From ced44f0245737ac770c242e712a0f989b11fe10d Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Tue, 30 May 2023 10:03:15 +0000 Subject: [PATCH] libpakfire: Drop fetching PGP keys from keyservers Signed-off-by: Michael Tremer --- src/_pakfire/pakfire.c | 33 --------- src/libpakfire/key.c | 128 ---------------------------------- src/libpakfire/libpakfire.sym | 1 - src/scripts/pakfire.in | 18 ----- 4 files changed, 180 deletions(-) diff --git a/src/_pakfire/pakfire.c b/src/_pakfire/pakfire.c index e4c704503..811206cd3 100644 --- a/src/_pakfire/pakfire.c +++ b/src/_pakfire/pakfire.c @@ -718,33 +718,6 @@ static PyObject* Pakfire_import_key(PakfireObject* self, PyObject* args) { return list; } -static PyObject* Pakfire_fetch_key(PakfireObject* self, PyObject* args, PyObject* kwds) { - char* kwlist[] = { "userid", "fingerprint", NULL }; - struct pakfire_key* key = NULL; - const char* userid = NULL; - const char* fingerprint = NULL; - - if (!PyArg_ParseTupleAndKeywords(args, kwds, "|$zz", kwlist, &userid, &fingerprint)) - return NULL; - - // Fetch the key - int r = pakfire_key_fetch(&key, self->pakfire, userid, fingerprint); - if (r) { - PyErr_SetFromErrno(PyExc_OSError); - return NULL; - } - - // Return the result - if (key) { - PyObject* object = new_key(&KeyType, key); - pakfire_key_unref(key); - - return object; - } - - Py_RETURN_NONE; -} - static PyObject* Pakfire_whatprovides(PakfireObject* self, PyObject* args) { const char* provides = NULL; struct pakfire_packagelist* list = NULL; @@ -1605,12 +1578,6 @@ static struct PyMethodDef Pakfire_methods[] = { METH_VARARGS|METH_KEYWORDS, NULL }, - { - "fetch_key", - (PyCFunction)Pakfire_fetch_key, - METH_VARARGS|METH_KEYWORDS, - NULL - }, { "generate_key", (PyCFunction)Pakfire_generate_key, diff --git a/src/libpakfire/key.c b/src/libpakfire/key.c index 7f515ac78..f10527d34 100644 --- a/src/libpakfire/key.c +++ b/src/libpakfire/key.c @@ -65,134 +65,6 @@ int pakfire_key_create(struct pakfire_key** key, struct pakfire* pakfire, gpgme_ return 0; } -static int pakfire_key_extract_email(const char* uid, char** email) { - if (!uid) - return 1; - - // Find a start - char* start = strrchr(uid, '<'); - if (!start) - return 1; - - // Find the end - char* end = strchr(start, '>'); - if (!end) - return 1; - - // Copy email address to new memory - int r = asprintf(email, "%.*s", (int)(end - start - 1), start + 1); - if (r < 0) - return 1; - - return 0; -} - -static int __pakfire_key_fetch(gpgme_key_t* key, struct pakfire* pakfire, - const char* what, gpgme_keylist_mode_t flags) { - // Fetch GPGME context - gpgme_ctx_t gpgctx = pakfire_get_gpgctx(pakfire); - if (!gpgctx) - return 1; - - int r = 1; - - // Fetch current keylist mode - gpgme_keylist_mode_t mode = gpgme_get_keylist_mode(gpgctx); - - // Set keylist mode - gpgme_error_t error = gpgme_set_keylist_mode(gpgctx, (mode|flags) & ~GPGME_KEYLIST_MODE_LOCAL); - if (error != GPG_ERR_NO_ERROR) { - ERROR(pakfire, "Could not set GPG keylist mode: %s\n", - gpgme_strerror(error)); - goto ERROR; - } - - // Fetch the key - error = gpgme_get_key(gpgctx, what, key, 0); - switch (gpg_err_code(error)) { - case GPG_ERR_NO_ERROR: - case GPG_ERR_EOF: - break; - - default: - ERROR(pakfire, "Could not fetch key %s: %s\n", what, gpgme_strerror(error)); - r = 1; - goto ERROR; - } - - // Success - r = 0; - -ERROR: - if (r && *key) - gpgme_key_unref(*key); - - // Reset keylist mode - gpgme_set_keylist_mode(gpgctx, mode); - - return r; -} - -static int pakfire_key_fetch_from_wkd(gpgme_key_t* key, struct pakfire* pakfire, const char* email) { - return __pakfire_key_fetch(key, pakfire, email, GPGME_KEYLIST_MODE_LOCATE); -} - -static int pakfire_key_fetch_from_keyserver(gpgme_key_t* key, struct pakfire* pakfire, const char* fpr) { - return __pakfire_key_fetch(key, pakfire, fpr, GPGME_KEYLIST_MODE_EXTERN); -} - -PAKFIRE_EXPORT int pakfire_key_fetch(struct pakfire_key** key, struct pakfire* pakfire, - const char* uid, const char* fingerprint) { - // At least one (uid or fingerprint) must be set - if (!uid && !fingerprint) { - errno = EINVAL; - return 1; - } - - // Reset key - *key = NULL; - - gpgme_key_t gpgkey = NULL; - char* email = NULL; - int r; - - // Extract email address from uid - if (uid) { - r = pakfire_key_extract_email(uid, &email); - if (r) - goto ERROR; - } - - // Try importing the key using Web Key Directory - if (email) { - r = pakfire_key_fetch_from_wkd(&gpgkey, pakfire, email); - if (r) - goto ERROR; - } - - // If nothing was found and we have a fingerprint, let's try a keyserver - if (!gpgkey && fingerprint) { - r = pakfire_key_fetch_from_keyserver(&gpgkey, pakfire, fingerprint); - if (r) - goto ERROR; - } - - // Create a pakfire_key out of the gpg key object - if (gpgkey) { - r = pakfire_key_create(key, pakfire, gpgkey); - if (r) - goto ERROR; - } - -ERROR: - if (gpgkey) - gpgme_key_unref(gpgkey); - if (email) - free(email); - - return r; -} - static void pakfire_key_free(struct pakfire_key* key) { gpgme_key_unref(key->gpgkey); pakfire_unref(key->pakfire); diff --git a/src/libpakfire/libpakfire.sym b/src/libpakfire/libpakfire.sym index 619de92a8..c5f99922d 100644 --- a/src/libpakfire/libpakfire.sym +++ b/src/libpakfire/libpakfire.sym @@ -131,7 +131,6 @@ global: pakfire_key_delete; pakfire_key_dump; pakfire_key_export; - pakfire_key_fetch; pakfire_key_generate; pakfire_key_get; pakfire_key_get_created; diff --git a/src/scripts/pakfire.in b/src/scripts/pakfire.in index 16d179ffd..451739d70 100644 --- a/src/scripts/pakfire.in +++ b/src/scripts/pakfire.in @@ -134,17 +134,6 @@ class Cli(object): help=_("Include the secret key")) key_export.set_defaults(func=self._key_export) - # key fetch - key_fetch = key_subparsers.add_parser("fetch", - help=_("Download a key")) - key_fetch.add_argument("--userid", - help=_("The name/email address") - ) - key_fetch.add_argument("--fingerprint", - help=_("The fingerprint of the key") - ) - key_fetch.set_defaults(func=self._key_fetch) - # key generate key_generate = key_subparsers.add_parser("generate", help=_("Generate a new key")) @@ -396,13 +385,6 @@ class Cli(object): # Export the key key.export(args.file, args.secret) - def _key_fetch(self, p, args): - key = p.fetch_key(userid=args.userid, fingerprint=args.fingerprint) - - # Print the key - if key: - print(key) - def _key_generate(self, p, args): # Generate a new key key = p.generate_key( -- 2.39.5