[thirdparty/systemd.git] / src / import / pull-common.c

/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/

/***
  This file is part of systemd.

  Copyright 2015 Lennart Poettering

  systemd is free software; you can redistribute it and/or modify it
  under the terms of the GNU Lesser General Public License as published by
  the Free Software Foundation; either version 2.1 of the License, or
  (at your option) any later version.

  systemd is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  Lesser General Public License for more details.

  You should have received a copy of the GNU Lesser General Public License
  along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/

#include <sys/prctl.h>

#include "util.h"
#include "strv.h"
#include "copy.h"
#include "rm-rf.h"
#include "btrfs-util.h"
#include "capability.h"
#include "pull-job.h"
#include "pull-common.h"
#include "process-util.h"

#define FILENAME_ESCAPE "/.#\"\'"

int pull_find_old_etags(const char *url, const char *image_root, int dt, const char *prefix, const char *suffix, char ***etags) {
        _cleanup_free_ char *escaped_url = NULL;
        _cleanup_closedir_ DIR *d = NULL;
        _cleanup_strv_free_ char **l = NULL;
        struct dirent *de;
        int r;

        assert(url);
        assert(etags);

        if (!image_root)
                image_root = "/var/lib/machines";

        escaped_url = xescape(url, FILENAME_ESCAPE);
        if (!escaped_url)
                return -ENOMEM;

        d = opendir(image_root);
        if (!d) {
                if (errno == ENOENT) {
                        *etags = NULL;
                        return 0;
                }

                return -errno;
        }

        FOREACH_DIRENT_ALL(de, d, return -errno) {
                const char *a, *b;
                char *u;

                if (de->d_type != DT_UNKNOWN &&
                    de->d_type != dt)
                        continue;

                if (prefix) {
                        a = startswith(de->d_name, prefix);
                        if (!a)
                                continue;
                } else
                        a = de->d_name;

                a = startswith(a, escaped_url);
                if (!a)
                        continue;

                a = startswith(a, ".");
                if (!a)
                        continue;

                if (suffix) {
                        b = endswith(de->d_name, suffix);
                        if (!b)
                                continue;
                } else
                        b = strchr(de->d_name, 0);

                if (a >= b)
                        continue;

                r = cunescape_length(a, b - a, 0, &u);
                if (r < 0)
                        return r;

                if (!http_etag_is_valid(u)) {
                        free(u);
                        continue;
                }

                r = strv_consume(&l, u);
                if (r < 0)
                        return r;
        }

        *etags = l;
        l = NULL;

        return 0;
}

int pull_make_local_copy(const char *final, const char *image_root, const char *local, bool force_local) {
        const char *p;
        int r;

        assert(final);
        assert(local);

        if (!image_root)
                image_root = "/var/lib/machines";

        p = strjoina(image_root, "/", local);

        if (force_local)
                (void) rm_rf(p, REMOVE_ROOT|REMOVE_PHYSICAL|REMOVE_SUBVOLUME);

        r = btrfs_subvol_snapshot(final, p, 0);
        if (r == -ENOTTY) {
                r = copy_tree(final, p, false);
                if (r < 0)
                        return log_error_errno(r, "Failed to copy image: %m");
        } else if (r < 0)
                return log_error_errno(r, "Failed to create local image: %m");

        log_info("Created new local image '%s'.", local);

        return 0;
}

int pull_make_path(const char *url, const char *etag, const char *image_root, const char *prefix, const char *suffix, char **ret) {
        _cleanup_free_ char *escaped_url = NULL;
        char *path;

        assert(url);
        assert(ret);

        if (!image_root)
                image_root = "/var/lib/machines";

        escaped_url = xescape(url, FILENAME_ESCAPE);
        if (!escaped_url)
                return -ENOMEM;

        if (etag) {
                _cleanup_free_ char *escaped_etag = NULL;

                escaped_etag = xescape(etag, FILENAME_ESCAPE);
                if (!escaped_etag)
                        return -ENOMEM;

                path = strjoin(image_root, "/", strempty(prefix), escaped_url, ".", escaped_etag, strempty(suffix), NULL);
        } else
                path = strjoin(image_root, "/", strempty(prefix), escaped_url, strempty(suffix), NULL);
        if (!path)
                return -ENOMEM;

        *ret = path;
        return 0;
}

int pull_make_verification_jobs(
                PullJob **ret_checksum_job,
                PullJob **ret_signature_job,
                ImportVerify verify,
                const char *url,
                CurlGlue *glue,
                PullJobFinished on_finished,
                void *userdata) {

        _cleanup_(pull_job_unrefp) PullJob *checksum_job = NULL, *signature_job = NULL;
        int r;

        assert(ret_checksum_job);
        assert(ret_signature_job);
        assert(verify >= 0);
        assert(verify < _IMPORT_VERIFY_MAX);
        assert(url);
        assert(glue);

        if (verify != IMPORT_VERIFY_NO) {
                _cleanup_free_ char *checksum_url = NULL;

                /* Queue job for the SHA256SUMS file for the image */
                r = import_url_change_last_component(url, "SHA256SUMS", &checksum_url);
                if (r < 0)
                        return r;

                r = pull_job_new(&checksum_job, checksum_url, glue, userdata);
                if (r < 0)
                        return r;

                checksum_job->on_finished = on_finished;
                checksum_job->uncompressed_max = checksum_job->compressed_max = 1ULL * 1024ULL * 1024ULL;
        }

        if (verify == IMPORT_VERIFY_SIGNATURE) {
                _cleanup_free_ char *signature_url = NULL;

                /* Queue job for the SHA256SUMS.gpg file for the image. */
                r = import_url_change_last_component(url, "SHA256SUMS.gpg", &signature_url);
                if (r < 0)
                        return r;

                r = pull_job_new(&signature_job, signature_url, glue, userdata);
                if (r < 0)
                        return r;

                signature_job->on_finished = on_finished;
                signature_job->uncompressed_max = signature_job->compressed_max = 1ULL * 1024ULL * 1024ULL;
        }

        *ret_checksum_job = checksum_job;
        *ret_signature_job = signature_job;

        checksum_job = signature_job = NULL;

        return 0;
}

int pull_verify(
                PullJob *main_job,
                PullJob *checksum_job,
                PullJob *signature_job) {

        _cleanup_close_pair_ int gpg_pipe[2] = { -1, -1 };
        _cleanup_free_ char *fn = NULL;
        _cleanup_close_ int sig_file = -1;
        const char *p, *line;
        char sig_file_path[] = "/tmp/sigXXXXXX", gpg_home[] = "/tmp/gpghomeXXXXXX";
        _cleanup_sigkill_wait_ pid_t pid = 0;
        bool gpg_home_created = false;
        int r;

        assert(main_job);
        assert(main_job->state == PULL_JOB_DONE);

        if (!checksum_job)
                return 0;

        assert(main_job->calc_checksum);
        assert(main_job->checksum);
        assert(checksum_job->state == PULL_JOB_DONE);

        if (!checksum_job->payload || checksum_job->payload_size <= 0) {
                log_error("Checksum is empty, cannot verify.");
                return -EBADMSG;
        }

        r = import_url_last_component(main_job->url, &fn);
        if (r < 0)
                return log_oom();

        if (!filename_is_valid(fn)) {
                log_error("Cannot verify checksum, could not determine valid server-side file name.");
                return -EBADMSG;
        }

        line = strjoina(main_job->checksum, " *", fn, "\n");

        p = memmem(checksum_job->payload,
                   checksum_job->payload_size,
                   line,
                   strlen(line));

        if (!p || (p != (char*) checksum_job->payload && p[-1] != '\n')) {
                log_error("Checksum did not check out, payload has been tempered with.");
                return -EBADMSG;
        }

        log_info("SHA256 checksum of %s is valid.", main_job->url);

        if (!signature_job)
                return 0;

        assert(signature_job->state == PULL_JOB_DONE);

        if (!signature_job->payload || signature_job->payload_size <= 0) {
                log_error("Signature is empty, cannot verify.");
                return -EBADMSG;
        }

        r = pipe2(gpg_pipe, O_CLOEXEC);
        if (r < 0)
                return log_error_errno(errno, "Failed to create pipe for gpg: %m");

        sig_file = mkostemp(sig_file_path, O_RDWR);
        if (sig_file < 0)
                return log_error_errno(errno, "Failed to create temporary file: %m");

        r = loop_write(sig_file, signature_job->payload, signature_job->payload_size, false);
        if (r < 0) {
                log_error_errno(r, "Failed to write to temporary file: %m");
                goto finish;
        }

        if (!mkdtemp(gpg_home)) {
                r = log_error_errno(errno, "Failed to create tempory home for gpg: %m");
                goto finish;
        }

        gpg_home_created = true;

        pid = fork();
        if (pid < 0)
                return log_error_errno(errno, "Failed to fork off gpg: %m");
        if (pid == 0) {
                const char *cmd[] = {
                        "gpg",
                        "--no-options",
                        "--no-default-keyring",
                        "--no-auto-key-locate",
                        "--no-auto-check-trustdb",
                        "--batch",
                        "--trust-model=always",
                        NULL, /* --homedir=  */
                        NULL, /* --keyring= */
                        NULL, /* --verify */
                        NULL, /* signature file */
                        NULL, /* dash */
                        NULL  /* trailing NULL */
                };
                unsigned k = ELEMENTSOF(cmd) - 6;
                int null_fd;

                /* Child */

                reset_all_signal_handlers();
                reset_signal_mask();
                assert_se(prctl(PR_SET_PDEATHSIG, SIGTERM) == 0);

                gpg_pipe[1] = safe_close(gpg_pipe[1]);

                if (dup2(gpg_pipe[0], STDIN_FILENO) != STDIN_FILENO) {
                        log_error_errno(errno, "Failed to dup2() fd: %m");
                        _exit(EXIT_FAILURE);
                }

                if (gpg_pipe[0] != STDIN_FILENO)
                        gpg_pipe[0] = safe_close(gpg_pipe[0]);

                null_fd = open("/dev/null", O_WRONLY|O_NOCTTY);
                if (null_fd < 0) {
                        log_error_errno(errno, "Failed to open /dev/null: %m");
                        _exit(EXIT_FAILURE);
                }

                if (dup2(null_fd, STDOUT_FILENO) != STDOUT_FILENO) {
                        log_error_errno(errno, "Failed to dup2() fd: %m");
                        _exit(EXIT_FAILURE);
                }

                if (null_fd != STDOUT_FILENO)
                        null_fd = safe_close(null_fd);

                cmd[k++] = strjoina("--homedir=", gpg_home);

                /* We add the user keyring only to the command line
                 * arguments, if it's around since gpg fails
                 * otherwise. */
                if (access(USER_KEYRING_PATH, F_OK) >= 0)
                        cmd[k++] = "--keyring=" USER_KEYRING_PATH;
                else
                        cmd[k++] = "--keyring=" VENDOR_KEYRING_PATH;

                cmd[k++] = "--verify";
                cmd[k++] = sig_file_path;
                cmd[k++] = "-";
                cmd[k++] = NULL;

                fd_cloexec(STDIN_FILENO, false);
                fd_cloexec(STDOUT_FILENO, false);
                fd_cloexec(STDERR_FILENO, false);

                execvp("gpg2", (char * const *) cmd);
                execvp("gpg", (char * const *) cmd);
                log_error_errno(errno, "Failed to execute gpg: %m");
                _exit(EXIT_FAILURE);
        }

        gpg_pipe[0] = safe_close(gpg_pipe[0]);

        r = loop_write(gpg_pipe[1], checksum_job->payload, checksum_job->payload_size, false);
        if (r < 0) {
                log_error_errno(r, "Failed to write to pipe: %m");
                goto finish;
        }

        gpg_pipe[1] = safe_close(gpg_pipe[1]);

        r = wait_for_terminate_and_warn("gpg", pid, true);
        pid = 0;
        if (r < 0)
                goto finish;
        if (r > 0) {
                log_error("Signature verification failed.");
                r = -EBADMSG;
        } else {
                log_info("Signature verification succeeded.");
                r = 0;
        }

finish:
        if (sig_file >= 0)
                unlink(sig_file_path);

        if (gpg_home_created)
                (void) rm_rf(gpg_home, REMOVE_ROOT|REMOVE_PHYSICAL);

        return r;
}
Commit	Line	Data
56ebfaf1 LP	1	/-- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil --/
	2
	3	/***
	4	This file is part of systemd.
	5
	6	Copyright 2015 Lennart Poettering
	7
	8	systemd is free software; you can redistribute it and/or modify it
	9	under the terms of the GNU Lesser General Public License as published by
	10	the Free Software Foundation; either version 2.1 of the License, or
	11	(at your option) any later version.
	12
	13	systemd is distributed in the hope that it will be useful, but
	14	WITHOUT ANY WARRANTY; without even the implied warranty of
	15	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	16	Lesser General Public License for more details.
	17
	18	You should have received a copy of the GNU Lesser General Public License
	19	along with systemd; If not, see <http://www.gnu.org/licenses/>.
	20	***/
	21
98c38001 LP	22	#include <sys/prctl.h>
98c38001 LP	23
56ebfaf1 LP	24	#include "util.h"
	25	#include "strv.h"
	26	#include "copy.h"
c6878637	27	#include "rm-rf.h"
56ebfaf1	28	#include "btrfs-util.h"
2c140ded	29	#include "capability.h"
dc2c282b LP	30	#include "pull-job.h"
dc2c282b LP	31	#include "pull-common.h"
0b452006	32	#include "process-util.h"
56ebfaf1 LP	33
	34	#define FILENAME_ESCAPE "/.#\"\'"
	35
dc2c282b	36	int pull_find_old_etags(const char url, const char image_root, int dt, const char prefix, const char suffix, char ***etags) {
56ebfaf1 LP	37	_cleanup_free_ char *escaped_url = NULL;
	38	_cleanup_closedir_ DIR *d = NULL;
	39	_cleanup_strv_free_ char **l = NULL;
	40	struct dirent *de;
	41	int r;
	42
	43	assert(url);
	44	assert(etags);
	45
	46	if (!image_root)
	47	image_root = "/var/lib/machines";
	48
	49	escaped_url = xescape(url, FILENAME_ESCAPE);
	50	if (!escaped_url)
	51	return -ENOMEM;
	52
	53	d = opendir(image_root);
	54	if (!d) {
	55	if (errno == ENOENT) {
	56	*etags = NULL;
	57	return 0;
	58	}
	59
	60	return -errno;
	61	}
	62
	63	FOREACH_DIRENT_ALL(de, d, return -errno) {
	64	const char a, b;
	65	char *u;
	66
	67	if (de->d_type != DT_UNKNOWN &&
	68	de->d_type != dt)
	69	continue;
	70
	71	if (prefix) {
	72	a = startswith(de->d_name, prefix);
	73	if (!a)
	74	continue;
	75	} else
	76	a = de->d_name;
	77
	78	a = startswith(a, escaped_url);
	79	if (!a)
	80	continue;
	81
	82	a = startswith(a, ".");
	83	if (!a)
	84	continue;
	85
	86	if (suffix) {
	87	b = endswith(de->d_name, suffix);
	88	if (!b)
	89	continue;
	90	} else
	91	b = strchr(de->d_name, 0);
	92
	93	if (a >= b)
	94	continue;
	95
527b7a42 LP	96	r = cunescape_length(a, b - a, 0, &u);
	97	if (r < 0)
	98	return r;
56ebfaf1 LP	99
	100	if (!http_etag_is_valid(u)) {
	101	free(u);
	102	continue;
	103	}
	104
	105	r = strv_consume(&l, u);
	106	if (r < 0)
	107	return r;
	108	}
	109
	110	*etags = l;
	111	l = NULL;
	112
	113	return 0;
	114	}
	115
dc2c282b	116	int pull_make_local_copy(const char final, const char image_root, const char *local, bool force_local) {
56ebfaf1 LP	117	const char *p;
	118	int r;
	119
	120	assert(final);
	121	assert(local);
	122
	123	if (!image_root)
	124	image_root = "/var/lib/machines";
	125
63c372cb	126	p = strjoina(image_root, "/", local);
56ebfaf1	127
d9e2daaf LP	128	if (force_local)
d9e2daaf LP	129	(void) rm_rf(p, REMOVE_ROOT\|REMOVE_PHYSICAL\|REMOVE_SUBVOLUME);
56ebfaf1	130
e9bc1871	131	r = btrfs_subvol_snapshot(final, p, 0);
56ebfaf1 LP	132	if (r == -ENOTTY) {
	133	r = copy_tree(final, p, false);
	134	if (r < 0)
	135	return log_error_errno(r, "Failed to copy image: %m");
	136	} else if (r < 0)
	137	return log_error_errno(r, "Failed to create local image: %m");
	138
	139	log_info("Created new local image '%s'.", local);
	140
	141	return 0;
	142	}
	143
dc2c282b	144	int pull_make_path(const char url, const char etag, const char image_root, const char prefix, const char suffix, char *ret) {
56ebfaf1 LP	145	_cleanup_free_ char *escaped_url = NULL;
	146	char *path;
	147
	148	assert(url);
	149	assert(ret);
	150
	151	if (!image_root)
	152	image_root = "/var/lib/machines";
	153
	154	escaped_url = xescape(url, FILENAME_ESCAPE);
	155	if (!escaped_url)
	156	return -ENOMEM;
	157
	158	if (etag) {
	159	_cleanup_free_ char *escaped_etag = NULL;
	160
	161	escaped_etag = xescape(etag, FILENAME_ESCAPE);
	162	if (!escaped_etag)
	163	return -ENOMEM;
	164
	165	path = strjoin(image_root, "/", strempty(prefix), escaped_url, ".", escaped_etag, strempty(suffix), NULL);
	166	} else
	167	path = strjoin(image_root, "/", strempty(prefix), escaped_url, strempty(suffix), NULL);
	168	if (!path)
	169	return -ENOMEM;
	170
	171	*ret = path;
	172	return 0;
	173	}
85dbc41d	174
dc2c282b LP	175	int pull_make_verification_jobs(
	176	PullJob **ret_checksum_job,
	177	PullJob **ret_signature_job,
98c38001 LP	178	ImportVerify verify,
	179	const char *url,
	180	CurlGlue *glue,
dc2c282b	181	PullJobFinished on_finished,
98c38001 LP	182	void *userdata) {
98c38001 LP	183
dc2c282b	184	_cleanup_(pull_job_unrefp) PullJob checksum_job = NULL, signature_job = NULL;
98c38001 LP	185	int r;
	186
	187	assert(ret_checksum_job);
	188	assert(ret_signature_job);
	189	assert(verify >= 0);
	190	assert(verify < _IMPORT_VERIFY_MAX);
	191	assert(url);
	192	assert(glue);
	193
	194	if (verify != IMPORT_VERIFY_NO) {
	195	_cleanup_free_ char *checksum_url = NULL;
	196
	197	/* Queue job for the SHA256SUMS file for the image */
	198	r = import_url_change_last_component(url, "SHA256SUMS", &checksum_url);
	199	if (r < 0)
	200	return r;
	201
dc2c282b	202	r = pull_job_new(&checksum_job, checksum_url, glue, userdata);
98c38001 LP	203	if (r < 0)
	204	return r;
	205
	206	checksum_job->on_finished = on_finished;
	207	checksum_job->uncompressed_max = checksum_job->compressed_max = 1ULL * 1024ULL * 1024ULL;
	208	}
	209
	210	if (verify == IMPORT_VERIFY_SIGNATURE) {
	211	_cleanup_free_ char *signature_url = NULL;
	212
	213	/* Queue job for the SHA256SUMS.gpg file for the image. */
	214	r = import_url_change_last_component(url, "SHA256SUMS.gpg", &signature_url);
	215	if (r < 0)
	216	return r;
	217
dc2c282b	218	r = pull_job_new(&signature_job, signature_url, glue, userdata);
98c38001 LP	219	if (r < 0)
	220	return r;
	221
	222	signature_job->on_finished = on_finished;
	223	signature_job->uncompressed_max = signature_job->compressed_max = 1ULL * 1024ULL * 1024ULL;
	224	}
	225
	226	*ret_checksum_job = checksum_job;
	227	*ret_signature_job = signature_job;
	228
	229	checksum_job = signature_job = NULL;
	230
	231	return 0;
	232	}
	233
dc2c282b LP	234	int pull_verify(
	235	PullJob *main_job,
	236	PullJob *checksum_job,
	237	PullJob *signature_job) {
98c38001 LP	238
	239	_cleanup_close_pair_ int gpg_pipe[2] = { -1, -1 };
	240	_cleanup_free_ char *fn = NULL;
	241	_cleanup_close_ int sig_file = -1;
	242	const char p, line;
0acfdffe	243	char sig_file_path[] = "/tmp/sigXXXXXX", gpg_home[] = "/tmp/gpghomeXXXXXX";
98c38001	244	_cleanup_sigkill_wait_ pid_t pid = 0;
0acfdffe	245	bool gpg_home_created = false;
98c38001 LP	246	int r;
	247
	248	assert(main_job);
dc2c282b	249	assert(main_job->state == PULL_JOB_DONE);
98c38001 LP	250
	251	if (!checksum_job)
	252	return 0;
	253
	254	assert(main_job->calc_checksum);
	255	assert(main_job->checksum);
dc2c282b	256	assert(checksum_job->state == PULL_JOB_DONE);
98c38001 LP	257
	258	if (!checksum_job->payload \|\| checksum_job->payload_size <= 0) {
	259	log_error("Checksum is empty, cannot verify.");
	260	return -EBADMSG;
	261	}
	262
	263	r = import_url_last_component(main_job->url, &fn);
	264	if (r < 0)
	265	return log_oom();
	266
	267	if (!filename_is_valid(fn)) {
	268	log_error("Cannot verify checksum, could not determine valid server-side file name.");
	269	return -EBADMSG;
	270	}
	271
63c372cb	272	line = strjoina(main_job->checksum, " *", fn, "\n");
98c38001 LP	273
	274	p = memmem(checksum_job->payload,
	275	checksum_job->payload_size,
	276	line,
	277	strlen(line));
	278
	279	if (!p \|\| (p != (char*) checksum_job->payload && p[-1] != '\n')) {
	280	log_error("Checksum did not check out, payload has been tempered with.");
	281	return -EBADMSG;
	282	}
	283
	284	log_info("SHA256 checksum of %s is valid.", main_job->url);
	285
	286	if (!signature_job)
	287	return 0;
	288
dc2c282b	289	assert(signature_job->state == PULL_JOB_DONE);
98c38001 LP	290
	291	if (!signature_job->payload \|\| signature_job->payload_size <= 0) {
	292	log_error("Signature is empty, cannot verify.");
	293	return -EBADMSG;
	294	}
	295
	296	r = pipe2(gpg_pipe, O_CLOEXEC);
	297	if (r < 0)
0100b6e1	298	return log_error_errno(errno, "Failed to create pipe for gpg: %m");
98c38001 LP	299
	300	sig_file = mkostemp(sig_file_path, O_RDWR);
	301	if (sig_file < 0)
	302	return log_error_errno(errno, "Failed to create temporary file: %m");
	303
	304	r = loop_write(sig_file, signature_job->payload, signature_job->payload_size, false);
	305	if (r < 0) {
	306	log_error_errno(r, "Failed to write to temporary file: %m");
	307	goto finish;
	308	}
	309
0acfdffe LP	310	if (!mkdtemp(gpg_home)) {
	311	r = log_error_errno(errno, "Failed to create tempory home for gpg: %m");
	312	goto finish;
	313	}
	314
	315	gpg_home_created = true;
	316
98c38001 LP	317	pid = fork();
	318	if (pid < 0)
	319	return log_error_errno(errno, "Failed to fork off gpg: %m");
	320	if (pid == 0) {
	321	const char *cmd[] = {
	322	"gpg",
	323	"--no-options",
	324	"--no-default-keyring",
	325	"--no-auto-key-locate",
	326	"--no-auto-check-trustdb",
	327	"--batch",
	328	"--trust-model=always",
0acfdffe LP	329	NULL, /* --homedir= */
0acfdffe LP	330	NULL, /* --keyring= */
98c38001 LP	331	NULL, /* --verify */
	332	NULL, /* signature file */
	333	NULL, /* dash */
	334	NULL /* trailing NULL */
	335	};
0acfdffe	336	unsigned k = ELEMENTSOF(cmd) - 6;
98c38001 LP	337	int null_fd;
	338
	339	/* Child */
	340
	341	reset_all_signal_handlers();
	342	reset_signal_mask();
	343	assert_se(prctl(PR_SET_PDEATHSIG, SIGTERM) == 0);
	344
	345	gpg_pipe[1] = safe_close(gpg_pipe[1]);
	346
	347	if (dup2(gpg_pipe[0], STDIN_FILENO) != STDIN_FILENO) {
	348	log_error_errno(errno, "Failed to dup2() fd: %m");
	349	_exit(EXIT_FAILURE);
	350	}
	351
	352	if (gpg_pipe[0] != STDIN_FILENO)
	353	gpg_pipe[0] = safe_close(gpg_pipe[0]);
	354
	355	null_fd = open("/dev/null", O_WRONLY\|O_NOCTTY);
	356	if (null_fd < 0) {
	357	log_error_errno(errno, "Failed to open /dev/null: %m");
	358	_exit(EXIT_FAILURE);
	359	}
	360
	361	if (dup2(null_fd, STDOUT_FILENO) != STDOUT_FILENO) {
	362	log_error_errno(errno, "Failed to dup2() fd: %m");
	363	_exit(EXIT_FAILURE);
	364	}
	365
	366	if (null_fd != STDOUT_FILENO)
	367	null_fd = safe_close(null_fd);
	368
0acfdffe LP	369	cmd[k++] = strjoina("--homedir=", gpg_home);
0acfdffe LP	370
98c38001 LP	371	/* We add the user keyring only to the command line
	372	* arguments, if it's around since gpg fails
	373	* otherwise. */
	374	if (access(USER_KEYRING_PATH, F_OK) >= 0)
	375	cmd[k++] = "--keyring=" USER_KEYRING_PATH;
1c49d1ba LP	376	else
1c49d1ba LP	377	cmd[k++] = "--keyring=" VENDOR_KEYRING_PATH;
98c38001 LP	378
	379	cmd[k++] = "--verify";
	380	cmd[k++] = sig_file_path;
	381	cmd[k++] = "-";
	382	cmd[k++] = NULL;
	383
3d7415f4 LP	384	fd_cloexec(STDIN_FILENO, false);
	385	fd_cloexec(STDOUT_FILENO, false);
	386	fd_cloexec(STDERR_FILENO, false);
	387
0acfdffe	388	execvp("gpg2", (char * const *) cmd);
98c38001 LP	389	execvp("gpg", (char * const *) cmd);
	390	log_error_errno(errno, "Failed to execute gpg: %m");
	391	_exit(EXIT_FAILURE);
	392	}
	393
	394	gpg_pipe[0] = safe_close(gpg_pipe[0]);
	395
	396	r = loop_write(gpg_pipe[1], checksum_job->payload, checksum_job->payload_size, false);
	397	if (r < 0) {
	398	log_error_errno(r, "Failed to write to pipe: %m");
	399	goto finish;
	400	}
	401
	402	gpg_pipe[1] = safe_close(gpg_pipe[1]);
	403
	404	r = wait_for_terminate_and_warn("gpg", pid, true);
	405	pid = 0;
	406	if (r < 0)
	407	goto finish;
	408	if (r > 0) {
	409	log_error("Signature verification failed.");
	410	r = -EBADMSG;
	411	} else {
	412	log_info("Signature verification succeeded.");
	413	r = 0;
	414	}
	415
	416	finish:
	417	if (sig_file >= 0)
	418	unlink(sig_file_path);
	419
0acfdffe	420	if (gpg_home_created)
c6878637	421	(void) rm_rf(gpg_home, REMOVE_ROOT\|REMOVE_PHYSICAL);
0acfdffe	422
98c38001 LP	423	return r;
98c38001 LP	424	}