From: Michael Tremer Date: Thu, 29 Jul 2021 15:38:21 +0000 (+0000) Subject: keystore: Move GPG stuff into an extra file X-Git-Tag: 0.9.28~1012 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9b0ee2714adb270146c99f7da9477d2d1654b4dd;p=pakfire.git keystore: Move GPG stuff into an extra file Signed-off-by: Michael Tremer --- diff --git a/Makefile.am b/Makefile.am index a355338ec..3f9fa5e58 100644 --- a/Makefile.am +++ b/Makefile.am @@ -229,6 +229,7 @@ libpakfire_la_SOURCES = \ src/libpakfire/file.c \ src/libpakfire/filelist.c \ src/libpakfire/key.c \ + src/libpakfire/keystore.c \ src/libpakfire/logging.c \ src/libpakfire/package.c \ src/libpakfire/packager.c \ @@ -264,6 +265,7 @@ pkginclude_HEADERS += \ src/libpakfire/include/pakfire/filelist.h \ src/libpakfire/include/pakfire/i18n.h \ src/libpakfire/include/pakfire/key.h \ + src/libpakfire/include/pakfire/keystore.h \ src/libpakfire/include/pakfire/logging.h \ src/libpakfire/include/pakfire/package.h \ src/libpakfire/include/pakfire/packager.h \ diff --git a/src/libpakfire/include/pakfire/keystore.h b/src/libpakfire/include/pakfire/keystore.h new file mode 100644 index 000000000..396ac6fe3 --- /dev/null +++ b/src/libpakfire/include/pakfire/keystore.h @@ -0,0 +1,35 @@ +/*############################################################################# +# # +# Pakfire - The IPFire package management system # +# Copyright (C) 2021 Pakfire development team # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +#############################################################################*/ + +#ifndef PAKFIRE_KEYSTORE_H +#define PAKFIRE_KEYSTORE_H + +#ifdef PAKFIRE_PRIVATE + +#include + +#include + +int pakfire_keystore_init(struct pakfire* pakfire, gpgme_ctx_t* ctx); +int pakfire_keystore_destroy(struct pakfire* pakfire, gpgme_ctx_t* ctx); + +#endif /* /PAKFIRE_PRIVATE */ + +#endif /* PAKFIRE_KEYSTORE_H */ diff --git a/src/libpakfire/keystore.c b/src/libpakfire/keystore.c new file mode 100644 index 000000000..3667d4385 --- /dev/null +++ b/src/libpakfire/keystore.c @@ -0,0 +1,112 @@ +/*############################################################################# +# # +# Pakfire - The IPFire package management system # +# Copyright (C) 2021 Pakfire development team # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +#############################################################################*/ + +#include + +#include + +#include +#include +#include +#include + +static int pakfire_init_gpgme(struct pakfire* pakfire) { + static int gpgme_initialized = 0; + + // Do nothing if gpgme is already initialized + if (gpgme_initialized) + return 0; + + // Initialize gpgme + const char* version = gpgme_check_version(NULL); + DEBUG(pakfire, "Loaded gpgme %s\n", version); + + // Check if we support OpenPGP + gpgme_error_t error = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP); + if (gpg_err_code(error) != GPG_ERR_NO_ERROR) { + ERROR(pakfire, "GPGME does not support OpenPGP\n"); + errno = ENOTSUP; + return 1; + } + + // Success + gpgme_initialized = 1; + return 0; +} + +int pakfire_keystore_init(struct pakfire* pakfire, gpgme_ctx_t* ctx) { + char path[PATH_MAX]; + + // Initialise GPGME + int r = pakfire_init_gpgme(pakfire); + if (r) + return r; + + gpgme_error_t error = gpgme_new(ctx); + if (gpg_err_code(error) != GPG_ERR_NO_ERROR) + goto ERROR; + + // Enable offline mode? + if (pakfire_has_flag(pakfire, PAKFIRE_FLAGS_OFFLINE)) + gpgme_set_offline(*ctx, 1); + + // Set output to be ASCII armoured + gpgme_set_armor(*ctx, 1); + + // Set home + r = pakfire_make_path(pakfire, path, "/etc/pakfire/gnupg"); + if (r < 0) + goto ERROR; + + DEBUG(pakfire, "Using PGP database at %s\n", path); + + // Create home + r = pakfire_mkdir(path, S_IRUSR|S_IWUSR|S_IXUSR); + if (r && errno != EEXIST) { + ERROR(pakfire, "Could not initialize the PGP database at %s: %m\n", path); + goto ERROR; + } + + // Setup engine + error = gpgme_ctx_set_engine_info(*ctx, GPGME_PROTOCOL_OpenPGP, NULL, path); + if (gpg_err_code(error) != GPG_ERR_NO_ERROR) + goto ERROR; + + // Show engine status + gpgme_engine_info_t engine_info = gpgme_ctx_get_engine_info(*ctx); + DEBUG(pakfire, "GPGME engine info: %s, path = %s\n", + engine_info->file_name, engine_info->home_dir); + + // Success + r = 0; + +ERROR: + gpgme_release(*ctx); + *ctx = NULL; + + return r; +} + +int pakfire_keystore_destroy(struct pakfire* pakfire, gpgme_ctx_t* ctx) { + // Free GPGME context + gpgme_release(*ctx); + + return 0; +} diff --git a/src/libpakfire/pakfire.c b/src/libpakfire/pakfire.c index b11d1674c..44cf7b918 100644 --- a/src/libpakfire/pakfire.c +++ b/src/libpakfire/pakfire.c @@ -46,6 +46,7 @@ #include #include #include +#include #include #include #include @@ -501,7 +502,7 @@ static int pakfire_mount_interpreter(struct pakfire* pakfire) { static void pakfire_free(struct pakfire* pakfire) { // Release GPGME context if (pakfire->gpgctx) - gpgme_release(pakfire->gpgctx); + pakfire_keystore_destroy(pakfire, &pakfire->gpgctx); // umount everything pakfire_umount(pakfire); @@ -1064,82 +1065,17 @@ PAKFIRE_EXPORT int pakfire_bind(struct pakfire* pakfire, const char* src, const return __mount(pakfire, src, mountpoint, NULL, flags|MS_BIND, NULL); } -static int pakfire_init_gpgme(struct pakfire* pakfire) { - static int gpgme_initialized = 0; - - // Do nothing if gpgme is already initialized - if (gpgme_initialized) - return 0; - - // Initialize gpgme - const char* version = gpgme_check_version(NULL); - DEBUG(pakfire, "Loaded gpgme %s\n", version); - - // Check if we support OpenPGP - gpgme_error_t error = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP); - if (gpg_err_code(error) != GPG_ERR_NO_ERROR) { - ERROR(pakfire, "GPGME does not support OpenPGP\n"); - errno = ENOTSUP; - return 1; - } - - // Success - gpgme_initialized = 1; - return 0; -} - gpgme_ctx_t pakfire_get_gpgctx(struct pakfire* pakfire) { - int r = pakfire_init_gpgme(pakfire); - if (r) - return NULL; - - char path[PATH_MAX]; - // Create a new context if not done, yet if (!pakfire->gpgctx) { - gpgme_error_t error = gpgme_new(&pakfire->gpgctx); - if (gpg_err_code(error) != GPG_ERR_NO_ERROR) - goto ERROR; - - // Enable offline mode? - if (pakfire_has_flag(pakfire, PAKFIRE_FLAGS_OFFLINE)) - gpgme_set_offline(pakfire->gpgctx, 1); - - // Set output to be ASCII armoured - gpgme_set_armor(pakfire->gpgctx, 1); - - // Set home - r = pakfire_make_path(pakfire, path, "/etc/pakfire/gnupg"); - if (r < 0) - goto ERROR; - - DEBUG(pakfire, "Using PGP database at %s\n", path); - - // Create home - r = pakfire_mkdir(path, S_IRUSR|S_IWUSR|S_IXUSR); - if (r && errno != EEXIST) { - ERROR(pakfire, "Could not initialize the PGP database at %s: %m\n", path); - goto ERROR; + int r = pakfire_keystore_init(pakfire, &pakfire->gpgctx); + if (r) { + ERROR(pakfire, "Could not initialize keystore: %m\n"); + return NULL; } - - // Setup engine - error = gpgme_ctx_set_engine_info(pakfire->gpgctx, GPGME_PROTOCOL_OpenPGP, NULL, path); - if (gpg_err_code(error) != GPG_ERR_NO_ERROR) - goto ERROR; - - // Show engine status - gpgme_engine_info_t engine_info = gpgme_ctx_get_engine_info(pakfire->gpgctx); - DEBUG(pakfire, "GPGME engine info: %s, path = %s\n", - engine_info->file_name, engine_info->home_dir); } return pakfire->gpgctx; - -ERROR: - gpgme_release(pakfire->gpgctx); - pakfire->gpgctx = NULL; - - return NULL; } PAKFIRE_EXPORT int pakfire_list_keys(struct pakfire* pakfire, struct pakfire_key*** keys) {