teknoraver / rpms / rpm

Forked from rpms/rpm 5 months ago
Clone

Blame rpm-4.12.0-gpg-passphrase1.patch

Lubos Kardos 7aff53
From 6a8924b4c9df8e3597f7b4aa3de46498d390c5a8 Mon Sep 17 00:00:00 2001
Lubos Kardos 7aff53
From: Lubos Kardos <lkardos@redhat.com>
Lubos Kardos 7aff53
Date: Tue, 9 Jun 2015 14:19:59 +0200
Lubos Kardos 7aff53
Subject: [PATCH 1/2] Use named pipe instead of stdin as input for gpg
Lubos Kardos 7aff53
Lubos Kardos 7aff53
This enables running gpg with access to the shell the rpmsign command
Lubos Kardos 7aff53
is running in. This is needed to allow gpg to get passphrase by itself.
Lubos Kardos 7aff53
---
Lubos Kardos 7aff53
 sign/rpmgensig.c | 105 ++++++++++++++++++++++++++++++++++++++++++-------------
Lubos Kardos 7aff53
 1 file changed, 80 insertions(+), 25 deletions(-)
Lubos Kardos 7aff53
Lubos Kardos 7aff53
diff --git a/sign/rpmgensig.c b/sign/rpmgensig.c
Lubos Kardos 7aff53
index 0bd14e3..9691f0d 100644
Lubos Kardos 7aff53
--- a/sign/rpmgensig.c
Lubos Kardos 7aff53
+++ b/sign/rpmgensig.c
Lubos Kardos 7aff53
@@ -8,6 +8,7 @@
Lubos Kardos 7aff53
 #include <errno.h>
Lubos Kardos 7aff53
 #include <sys/wait.h>
Lubos Kardos 7aff53
 #include <popt.h>
Lubos Kardos 7aff53
+#include <libgen.h>
Lubos Kardos 7aff53
 
Lubos Kardos 7aff53
 #include <rpm/rpmlib.h>			/* RPMSIGTAG & related */
Lubos Kardos 7aff53
 #include <rpm/rpmmacro.h>
Lubos Kardos 7aff53
@@ -33,6 +34,68 @@ typedef struct sigTarget_s {
Lubos Kardos 7aff53
     rpm_loff_t size;
Lubos Kardos 7aff53
 } *sigTarget;
Lubos Kardos 7aff53
 
Lubos Kardos 7aff53
+/*
Lubos Kardos 7aff53
+ * There is no function for creating unique temporary fifos so create
Lubos Kardos 7aff53
+ * unique temporary directory and then create fifo in it.
Lubos Kardos 7aff53
+ */
Lubos Kardos 7aff53
+static char *mkTempFifo(void)
Lubos Kardos 7aff53
+{
Lubos Kardos 7aff53
+    char *tmppath = NULL, *tmpdir = NULL, *fifofn = NULL;
Lubos Kardos 7aff53
+    mode_t mode;
Lubos Kardos 7aff53
+
Lubos Kardos 7aff53
+    tmppath = rpmExpand("%{_tmppath}", NULL);
Lubos Kardos 7aff53
+    if (rpmioMkpath(tmppath, 0755, (uid_t) -1, (gid_t) -1))
Lubos Kardos 7aff53
+	goto exit;
Lubos Kardos 7aff53
+
Lubos Kardos 7aff53
+
Lubos Kardos 7aff53
+    tmpdir = rpmGetPath(tmppath, "/rpm-tmp.XXXXXX", NULL);
Lubos Kardos 7aff53
+    mode = umask(0077);
Lubos Kardos 7aff53
+    tmpdir = mkdtemp(tmpdir);
Lubos Kardos 7aff53
+    umask(mode);
Lubos Kardos 7aff53
+    if (tmpdir == NULL) {
Lubos Kardos 7aff53
+	rpmlog(RPMLOG_ERR, _("error creating temp directory %s: %m\n"),
Lubos Kardos 7aff53
+	    tmpdir);
Lubos Kardos 7aff53
+	tmpdir = _free(tmpdir);
Lubos Kardos 7aff53
+	goto exit;
Lubos Kardos 7aff53
+    }
Lubos Kardos 7aff53
+
Lubos Kardos 7aff53
+    fifofn = rpmGetPath(tmpdir, "/fifo", NULL);
Lubos Kardos 7aff53
+    if (mkfifo(fifofn, 0600) == -1) {
Lubos Kardos 7aff53
+	rpmlog(RPMLOG_ERR, _("error creating fifo %s: %m\n"), fifofn);
Lubos Kardos 7aff53
+	fifofn = _free(fifofn);
Lubos Kardos 7aff53
+    }
Lubos Kardos 7aff53
+
Lubos Kardos 7aff53
+exit:
Lubos Kardos 7aff53
+    if (fifofn == NULL && tmpdir != NULL)
Lubos Kardos 7aff53
+	unlink(tmpdir);
Lubos Kardos 7aff53
+
Lubos Kardos 7aff53
+    free(tmppath);
Lubos Kardos 7aff53
+    free(tmpdir);
Lubos Kardos 7aff53
+
Lubos Kardos 7aff53
+    return fifofn;
Lubos Kardos 7aff53
+}
Lubos Kardos 7aff53
+
Lubos Kardos 7aff53
+/* Delete fifo and then temporary directory in which it was located */
Lubos Kardos 7aff53
+static int rpmRmTempFifo(const char *fn)
Lubos Kardos 7aff53
+{
Lubos Kardos 7aff53
+    int rc = 0;
Lubos Kardos 7aff53
+    char *dfn = NULL, *dir = NULL;
Lubos Kardos 7aff53
+
Lubos Kardos 7aff53
+    if ((rc = unlink(fn)) != 0) {
Lubos Kardos 7aff53
+	rpmlog(RPMLOG_ERR, _("error delete fifo %s: %m\n"), fn);
Lubos Kardos 7aff53
+	return rc;
Lubos Kardos 7aff53
+    }
Lubos Kardos 7aff53
+
Lubos Kardos 7aff53
+    dfn = xstrdup(fn);
Lubos Kardos 7aff53
+    dir = dirname(dfn);
Lubos Kardos 7aff53
+
Lubos Kardos 7aff53
+    if ((rc = rmdir(dir)) != 0)
Lubos Kardos 7aff53
+	rpmlog(RPMLOG_ERR, _("error delete directory %s: %m\n"), dir);
Lubos Kardos 7aff53
+    free(dfn);
Lubos Kardos 7aff53
+
Lubos Kardos 7aff53
+    return rc;
Lubos Kardos 7aff53
+}
Lubos Kardos 7aff53
+
Lubos Kardos 7aff53
 static int closeFile(FD_t *fdp)
Lubos Kardos 7aff53
 {
Lubos Kardos 7aff53
     if (fdp == NULL || *fdp == NULL)
Lubos Kardos 7aff53
@@ -186,8 +249,9 @@ static int runGPG(sigTarget sigt, const char *sigfile, const char * passPhrase)
Lubos Kardos 7aff53
 {
Lubos Kardos 7aff53
     int pid = 0, status;
Lubos Kardos 7aff53
     int inpipe[2];
Lubos Kardos 7aff53
-    int inpipe2[2];
Lubos Kardos 7aff53
     FILE * fpipe = NULL;
Lubos Kardos 7aff53
+    FD_t fnamedPipe = NULL;
Lubos Kardos 7aff53
+    char *namedPipeName = NULL;
Lubos Kardos 7aff53
     unsigned char buf[BUFSIZ];
Lubos Kardos 7aff53
     ssize_t count;
Lubos Kardos 7aff53
     ssize_t wantCount;
Lubos Kardos 7aff53
@@ -200,13 +264,9 @@ static int runGPG(sigTarget sigt, const char *sigfile, const char * passPhrase)
Lubos Kardos 7aff53
 	goto exit;
Lubos Kardos 7aff53
     }
Lubos Kardos 7aff53
 
Lubos Kardos 7aff53
-    inpipe2[0] = inpipe2[1] = 0;
Lubos Kardos 7aff53
-    if (pipe(inpipe2) < 0) {
Lubos Kardos 7aff53
-	rpmlog(RPMLOG_ERR, _("Couldn't create pipe for signing: %m"));
Lubos Kardos 7aff53
-	goto exit;
Lubos Kardos 7aff53
-    }
Lubos Kardos 7aff53
+    namedPipeName = mkTempFifo();
Lubos Kardos 7aff53
 
Lubos Kardos 7aff53
-    addMacro(NULL, "__plaintext_filename", NULL, "-", -1);
Lubos Kardos 7aff53
+    addMacro(NULL, "__plaintext_filename", NULL, namedPipeName, -1);
Lubos Kardos 7aff53
     addMacro(NULL, "__signature_filename", NULL, sigfile, -1);
Lubos Kardos 7aff53
 
Lubos Kardos 7aff53
     if (!(pid = fork())) {
Lubos Kardos 7aff53
@@ -217,9 +277,6 @@ static int runGPG(sigTarget sigt, const char *sigfile, const char * passPhrase)
Lubos Kardos 7aff53
 	(void) dup2(inpipe[0], 3);
Lubos Kardos 7aff53
 	(void) close(inpipe[1]);
Lubos Kardos 7aff53
 
Lubos Kardos 7aff53
-	(void) dup2(inpipe2[0], STDIN_FILENO);
Lubos Kardos 7aff53
-	(void) close(inpipe2[1]);
Lubos Kardos 7aff53
-
Lubos Kardos 7aff53
 	if (gpg_path && *gpg_path != '\0')
Lubos Kardos 7aff53
 	    (void) setenv("GNUPGHOME", gpg_path, 1);
Lubos Kardos 7aff53
 	(void) setenv("LC_ALL", "C", 1);
Lubos Kardos 7aff53
@@ -240,8 +297,6 @@ static int runGPG(sigTarget sigt, const char *sigfile, const char * passPhrase)
Lubos Kardos 7aff53
 
Lubos Kardos 7aff53
     (void) close(inpipe[0]);
Lubos Kardos 7aff53
     inpipe[0] = 0;
Lubos Kardos 7aff53
-    (void) close(inpipe2[0]);
Lubos Kardos 7aff53
-    inpipe2[0] = 0;
Lubos Kardos 7aff53
 
Lubos Kardos 7aff53
     fpipe = fdopen(inpipe[1], "w");
Lubos Kardos 7aff53
     if (!fpipe) {
Lubos Kardos 7aff53
@@ -257,12 +312,11 @@ static int runGPG(sigTarget sigt, const char *sigfile, const char * passPhrase)
Lubos Kardos 7aff53
     (void) fclose(fpipe);
Lubos Kardos 7aff53
     fpipe = NULL;
Lubos Kardos 7aff53
 
Lubos Kardos 7aff53
-    fpipe = fdopen(inpipe2[1], "w");
Lubos Kardos 7aff53
-    if (!fpipe) {
Lubos Kardos 7aff53
-	rpmlog(RPMLOG_ERR, _("fdopen failed\n"));
Lubos Kardos 7aff53
+    fnamedPipe = Fopen(namedPipeName, "w");
Lubos Kardos 7aff53
+    if (!fnamedPipe) {
Lubos Kardos 7aff53
+	rpmlog(RPMLOG_ERR, _("Fopen failed\n"));
Lubos Kardos 7aff53
 	goto exit;
Lubos Kardos 7aff53
     }
Lubos Kardos 7aff53
-    inpipe2[1] = 0;
Lubos Kardos 7aff53
 
Lubos Kardos 7aff53
     if (Fseek(sigt->fd, sigt->start, SEEK_SET) < 0) {
Lubos Kardos 7aff53
 	rpmlog(RPMLOG_ERR, _("Could not seek in file %s: %s\n"),
Lubos Kardos 7aff53
@@ -273,8 +327,8 @@ static int runGPG(sigTarget sigt, const char *sigfile, const char * passPhrase)
Lubos Kardos 7aff53
     size = sigt->size;
Lubos Kardos 7aff53
     wantCount = size < sizeof(buf) ? size : sizeof(buf);
Lubos Kardos 7aff53
     while ((count = Fread(buf, sizeof(buf[0]), wantCount, sigt->fd)) > 0) {
Lubos Kardos 7aff53
-	fwrite(buf, sizeof(buf[0]), count, fpipe);
Lubos Kardos 7aff53
-	if (ferror(fpipe)) {
Lubos Kardos 7aff53
+	Fwrite(buf, sizeof(buf[0]), count, fnamedPipe);
Lubos Kardos 7aff53
+	if (Ferror(fnamedPipe)) {
Lubos Kardos 7aff53
 	    rpmlog(RPMLOG_ERR, _("Could not write to pipe\n"));
Lubos Kardos 7aff53
 	    goto exit;
Lubos Kardos 7aff53
 	}
Lubos Kardos 7aff53
@@ -286,8 +340,8 @@ static int runGPG(sigTarget sigt, const char *sigfile, const char * passPhrase)
Lubos Kardos 7aff53
 		sigt->fileName, Fstrerror(sigt->fd));
Lubos Kardos 7aff53
 	goto exit;
Lubos Kardos 7aff53
     }
Lubos Kardos 7aff53
-    fclose(fpipe);
Lubos Kardos 7aff53
-    fpipe = NULL;
Lubos Kardos 7aff53
+    Fclose(fnamedPipe);
Lubos Kardos 7aff53
+    fnamedPipe = NULL;
Lubos Kardos 7aff53
 
Lubos Kardos 7aff53
     (void) waitpid(pid, &status, 0);
Lubos Kardos 7aff53
     pid = 0;
Lubos Kardos 7aff53
@@ -307,15 +361,16 @@ exit:
Lubos Kardos 7aff53
     if (inpipe[1])
Lubos Kardos 7aff53
 	close(inpipe[1]);
Lubos Kardos 7aff53
 
Lubos Kardos 7aff53
-    if (inpipe2[0])
Lubos Kardos 7aff53
-	close(inpipe[0]);
Lubos Kardos 7aff53
-
Lubos Kardos 7aff53
-    if (inpipe2[1])
Lubos Kardos 7aff53
-	close(inpipe[1]);
Lubos Kardos 7aff53
+    if (fnamedPipe)
Lubos Kardos 7aff53
+	Fclose(fnamedPipe);
Lubos Kardos 7aff53
 
Lubos Kardos 7aff53
     if (pid)
Lubos Kardos 7aff53
 	waitpid(pid, &status, 0);
Lubos Kardos 7aff53
 
Lubos Kardos 7aff53
+    if (namedPipeName) {
Lubos Kardos 7aff53
+	rpmRmTempFifo(namedPipeName);
Lubos Kardos 7aff53
+	free(namedPipeName);
Lubos Kardos 7aff53
+    }
Lubos Kardos 7aff53
 
Lubos Kardos 7aff53
     return rc;
Lubos Kardos 7aff53
 }
Lubos Kardos 7aff53
-- 
Lubos Kardos 7aff53
1.9.3
Lubos Kardos 7aff53