]> git.ipfire.org Git - pakfire.git/commitdiff
projects / pakfire.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 35737de)
key: Make secret keys non-world-writable
authorMichael Tremer <michael.tremer@ipfire.org>
Thu, 12 Aug 2021 14:45:38 +0000 (14:45 +0000)
committerMichael Tremer <michael.tremer@ipfire.org>
Thu, 12 Aug 2021 14:45:38 +0000 (14:45 +0000)
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
src/libpakfire/include/pakfire/key.h patch | blob | blame | history
src/libpakfire/key.c patch | blob | blame | history
src/libpakfire/libpakfire.sym patch | blob | blame | history

diff --git a/src/libpakfire/include/pakfire/key.h b/src/libpakfire/include/pakfire/key.h
index 32e9befbc9200480494bba540ac4bf25485bc9cb..89605abf14e7f994aa6ad119ecc682dc355d620b 100644 (file)
--- a/src/libpakfire/include/pakfire/key.h
+++ b/src/libpakfire/include/pakfire/key.h
@@ -48,6 +48,7 @@ const char* pakfire_key_get_name(struct pakfire_key* key);
 const char* pakfire_key_get_email(struct pakfire_key* key);
 const char* pakfire_key_get_pubkey_algo(struct pakfire_key* key);
 size_t pakfire_key_get_pubkey_length(struct pakfire_key* key);
+int pakfire_key_has_secret(struct pakfire_key* key);
 time_t pakfire_key_get_created(struct pakfire_key* key);
 time_t pakfire_key_get_expires(struct pakfire_key* key);
 int pakfire_key_is_revoked(struct pakfire_key* key);
diff --git a/src/libpakfire/key.c b/src/libpakfire/key.c
index bcdc74f8a83f0e35723eaaf03acd9628b2033744..b0f7c2519520c780adcf95785229acff3fde6ea6 100644 (file)
--- a/src/libpakfire/key.c
+++ b/src/libpakfire/key.c
@@ -331,6 +331,13 @@ PAKFIRE_EXPORT size_t pakfire_key_get_pubkey_length(struct pakfire_key* key) {
        return 0;
 }
 
+PAKFIRE_EXPORT int pakfire_key_has_secret(struct pakfire_key* key) {
+       if (key->gpgkey)
+               return key->gpgkey->secret;
+
+       return 0;
+}
+
 PAKFIRE_EXPORT time_t pakfire_key_get_created(struct pakfire_key* key) {
        if (key->gpgkey->subkeys)
                return key->gpgkey->subkeys->timestamp;
@@ -382,6 +389,16 @@ static int pakfire_key_write_to_keystore(struct pakfire_key* key) {
                return 1;
        }
 
+       // Make files with secret keys non-world-readable
+       if (pakfire_key_has_secret(key)) {
+               r = chmod(path, 0600);
+               if (r) {
+                       ERROR(key->pakfire, "Could not chmod %s: %m\n", path);
+                       fclose(f);
+                       return r;
+               }
+       }
+
        // Write key to file
        r = pakfire_key_export(key, f, 0);
        if (r) {
diff --git a/src/libpakfire/libpakfire.sym b/src/libpakfire/libpakfire.sym
index e825bb8acf1e4b569088ccbd50fabe85764e49a8..21fe73fe746075eb2c2f85093f2c6cd553ba5a47 100644 (file)
--- a/src/libpakfire/libpakfire.sym
+++ b/src/libpakfire/libpakfire.sym
@@ -117,6 +117,7 @@ global:
        pakfire_key_get_pubkey_algo;
        pakfire_key_get_pubkey_length;
        pakfire_key_get_uid;
+       pakfire_key_has_secret;
        pakfire_key_import;
        pakfire_key_is_revoked;
        pakfire_key_ref;
Pakfire is the package management and build system for IPFire 3.x.