11 #include <zypp/base/String.h> 12 #include <zypp/base/Logger.h> 13 #include <zypp/base/Gettext.h> 30 static bool val = [](){
31 const char * env = getenv(
"ZYPP_REPOMD_WITH_PKCS7");
44 typedef function<void( const Pathname & file_r )>
PreCheckCB;
71 if ( keyhints.empty() )
73 DBG <<
"Check keyhints: " << keyhints.size() << endl;
75 auto keyRing { getZYpp()->keyRing() };
76 for (
const auto & p : keyhints )
try {
77 const std::string & file { p.first };
78 const std::string & keyid { p.second };
80 if ( keyRing->trustedPublicKeyData( keyid ) ) {
81 DBG <<
"Keyhint is already trusted: " << keyid <<
" (" << file <<
")" << endl;
85 DBG <<
"Keyhint search key " << keyid <<
" (" << file <<
")" << endl;
95 if ( not key.fileProvidesKey( keyid ) ) {
98 if ( not key.fileProvidesKey( keyid ) ) {
100 WAR <<
"Keyhint " << file <<
" does not contain a key with id " << keyid <<
". Skipping it." << endl;
107 keyRing->importKey( key,
false );
108 keyData = keyRing->publicKeyData( keyid );
112 WAR <<
"Keyhint " << keyid <<
" for " << keyData <<
" is not strong enough for auto import. Just caching it." << endl;
116 DBG <<
"Keyhint remember buddy " << keyData << endl;
121 catch (
const std::exception & exp )
124 {
INT <<
"Oops!" << endl; }
125 MIL <<
"Check keyhints done. Buddy keys: " << sigchecker_r.
buddyKeys().size() << endl;
141 WAR <<
"Non implemented" << endl;
149 WAR <<
"Non implemented" << endl;
170 Pathname sigpathLocal { destdir_r/sigpath };
171 Pathname keypathLocal { destdir_r/keypath };
183 if ( isSigned ||
repoInfo().repoGpgCheckIsMandatory() )
190 if (
PathInfo(keypathLocal).isExist() )
198 if ( masterIndex_r.
basename() ==
"repomd.xml" ) {
206 catch (
const std::exception & exp )
209 {
INT <<
"Oops!" << endl; }
212 checkers.
add( std::ref(sigchecker) );
216 WAR <<
"Accept unsigned repository because repoGpgCheck is not mandatory for " <<
repoInfo().
alias() << endl;
221 WAR <<
"Signature checking disabled in config of repository " <<
repoInfo().
alias() << endl;
225 start( destdir_r, media_r );
bool fileValidated() const
Whether the signature was actually successfully verified.
void checkExtraKeysInRepomd(MediaSetAccess &media_r, const Pathname &destdir_r, const Pathname &repomd_r, SignatureFileChecker &sigchecker_r)
void defaultDownloadMasterIndex(MediaSetAccess &media_r, const Pathname &destdir_r, const Pathname &masterIndex_r)
Common workflow downloading a (signed) master index file.
bool ZYPP_REPOMD_WITH_PKCS7()
static ZConfig & instance()
Singleton ctor.
Checks for the validity of a signature.
void addPublicKey(const PublicKey &publickey_r)
Add a public key to the list of known keys.
Store and operate with byte count.
std::optional< PluginRepoverification > _pluginRepoverification
Class representing one GPG Public Keys data.
Pathname pubkeyCachePath() const
Path where the pubkey caches.
void operator()(const Pathname &file_r) const
Call KeyRing::verifyFileSignatureWorkflow to verify the file.
Pathname extend(const std::string &r) const
Append string r to the last component of the path.
What is known about a repository.
static const Unit MB
1000^2 Byte
std::string basename() const
Return the last component of this path.
function< bool(const ProgressData &)> ReceiverFnc
Most simple version of progress reporting The percentage in most cases.
void setValidRepoSignature(TriBool value_r)
Set the value for validRepoSignature (or indeterminate if unsigned).
const KeyContext & keyContext() const
KeyContext passed to callbacks
void setMediaSetAccess(MediaSetAccess &media)
Sets the media set access that will be used to precache and to download the files when start is calle...
Pathname repoManagerRoot() const
The RepoManager root directory.
void start(const Pathname &dest_dir, const ProgressData::ReceiverFnc &progress=ProgressData::ReceiverFnc())
start the transfer to a destination directory dest_dir The media has to be provides with setMediaSetA...
const Pathname & signature() const
Detached signature or empty.
std::string alias() const
unique identifier for this source.
bool isExist() const
Return whether valid stat info exists.
std::vector< std::pair< std::string, std::string > > keyhints() const
gpg key hits shipped in keywords (bsc#1184326)
void add(const FileChecker &checker)
void reset()
Reset the transfer (jobs) list.
Interim helper class to collect global options and settings.
void setMetadataPath(const Pathname &path)
Set the path where the local metadata is stored.
int hardlinkCopy(const Pathname &oldpath, const Pathname &newpath)
Create newpath as hardlink or copy of oldpath.
const RepoInfo & repoInfo() const
const BuddyKeys & buddyKeys() const
#define ZYPP_CAUGHT(EXCPT)
Drops a logline telling the Exception was caught (in order to handle it).
Checker composed of more checkers.
Class representing one GPG Public Key (PublicKeyData + ASCII armored in a tempfile).
Reads through a repomd.xml file and collects type, location, checksum and other data about metadata f...
Base class for Exception.
static bool isSafeKeyId(const std::string &id_r)
!<
virtual void download(MediaSetAccess &media, const Pathname &dest_dir, const ProgressData::ReceiverFnc &progress=ProgressData::ReceiverFnc())
Download metadata to a local directory.
bool strToBool(const C_Str &str, bool default_r)
Parse str into a bool depending on the default value.
Wrapper class for ::stat/::lstat.
Interface of repomd.xml file reader.
Track changing files or directories.
static PublicKey noThrow(const Pathname &keyFile_r)
Static ctor returning an empty PublicKey rather than throwing.
virtual RepoStatus status(MediaSetAccess &media)
Status of the remote repository.
void enqueue(const OnMediaLocation &resource, const FileChecker &checker=FileChecker())
Enqueue a object for transferal, they will not be transferred until start() is called.
void addBuddyKey(std::string sid_r)
Easy-to use interface to the ZYPP dependency resolver.