std::string & file_r, const PublicKeyData & keyData_r, const KeyContext & keycontext )
63  {}
64 
65  bool KeyRingReport::askUserToAcceptUnsignedFile( const std::string & file, const KeyContext & keycontext )
66  { return _keyRingDefaultAccept.testFlag( KeyRing::ACCEPT_UNSIGNED_FILE ); }
67 
68  KeyRingReport::KeyTrust
69  KeyRingReport::askUserToAcceptKey( const PublicKey & key, const KeyContext & keycontext )
70  {
71  if ( _keyRingDefaultAccept.testFlag( KeyRing::TRUST_KEY_TEMPORARILY ) )
72  return KEY_TRUST_TEMPORARILY;
73  if ( _keyRingDefaultAccept.testFlag( KeyRing::TRUST_AND_IMPORT_KEY ) )
74  return KEY_TRUST_AND_IMPORT;
75  return KEY_DONT_TRUST;
76  }
77 
78  bool KeyRingReport::askUserToAcceptUnknownKey( const std::string & file, const std::string & id, const KeyContext & keycontext )
79  { return _keyRingDefaultAccept.testFlag( KeyRing::ACCEPT_UNKNOWNKEY ); }
80 
81  bool KeyRingReport::askUserToAcceptVerificationFailed( const std::string & file, const PublicKey & key, const KeyContext & keycontext )
82  { return _keyRingDefaultAccept.testFlag( KeyRing::ACCEPT_VERIFICATION_FAILED ); }
83 
84  bool KeyRingReport::askUserToAcceptPackageKey(const PublicKey &key_r, const KeyContext &keycontext_r)
85  {
86  UserData data(ACCEPT_PACKAGE_KEY_REQUEST);
87  data.set("PublicKey", key_r);
88  data.set("KeyContext", keycontext_r);
89  report(data);
90 
91  if ( data.hasvalue("TrustKey") )
92  return data.get<bool>("TrustKey");
93  return false;
94  }
95 
96  void KeyRingReport::reportNonImportedKeys(const std::set<Edition> &keys_r)
97  {
98  UserData data(KEYS_NOT_IMPORTED_REPORT);
99  data.set("Keys", keys_r);
100  report(data);
101  }
102 
103  void KeyRingReport::reportAutoImportKey( const std::list<PublicKeyData> & keyDataList_r,
104  const PublicKeyData & keySigning_r,
105  const KeyContext &keyContext_r )
106  {
107  UserData data { REPORT_AUTO_IMPORT_KEY };
108  data.set( "KeyDataList", keyDataList_r );
109  data.set( "KeySigning", keySigning_r );
110  data.set( "KeyContext", keyContext_r );
111  report( data );
112  }
113 
114  namespace
115  {
117  struct ImportKeyCBHelper
118  {
119  void operator()( const PublicKey & key_r )
120  {
121  try {
122  _rpmdbEmitSignal->trustedKeyAdded( key_r );
123  _emitSignal->trustedKeyAdded( key_r );
124  }
125  catch ( const Exception & excp )
126  {
127  ERR << "Could not import key into rpmdb: " << excp << endl;
128  // TODO: JobReport as hotfix for bsc#1057188; should bubble up and go through some callback
129  JobReport::error( excp.asUserHistory() );
130  }
131  }
132 
133  private:
134  callback::SendReport<target::rpm::KeyRingSignals> _rpmdbEmitSignal;
135  callback::SendReport<KeyRingSignals> _emitSignal;
136  };
137  } // namespace
138 
139  KeyRing::Impl::Impl(const filesystem::Pathname &baseTmpDir)
140  : KeyRingImpl( baseTmpDir )
141  {
142  MIL << "Current KeyRing::DefaultAccept: " << _keyRingDefaultAccept << std::endl;
143 
144  sigTrustedKeyAdded ().connect ([]( const PublicKey &key ){
145  ImportKeyCBHelper emit;
146  emit(key);
147  });
148 
149  sigTrustedKeyRemoved ().connect ([]( const PublicKey &key ){
150  try {
151  callback::SendReport<target::rpm::KeyRingSignals> rpmdbEmitSignal;
152  rpmdbEmitSignal->trustedKeyRemoved( key );
153 
154  callback::SendReport<KeyRingSignals> emitSignal;
155  emitSignal->trustedKeyRemoved( key );
156  }
157  catch ( const Exception & excp )
158  {
159  ERR << "Could not delete key from rpmmdb: " << excp << endl;
160  // TODO: JobReport as hotfix for bsc#1057188; should bubble up and go through some callback
161  JobReport::error( excp.asUserHistory() );
162  }
163  });
164  }
165 
166 
168  //
169  // CLASS NAME : KeyRing
170  //
172  using Ring = KeyRingImpl::Ring; // While "bool trusted" is in the public API
173 
174  KeyRing::KeyRing( const Pathname & baseTmpDir )
175  : _pimpl( new Impl( baseTmpDir ) )
176  {}
177 
178  KeyRing::~KeyRing()
179  {}
180 
181  KeyRing::Impl &KeyRing::pimpl()
182  {
183  return *_pimpl;
184  }
185 
186  void KeyRing::allowPreload( bool yesno_r )
187  { _pimpl->allowPreload( yesno_r ); }
188 
189 
190  void KeyRing::importKey( const PublicKey & key, bool trusted )
191  { _pimpl->importKey( key, Ring(trusted) ); }
192 
193  void KeyRing::multiKeyImport( const Pathname & keyfile_r, bool trusted_r )
194  { _pimpl->multiKeyImport( keyfile_r, Ring(trusted_r) ); }
195 
196  std::string KeyRing::readSignatureKeyId( const Pathname & signature )
197  { return _pimpl->readSignatureKeyId( signature ); }
198 
199  void KeyRing::deleteKey( const std::string & id, bool trusted )
200  { _pimpl->deleteKey( id, Ring(trusted) ); }
201 
202  std::list<PublicKey> KeyRing::publicKeys()
203  { return _pimpl->publicKeys( Ring::General ); }
204 
205  std:: list<PublicKey> KeyRing::trustedPublicKeys()
206  { return _pimpl->publicKeys( Ring::Trusted ); }
207 
208  std::list<PublicKeyData> KeyRing::publicKeyData()
209  { return _pimpl->publicKeyData( Ring::General ); }
210 
211  std::list<PublicKeyData> KeyRing::trustedPublicKeyData()
212  { return _pimpl->publicKeyData( Ring::Trusted ); }
213 
214  PublicKeyData KeyRing::publicKeyData( const std::string &id_r )
215  { return _pimpl->publicKeyData( id_r, Ring::General ); }
216 
217  PublicKeyData KeyRing::trustedPublicKeyData(const std::string &id_r)
218  { return _pimpl->publicKeyData( id_r, Ring::Trusted ); }
219 
220  bool KeyRing::verifyFileSignature( const Pathname & file, const Pathname & signature )
221  { return _pimpl->verifyFile( file, signature, Ring::General ); }
222 
223  bool KeyRing::verifyFileTrustedSignature( const Pathname & file, const Pathname & signature )
224  { return _pimpl->verifyFile( file, signature, Ring::Trusted ); }
225  void KeyRing::dumpPublicKey( const std::string & id, bool trusted, std::ostream & stream )
226  { _pimpl->dumpPublicKey( id, Ring(trusted), stream ); }
227 
228  PublicKey KeyRing::exportPublicKey( const PublicKeyData & keyData )
229  { return _pimpl->exportKey( keyData, Ring::General ); }
230 
231  PublicKey KeyRing::exportTrustedPublicKey( const PublicKeyData & keyData )
232  { return _pimpl->exportKey( keyData, Ring::Trusted ); }
233 
234  bool KeyRing::isKeyTrusted( const std::string & id )
235  { return _pimpl->isKeyTrusted( id ); }
236 
237  bool KeyRing::isKeyKnown( const std::string & id )
238  { return _pimpl->isKeyKnown( id ); }
239 
241 } // namespace zypp
zypp::KeyRing::importKey
void importKey(const PublicKey &key, bool trusted=false)
imports a key from a file.
Definition: KeyRing.cc:190
zypp::KeyRingImpl::verifyFile
bool verifyFile(const Pathname &file, const Pathname &signature, const Ring ring)
Definition: keyring_p.h:130
MIL
#define MIL
Definition: Logger.h:103
zypp::KeyRing::exportTrustedPublicKey
PublicKey exportTrustedPublicKey(const PublicKeyData &keyData)
Export a trusted public key identified by its key data.
Definition: KeyRing.cc:231
zyppng::KeyRing
zypp::KeyRing KeyRing
Definition: context.h:24
zypp::JobReport::error
static bool error(const std::string &msg_r, const UserData &userData_r=UserData())
send error text
Definition: ZYppCallbacks.h:1107
zypp::KeyRingImpl::isKeyTrusted
bool isKeyTrusted(const std::string &id) const
Definition: keyring_p.h:161
zypp::KeyRing::~KeyRing
~KeyRing() override
Dtor.
Definition: KeyRing.cc:178
zypp::KeyRingImpl
KeyRing implementation, shared between zyppng and zypp.
Definition: keyring_p.h:90
zypp::KeyRingReport::KEY_TRUST_TEMPORARILY
This basically means, we knew the key, but it was not trusted.
Definition: KeyRing.h:63
zypp::KeyRing::exportPublicKey
PublicKey exportPublicKey(const PublicKeyData &keyData)
Export a public key identified by its key data.
Definition: KeyRing.cc:228
zypp::PublicKeyData
Class representing one GPG Public Keys data.
Definition: PublicKey.h:200
zypp::KeyRingReport::reportNonImportedKeys
void reportNonImportedKeys(const std::set< Edition > &keys_r)
Notify the user about keys that were not imported from the rpm key database into zypp keyring...
Definition: KeyRing.cc:96
zypp::KeyRing::dumpPublicKey
void dumpPublicKey(const std::string &id, bool trusted, std::ostream &stream)
Definition: KeyRing.cc:225
zypp::KeyRing::trustedPublicKeys
std::list< PublicKey > trustedPublicKeys()
Get a list of trusted public keys in the keyring (incl.
Definition: KeyRing.cc:205
zypp::KeyRingReport::REPORT_AUTO_IMPORT_KEY
static constexpr const char * REPORT_AUTO_IMPORT_KEY
relates: reportAutoImportKey generic reports UserData::type
Definition: KeyRing.h:151
zypp::KeyRingReport::askUserToAcceptUnsignedFile
virtual bool askUserToAcceptUnsignedFile(const std::string &file, const KeyContext &keycontext=KeyContext())
Definition: KeyRing.cc:65
zypp::KeyRing::KeyRing
KeyRing(const Pathname &baseTmpDir)
Default ctor.
Definition: KeyRing.cc:174
zypp::KeyRing::pimpl
KeyRing::Impl & pimpl()
Access to private functions for the KeyRingWorkflow implementations.
Definition: KeyRing.cc:181
zypp::KeyRing::trustedPublicKeyData
std::list< PublicKeyData > trustedPublicKeyData()
Get a list of trusted public key data in the keyring (key data only)
Definition: KeyRing.cc:211
zypp::KeyRingReport::askUserToAcceptPackageKey
bool askUserToAcceptPackageKey(const PublicKey &key_r, const KeyContext &keycontext_r=KeyContext())
Ask user to trust and/or import the package key to trusted keyring, using ReportBase::report.
Definition: KeyRing.cc:84
zypp::KeyRingReport::askUserToAcceptUnknownKey
virtual bool askUserToAcceptUnknownKey(const std::string &file, const std::string &id, const KeyContext &keycontext=KeyContext())
we DONT know the key, only its id, but we have never seen it, the difference with trust key is that i...
Definition: KeyRing.cc:78
ERR
#define ERR
Definition: Logger.h:105
_rpmdbEmitSignal
callback::SendReport< target::rpm::KeyRingSignals > _rpmdbEmitSignal
Definition: KeyRing.cc:134
zypp::KeyRingReport::infoVerify
virtual void infoVerify(const std::string &file_r, const PublicKeyData &keyData_r, const KeyContext &keycontext=KeyContext())
Informal callback showing the trusted key that will be used for verification.
Definition: KeyRing.cc:62
zypp::KeyRingImpl::publicKeys
std::list< PublicKey > publicKeys(const Ring ring) const
Definition: keyring_p.h:177
zypp::callback::ReportBase::report
virtual void report(const UserData &userData_r=UserData())
The most generic way of sending/receiving data.
Definition: Callback.h:155
zypp::KeyRingReport::KeyTrust
KeyTrust
User reply options for the askUserToTrustKey callback.
Definition: KeyRing.h:53
zypp::KeyRingImpl::readSignatureKeyId
std::string readSignatureKeyId(const Pathname &signature)
Definition: keyring_p.cc:310
trusted
bool trusted
Whether the key may validate data. Keys in Ring::General may if the user temp. trusted.
Definition: keyringwf.cc:143
zypp::KeyRing::setDefaultAccept
static void setDefaultAccept(DefaultAccept value_r)
Set the active accept bits.
Definition: KeyRing.cc:56
zypp::callback::UserData::set
bool set(const std::string &key_r, AnyType val_r)
Set the value for key (nonconst version always returns true).
Definition: UserData.h:119
zypp::KeyRingImpl::sigTrustedKeyAdded
zyppng::SignalProxy< void(const PublicKey &)> sigTrustedKeyAdded()
Definition: keyring_p.h:98
keyring_p.h
zypp::Exception::asUserHistory
std::string asUserHistory() const
A single (multiline) string composed of asUserString and historyAsString.
Definition: Exception.cc:140
zypp::KeyRing::verifyFileSignature
bool verifyFileSignature(const Pathname &file, const Pathname &signature) ZYPP_API
Verifies a file against a signature, with no user interaction.
Definition: KeyRing.cc:220
zypp::IMPL_PTR_TYPE
IMPL_PTR_TYPE(Application)
zypp::KeyRingImpl::multiKeyImport
void multiKeyImport(const Pathname &keyfile_r, const Ring ring)
Used by RpmDB to import the trusted keys.
Definition: keyring_p.cc:203
zypp::KeyRingImpl::publicKeyData
PublicKeyData publicKeyData(const std::string &id, const Ring ring) const
Definition: keyring_p.h:167
zypp::KeyRing::isKeyKnown
bool isKeyKnown(const std::string &id)
true if the key id is knows, that means at least exist on the untrusted keyring
Definition: KeyRing.cc:237
zypp::KeyRingReport::ACCEPT_PACKAGE_KEY_REQUEST
static constexpr const char * ACCEPT_PACKAGE_KEY_REQUEST
relates: askUserToAcceptPackageKey generic reports UserData::type
Definition: KeyRing.h:119
zypp::KeyRing::multiKeyImport
void multiKeyImport(const Pathname &keyfile_r, bool trusted_r=false)
Initial import from RpmDb.
Definition: KeyRing.cc:193
zypp::KeyRingImpl::sigTrustedKeyRemoved
zyppng::SignalProxy< void(const PublicKey &)> sigTrustedKeyRemoved()
Definition: keyring_p.h:101
zypp::KeyRingImpl::allowPreload
void allowPreload(bool yesno_r)
Definition: keyring_p.h:108
zypp::KeyRingReport::KEY_DONT_TRUST
User has chosen not to trust the key.
Definition: KeyRing.h:58
zypp::KeyRing::Impl::Impl
Impl(const filesystem::Pathname &baseTmpDir)
Definition: KeyRing.cc:139
zypp::KeyRingReport::askUserToAcceptKey
virtual KeyTrust askUserToAcceptKey(const PublicKey &key, const KeyContext &keycontext=KeyContext())
Ask user to trust and/or import the key to trusted keyring.
Definition: KeyRing.cc:69
zypp::KeyRing::defaultAccept
static DefaultAccept defaultAccept()
Get the active accept bits.
Definition: KeyRing.cc:53
zypp::KeyRing::_pimpl
RW_pointer< Impl > _pimpl
Pointer to implementation.
Definition: KeyRing.h:308
zypp::PublicKey
Class representing one GPG Public Key (PublicKeyData + ASCII armored in a tempfile).
Definition: PublicKey.h:374
zypp::KeyRing::publicKeyData
std::list< PublicKeyData > publicKeyData()
Get a list of public key data in the keyring (key data only)
Definition: KeyRing.cc:208
zypp::Exception
Base class for Exception.
Definition: Exception.h:152
zypp::callback::UserData::get
const Tp & get(const std::string &key_r) const
Pass back a const Tp & reference to key_r value.
Definition: UserData.h:176
zypp::KeyRingImpl::deleteKey
void deleteKey(const std::string &id, const Ring ring)
Definition: keyring_p.cc:209
zypp::callback::UserData
Typesafe passing of user data via callbacks.
Definition: UserData.h:39
zypp::KeyRing::deleteKey
void deleteKey(const std::string &id, bool trusted=false)
removes a key from the keyring.
Definition: KeyRing.cc:199
zypp::KeyRingReport::reportAutoImportKey
void reportAutoImportKey(const std::list< PublicKeyData > &keyDataList_r, const PublicKeyData &keySigning_r, const KeyContext &keyContext_r)
Notify that a repository auto imported new package signing keys.
Definition: KeyRing.cc:103
zypp::Ring
KeyRingImpl::Ring Ring
Definition: KeyRing.cc:172
zypp::callback::UserData::hasvalue
bool hasvalue(const std::string &key_r) const
Whether key_r is in data and value is not empty.
Definition: UserData.h:102
zypp::KeyRing::isKeyTrusted
bool isKeyTrusted(const std::string &id)
true if the key id is trusted
Definition: KeyRing.cc:234
zypp::KeyRing::allowPreload
void allowPreload(bool yesno_r)
The general keyring may be populated with known keys stored on the system.
Definition: KeyRing.cc:186
zypp
Easy-to use interface to the ZYPP dependency resolver.
Definition: CodePitfalls.doc:1
_emitSignal
callback::SendReport< KeyRingSignals > _emitSignal
Definition: KeyRing.cc:135
zypp::KeyRingImpl::isKeyKnown
bool isKeyKnown(const std::string &id) const
Definition: keyring_p.h:164
zypp::KeyRing::readSignatureKeyId
std::string readSignatureKeyId(const Pathname &signature)
reads the public key id from a signature
Definition: KeyRing.cc:196
zypp::KeyRingImpl::exportKey
PublicKey exportKey(const std::string &id, const Ring ring) const
Definition: keyring_p.h:118
zypp::KeyRingImpl::importKey
void importKey(const PublicKey &key, const Ring ring)
Import PublicKeys into a Ring.
Definition: keyring_p.cc:120
zypp::KeyRingReport::askUserToAcceptVerificationFailed
virtual bool askUserToAcceptVerificationFailed(const std::string &file, const PublicKey &key, const KeyContext &keycontext=KeyContext())
The file filedesc is signed but the verification failed.
Definition: KeyRing.cc:81
zypp::KeyRingReport::KEYS_NOT_IMPORTED_REPORT
static constexpr const char * KEYS_NOT_IMPORTED_REPORT
relates: reportNonImportedKeys generic reports UserData::type
Definition: KeyRing.h:132
zypp::KeyRing::publicKeys
std::list< PublicKey > publicKeys()
Get a list of public keys in the keyring (incl.
Definition: KeyRing.cc:202
zypp::KeyRing::verifyFileTrustedSignature
bool verifyFileTrustedSignature(const Pathname &file, const Pathname &signature) ZYPP_API
Definition: KeyRing.cc:223
zypp::KeyRingImpl::dumpPublicKey
void dumpPublicKey(const std::string &id, const Ring ring, std::ostream &stream)
Definition: keyring_p.h:127