diff --git a/lib/keystore.cc b/lib/keystore.cc index 7516ce4a37..fc7582157e 100644 --- a/lib/keystore.cc +++ b/lib/keystore.cc @@ -22,18 +22,13 @@ using std::string; -enum { - KEYRING_RPMDB = 1, - KEYRING_FS = 2, -}; - static int makePubkeyHeader(rpmts ts, rpmPubkey key, Header * hdrp); -static int rpmtsLoadKeyringFromFiles(rpmts ts, rpmKeyring keyring) +static int rpmtsLoadKeyringFromFiles(rpmtxn txn, rpmKeyring keyring) { ARGV_t files = NULL; /* XXX TODO: deal with chroot path issues */ - char *pkpath = rpmGetPath(ts->rootDir, "%{_keyringpath}/*.key", NULL); + char *pkpath = rpmGetPath(rpmtxnRootDir(txn), "%{_keyringpath}/*.key", NULL); int nkeys = 0; rpmlog(RPMLOG_DEBUG, "loading keyring from pubkeys in %s\n", pkpath); @@ -138,14 +133,14 @@ static rpmRC rpmtsImportFSKey(rpmtxn txn, rpmPubkey key, rpmFlags flags, int rep return rc; } -static int rpmtsLoadKeyringFromDB(rpmts ts, rpmKeyring keyring) +static int rpmtsLoadKeyringFromDB(rpmtxn txn, rpmKeyring keyring) { Header h; rpmdbMatchIterator mi; int nkeys = 0; rpmlog(RPMLOG_DEBUG, "loading keyring from rpmdb\n"); - mi = rpmtsInitIterator(ts, RPMDBI_NAME, "gpg-pubkey", 0); + mi = rpmtsInitIterator(rpmtxnTs(txn), RPMDBI_NAME, "gpg-pubkey", 0); while ((h = rpmdbNextIterator(mi)) != NULL) { struct rpmtd_s pubkeys; const char *key; @@ -410,32 +405,14 @@ rpmRC rpmKeystoreDeletePubkey(rpmtxn txn, rpmPubkey key) return rc; } -static int getKeyringType(void) -{ - int kt = KEYRING_RPMDB; - char *krtype = rpmExpand("%{?_keyring}", NULL); - - if (rstreq(krtype, "fs")) { - kt = KEYRING_FS; - } else if (*krtype && !rstreq(krtype, "rpmdb")) { - /* Fall back to using rpmdb if unknown, for now at least */ - rpmlog(RPMLOG_WARNING, - _("unknown keyring type: %s, using rpmdb\n"), krtype); - } - free(krtype); - - return kt; -} - -int rpmKeystoreLoad(rpmts ts, rpmKeyring keyring) +int rpmKeystoreLoad(rpmtxn txn, rpmKeyring keyring) { int nkeys = 0; - if (!ts->keyringtype) - ts->keyringtype = getKeyringType(); + rpmts ts = rpmtxnTs(txn); if (ts->keyringtype == KEYRING_FS) { - nkeys = rpmtsLoadKeyringFromFiles(ts, keyring); + nkeys = rpmtsLoadKeyringFromFiles(txn, keyring); } else { - nkeys = rpmtsLoadKeyringFromDB(ts, keyring); + nkeys = rpmtsLoadKeyringFromDB(txn, keyring); } return nkeys; } diff --git a/lib/keystore.hh b/lib/keystore.hh index 625989d5aa..5849f66a38 100644 --- a/lib/keystore.hh +++ b/lib/keystore.hh @@ -3,8 +3,13 @@ #include #include +enum { + KEYRING_RPMDB = 1, + KEYRING_FS = 2, +}; + RPM_GNUC_INTERNAL -int rpmKeystoreLoad(rpmts ts, rpmKeyring keyring); +int rpmKeystoreLoad(rpmtxn txn, rpmKeyring keyring); RPM_GNUC_INTERNAL rpmRC rpmKeystoreImportPubkey(rpmtxn txn, rpmPubkey key, int replace = 0); diff --git a/lib/rpmts.cc b/lib/rpmts.cc index ebaa354e09..66381e1c3b 100644 --- a/lib/rpmts.cc +++ b/lib/rpmts.cc @@ -264,13 +264,36 @@ int rpmtsSetKeyring(rpmts ts, rpmKeyring keyring) return 0; } +static int getKeyringType(void) +{ + int kt = KEYRING_RPMDB; + char *krtype = rpmExpand("%{?_keyring}", NULL); + + if (rstreq(krtype, "fs")) { + kt = KEYRING_FS; + } else if (*krtype && !rstreq(krtype, "rpmdb")) { + /* Fall back to using rpmdb if unknown, for now at least */ + rpmlog(RPMLOG_WARNING, + _("unknown keyring type: %s, using rpmdb\n"), krtype); + } + free(krtype); + + return kt; +} + static void loadKeyring(rpmts ts) { /* Never load the keyring if signature checking is disabled */ if ((rpmtsVSFlags(ts) & RPMVSF_MASK_NOSIGNATURES) != RPMVSF_MASK_NOSIGNATURES) { + if (!ts->keyringtype) + ts->keyringtype = getKeyringType(); ts->keyring = rpmKeyringNew(); - rpmKeystoreLoad(ts, ts->keyring); + rpmtxn txn = rpmtxnBegin(ts, RPMTXN_READ); + if (txn) { + rpmKeystoreLoad(txn, ts->keyring); + rpmtxnEnd(txn); + } } }