diff --git a/include/rpm/rpmpgp.h b/include/rpm/rpmpgp.h index 89c5e35cf9..87a2a5bd2b 100644 --- a/include/rpm/rpmpgp.h +++ b/include/rpm/rpmpgp.h @@ -1054,6 +1054,32 @@ pgpArmor pgpParsePkts(const char *armor, uint8_t ** pkt, size_t * pktlen); */ int pgpPubKeyCertLen(const uint8_t *pkts, size_t pktslen, size_t *certlen); +/** \ingroup rpmpgp + * Lints the certificate. + * + * There are four cases: + * + * The packets do not describe a certificate: returns an error and + * sets *explanation to NULL. + * + * The packets describe a certificate and the certificate is + * completely unusable: returns an error and sets *explanation to a + * human readable explanation. + * + * The packets describe a certificate and some components are not + * usable: returns success, and sets *explanation to a human readable + * explanation. + * + * The packets describe a certificate and there are no lints: returns + * success, and sets *explanation to NULL. + * + * @param pkts OpenPGP pointer to a buffer with certificates + * @param pktslen length of the buffer with certificates + * @param[out] explanation An optional lint to display to the user. + * @return RPMRC_OK on success + */ +rpmRC pgpPubKeyLint(const uint8_t *pkts, size_t pktslen, char **explanation); + /** \ingroup rpmpgp * Wrap a OpenPGP packets in ascii armor for transport. * @param atype type of armor diff --git a/lib/rpmts.c b/lib/rpmts.c index 3de456af9b..932584cc69 100644 --- a/lib/rpmts.c +++ b/lib/rpmts.c @@ -604,6 +604,7 @@ rpmRC rpmtsImportPubkey(const rpmts ts, const unsigned char * pkt, size_t pktlen { Header h = NULL; rpmRC rc = RPMRC_FAIL; /* assume failure */ + char *lints = NULL; rpmPubkey pubkey = NULL; rpmPubkey *subkeys = NULL; int subkeysCount = 0; @@ -615,6 +616,20 @@ rpmRC rpmtsImportPubkey(const rpmts ts, const unsigned char * pkt, size_t pktlen if (txn == NULL) return rc; + krc = pgpPubKeyLint(pkt, pktlen, &lints); + if (lints) { + if (krc != RPMRC_OK) { + rpmlog(RPMLOG_ERR, _("%s\n"), lints); + } else { + rpmlog(RPMLOG_WARNING, _("%s\n"), lints); + } + free(lints); + } + if (krc != RPMRC_OK) { + rc = krc; + goto exit; + } + /* XXX keyring wont load if sigcheck disabled, force it temporarily */ rpmtsSetVSFlags(ts, (oflags & ~RPMVSF_MASK_NOSIGNATURES)); keyring = rpmtsGetKeyring(ts, 1); diff --git a/rpmio/rpmpgp_internal.c b/rpmio/rpmpgp_internal.c index ea3905bf81..d4dd4b89d1 100644 --- a/rpmio/rpmpgp_internal.c +++ b/rpmio/rpmpgp_internal.c @@ -1345,3 +1345,9 @@ char * pgpArmorWrap(int atype, const unsigned char * s, size_t ns) free(buf); return val; } + +rpmRC pgpPubKeyLint(const uint8_t *pkts, size_t pktslen, char **explanation) +{ + *explanation = NULL; + return RPMRC_OK; +}