if confget("RPM::GPG::Check/b", "true") == "false" then
return
end
if table.getn(files_install) < 1 then
return
end
hash = '##############################'
hashestotal = string.len(hash)
interactive = confget("RPM::Interactive/b", "true")
quiet = tonumber(confget("quiet", 0))
keyspath = confget("RPM::GPG::KeysPath/f", "/etc/pki/rpm-gpg")
function printhash(amount, total)
percent = amount/total*100
if interactive == "true" then
nrhash = hashestotal - hashestotal / total * amount
line = string.format("%-31s[%3d%%]", string.sub(hash, nrhash), percent)
io.stdout.write(io.stdout, line)
io.stdout.flush(io.stdout)
for i = 1, string.len(line) do
io.stdout.write(io.stdout, '\b')
end
else
io.stdout.write(io.stdout, string.format("%%%% %f\n", percent))
end
end
function showerrors(i, msg)
apterror(msg)
end
good = 1
unknown = 0
illegal = 0
unsigned = 0
missing = 0
errors = {}
missings = {}
skiplist = confgetlist("RPM::GPG::Skip-Check", "")
-- Results are stored in global variables
function gpgcheck(silent)
good = 1
unknown = 0
illegal = 0
unsigned = 0
missing = 0
errors = {}
missings = {}
if not silent then
io.stdout.write(io.stdout, string.format("%-41s", _("Checking GPG signatures...")))
if interactive == "false" then
io.stdout.write(io.stdout, '\n')
end
end
for i, file in ipairs(files_install) do
local skipthis = false
for j, skip in ipairs(skiplist) do
start = string.find(pkgname(pkgs_install[i]), skip)
if start then
skipthis = true
aptwarning(_("Skipped GPG check on ")..pkgname(pkgs_install[i]))
break
end
end
if not silent and quiet == 0 then
printhash(i, table.getn(files_install))
end
if skipthis == false then
local inp = io.popen("LANG=C /bin/rpm --checksig "..file.." 2>&1")
for line in inp.lines(inp) do
if string.find(line, "rpmReadSignature") then
table.insert(errors, _("Illegal signature ")..line)
illegal = illegal + 1
good = nil
elseif string.find(line, " NOT OK") then
local index = string.find(line, "#")
if string.find(line, "MISSING") and index then
local keyid = string.lower(string.sub(line, index+1, index+8))
table.insert(errors, _("Missing key ")..line)
if not missings[keyid] then
missings[keyid] = {}
end
table.insert(missings[keyid], file)
missing = missing + 1
good = nil
else
table.insert(errors, _("Unknown error ")..line)
unknown = unknown + 1
good = nil
end
elseif string.find(line, " OK") then
if string.find(line, " gpg") or string.find(line, " pgp") then
break
else
table.insert(errors, _("Unsigned ")..line)
unsigned = unsigned + 1
good = nil
end
else
table.insert(errors, _("Unknown error ")..line)
unknown = unknown + 1
good = nil
end
end
io.close(inp)
end
end
if not silent and interactive == "true" then
io.stdout.write(io.stdout, '\n')
end
end
gpgcheck(false)
if not good and confget("RPM::GPG::Import-Missing/b", "true") == "true" then
-- Print list of missing keys
for i, msglist in pairs(missings) do
for j, file in pairs(msglist) do
print(_(" missing key #")..i.._(" for ")..file)
end
end
-- Search for missing keys
local keysimported = 0
local files = posix.dir(keyspath)
for i, file in ipairs(files) do
-- Get the Key ID
local keyid = nil
local inp = io.popen("LANG=C /usr/bin/gpg --no-options --no-default-keyring --keyring /dev/null --secret-keyring /dev/null "..keyspath.."/"..file.." 2>&1")
for line in inp.lines(inp) do
if string.sub(line, 1, 4) == "pub " then
keyid = string.lower(string.sub(line, 12, 19))
end
end
io.close(inp)
if keyid and missings[keyid] then
-- Note: Single kay could be imported several times
-- So neither pkgfind() nor `rpm -e --test` can be used
local ret = os.execute("LANG=C rpm -q gpg-pubkey-"..keyid.." > /dev/null 2>&1")
if ret == 0 then
aptwarning(_("Missing gpg key is already installed: #")..keyid)
else
local doimport = false
if confget("APT::Get::Assume-Yes/b", "false") == "true" then
doimport = true
else
io.stdout.write(io.stdout, _("Missing gpg key found").." ("..file..": #"..keyid..") ".._("Import it? [Y/n] "))
local answer = io.read()
answer = string.lower(string.sub(answer, 1, 1))
doimport = answer == "y" or answer == ""
end
if doimport then
local execpath = "LANG=C rpm --import "..keyspath.."/"..file
if quiet then
execpath = execpath .. " > /dev/null 2>&1"
end
if os.execute(execpath) > 0 then
print(_("Error importing GPG key"))
else
missings[keyid] = nil
keysimported = keysimported + 1
end
end
end
end
end
if keysimported > 0 then
gpgcheck(true)
end
end
if not good then
table.foreach(errors, showerrors)
apterror(_("Error(s) while checking package signatures:\n"..unsigned.." unsigned package(s)\n"..missing.." package(s) with missing signatures\n"..illegal.." package(s) with illegal/corrupted signatures\n"..unknown.." unknown error(s)"))
end
-- vim::sts=4:sw=4