7941de0
if confget("RPM::GPG::Check/b", "true") == "false" then
7941de0
    return
7941de0
end
7941de0
7941de0
if table.getn(files_install) < 1 then
7941de0
    return
7941de0
end
7941de0
7941de0
hash = '##############################'
7941de0
hashestotal = string.len(hash)
7941de0
interactive = confget("RPM::Interactive/b", "true")
7941de0
quiet = tonumber(confget("quiet", 0))
7941de0
keyspath = confget("RPM::GPG::KeysPath/f", "/etc/pki/rpm-gpg")
7941de0
7941de0
function printhash(amount, total)
7941de0
    percent = amount/total*100
7941de0
    if interactive == "true" then
7941de0
        nrhash = hashestotal - hashestotal / total * amount
7941de0
        line = string.format("%-31s[%3d%%]", string.sub(hash, nrhash), percent)
7941de0
        io.stdout.write(io.stdout, line)
7941de0
        io.stdout.flush(io.stdout)
7941de0
        for i = 1, string.len(line) do
7941de0
            io.stdout.write(io.stdout, '\b')
7941de0
        end
7941de0
    else
7941de0
        io.stdout.write(io.stdout, string.format("%%%% %f\n", percent))
7941de0
    end
7941de0
end
7941de0
	
7941de0
function showerrors(i, msg)
7941de0
    apterror(msg)
7941de0
end
7941de0
7941de0
good = 1
7941de0
unknown = 0
7941de0
illegal = 0
7941de0
unsigned = 0
7941de0
missing = 0
7941de0
errors = {}
7941de0
missings = {}
7941de0
7941de0
skiplist = confgetlist("RPM::GPG::Skip-Check", "")
7941de0
7941de0
-- Results are stored in global variables
7941de0
function gpgcheck(silent)
7941de0
    good = 1
7941de0
    unknown = 0
7941de0
    illegal = 0
7941de0
    unsigned = 0
7941de0
    missing = 0
7941de0
    errors = {}
7941de0
    missings = {}
7941de0
7941de0
    if not silent then
7941de0
        io.stdout.write(io.stdout, string.format("%-41s", _("Checking GPG signatures...")))
7941de0
        if interactive == "false" then
7941de0
            io.stdout.write(io.stdout, '\n')
7941de0
        end
7941de0
    end
7941de0
7941de0
    for i, file in ipairs(files_install) do
7941de0
        local skipthis = false
7941de0
        for j, skip in ipairs(skiplist) do
7941de0
            start = string.find(pkgname(pkgs_install[i]), skip)
7941de0
            if start then
7941de0
                skipthis = true
7941de0
                aptwarning(_("Skipped GPG check on ")..pkgname(pkgs_install[i]))
7941de0
                break
7941de0
            end
7941de0
        end
7941de0
7941de0
        if not silent and quiet == 0 then
7941de0
            printhash(i, table.getn(files_install))
7941de0
        end
7941de0
7941de0
        if skipthis == false then
7941de0
            local inp = io.popen("LANG=C /bin/rpm --checksig  "..file.." 2>&1")
7941de0
            for line in inp.lines(inp) do
7941de0
                if string.find(line, "rpmReadSignature") then
7941de0
                    table.insert(errors, _("Illegal signature ")..line)
7941de0
                    illegal = illegal + 1
7941de0
                    good = nil
7941de0
                elseif string.find(line, " NOT OK") then
7941de0
                    local index = string.find(line, "#")
7941de0
                    if string.find(line, "MISSING") and index then
7941de0
                        local keyid = string.lower(string.sub(line, index+1, index+8))
7941de0
                        table.insert(errors, _("Missing key ")..line)
7941de0
                        if not missings[keyid] then
7941de0
                            missings[keyid] = {}
7941de0
                        end
7941de0
                        table.insert(missings[keyid], file)
7941de0
                        missing = missing + 1
7941de0
                        good = nil
7941de0
                    else
7941de0
                        table.insert(errors, _("Unknown error ")..line)
7941de0
                        unknown = unknown + 1
7941de0
                        good = nil
7941de0
                    end
7941de0
                elseif string.find(line, " OK") then
7941de0
                    if string.find(line, " gpg") or string.find(line, " pgp") then
7941de0
                        break
7941de0
                    else
7941de0
                        table.insert(errors, _("Unsigned ")..line)
7941de0
                        unsigned = unsigned + 1
7941de0
                        good = nil
7941de0
                    end
7941de0
                else
7941de0
                    table.insert(errors, _("Unknown error ")..line)
7941de0
                    unknown = unknown + 1
7941de0
                    good = nil
7941de0
                end
7941de0
            end
7941de0
            io.close(inp)
7941de0
        end
7941de0
    end
7941de0
    if not silent and interactive == "true" then
7941de0
        io.stdout.write(io.stdout, '\n')
7941de0
    end
7941de0
end
7941de0
7941de0
gpgcheck(false)
7941de0
7941de0
if not good and confget("RPM::GPG::Import-Missing/b", "true") == "true" then
7941de0
    -- Print list of missing keys
7941de0
    for i, msglist in pairs(missings) do
7941de0
        for j, file in pairs(msglist) do
7941de0
            print(_("   missing key #")..i.._(" for ")..file)
7941de0
        end
7941de0
    end
7941de0
7941de0
    -- Search for missing keys
7941de0
    local keysimported = 0
7941de0
    local files = posix.dir(keyspath)
7941de0
    for i, file in ipairs(files) do
7941de0
        -- Get the Key ID
7941de0
        local keyid = nil
7941de0
        local inp = io.popen("LANG=C /usr/bin/gpg --no-options --no-default-keyring --keyring /dev/null --secret-keyring /dev/null "..keyspath.."/"..file.." 2>&1")
7941de0
        for line in inp.lines(inp) do
7941de0
    	    if string.sub(line, 1, 4) == "pub " then
7941de0
                keyid = string.lower(string.sub(line, 12, 19))
7941de0
            end
7941de0
        end
7941de0
        io.close(inp)
7941de0
7941de0
        if keyid and missings[keyid] then
7941de0
            -- Note: Single kay could be imported several times
7941de0
            -- So neither pkgfind() nor `rpm -e --test` can be used
7941de0
            local ret = os.execute("LANG=C rpm -q gpg-pubkey-"..keyid.." > /dev/null 2>&1")
7941de0
            if ret == 0 then
7941de0
                aptwarning(_("Missing gpg key is already installed: #")..keyid)
7941de0
            else
7941de0
                local doimport = false
7941de0
                if confget("APT::Get::Assume-Yes/b", "false") == "true" then
7941de0
                    doimport = true
7941de0
                else
7941de0
                    io.stdout.write(io.stdout, _("Missing gpg key found").." ("..file..": #"..keyid..") ".._("Import it? [Y/n] "))
7941de0
                    local answer = io.read()
7941de0
                    answer = string.lower(string.sub(answer, 1, 1))
7941de0
                    doimport = answer == "y" or answer == ""
7941de0
                end
7941de0
7941de0
                if doimport then
7941de0
                    local execpath = "LANG=C rpm --import "..keyspath.."/"..file
7941de0
                    if quiet then
7941de0
                        execpath = execpath .. " > /dev/null 2>&1"
7941de0
                    end
7941de0
                    if os.execute(execpath) > 0 then
7941de0
                        print(_("Error importing GPG key"))
7941de0
                    else
7941de0
                        missings[keyid] = nil
7941de0
                        keysimported = keysimported + 1
7941de0
                    end
7941de0
                end
7941de0
            end
7941de0
        end
7941de0
    end
7941de0
7941de0
    if keysimported > 0 then
7941de0
        gpgcheck(true)
7941de0
    end
7941de0
end
7941de0
7941de0
if not good then
7941de0
    table.foreach(errors, showerrors)
7941de0
    apterror(_("Error(s) while checking package signatures:\n"..unsigned.." unsigned package(s)\n"..missing.." package(s) with missing signatures\n"..illegal.." package(s) with illegal/corrupted signatures\n"..unknown.." unknown error(s)"))
7941de0
end
7941de0
7941de0
-- vim::sts=4:sw=4