mirror of
https://github.com/moparisthebest/pacman
synced 2024-12-22 15:58:50 -05:00
signing: delay gpgme_init() until latest possible moment
In the default configuration, we can enter the signing code but still have nothing to do with GPGME- for example, if database signatures are optional but none are present. Delay initialization of GPGME until we know there is a signature file present or we were passed base64-encoded data. This also makes debugging with valgrind a lot easier as you don't have to deal with all the GPGME error noise because their code leaks like a sieve. Signed-off-by: Dan McGee <dan@archlinux.org>
This commit is contained in:
parent
61c6ae01b3
commit
2a18171afa
@ -370,7 +370,7 @@ int _alpm_gpgme_checksig(alpm_handle_t *handle, const char *path,
|
|||||||
const char *base64_sig, alpm_siglist_t *siglist)
|
const char *base64_sig, alpm_siglist_t *siglist)
|
||||||
{
|
{
|
||||||
int ret = -1, sigcount;
|
int ret = -1, sigcount;
|
||||||
gpgme_error_t err;
|
gpgme_error_t err = 0;
|
||||||
gpgme_ctx_t ctx;
|
gpgme_ctx_t ctx;
|
||||||
gpgme_data_t filedata, sigdata;
|
gpgme_data_t filedata, sigdata;
|
||||||
gpgme_verify_result_t verify_result;
|
gpgme_verify_result_t verify_result;
|
||||||
@ -394,9 +394,27 @@ int _alpm_gpgme_checksig(alpm_handle_t *handle, const char *path,
|
|||||||
_alpm_access(handle, NULL, sigpath, R_OK);
|
_alpm_access(handle, NULL, sigpath, R_OK);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* does the file we are verifying exist? */
|
||||||
|
file = fopen(path, "rb");
|
||||||
|
if(file == NULL) {
|
||||||
|
handle->pm_errno = ALPM_ERR_NOT_A_FILE;
|
||||||
|
goto error;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* does the sig file exist (if we didn't get the data directly)? */
|
||||||
|
if(!base64_sig) {
|
||||||
|
sigfile = fopen(sigpath, "rb");
|
||||||
|
if(sigfile == NULL) {
|
||||||
|
_alpm_log(handle, ALPM_LOG_DEBUG, "sig path %s could not be opened\n",
|
||||||
|
sigpath);
|
||||||
|
handle->pm_errno = ALPM_ERR_SIG_MISSING;
|
||||||
|
goto error;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if(init_gpgme(handle)) {
|
if(init_gpgme(handle)) {
|
||||||
/* pm_errno was set in gpgme_init() */
|
/* pm_errno was set in gpgme_init() */
|
||||||
return -1;
|
goto error;
|
||||||
}
|
}
|
||||||
|
|
||||||
_alpm_log(handle, ALPM_LOG_DEBUG, "checking signature for %s\n", path);
|
_alpm_log(handle, ALPM_LOG_DEBUG, "checking signature for %s\n", path);
|
||||||
@ -409,11 +427,6 @@ int _alpm_gpgme_checksig(alpm_handle_t *handle, const char *path,
|
|||||||
CHECK_ERR();
|
CHECK_ERR();
|
||||||
|
|
||||||
/* create our necessary data objects to verify the signature */
|
/* create our necessary data objects to verify the signature */
|
||||||
file = fopen(path, "rb");
|
|
||||||
if(file == NULL) {
|
|
||||||
handle->pm_errno = ALPM_ERR_NOT_A_FILE;
|
|
||||||
goto error;
|
|
||||||
}
|
|
||||||
err = gpgme_data_new_from_stream(&filedata, file);
|
err = gpgme_data_new_from_stream(&filedata, file);
|
||||||
CHECK_ERR();
|
CHECK_ERR();
|
||||||
|
|
||||||
@ -425,19 +438,12 @@ int _alpm_gpgme_checksig(alpm_handle_t *handle, const char *path,
|
|||||||
&decoded_sigdata, &data_len);
|
&decoded_sigdata, &data_len);
|
||||||
if(decode_ret) {
|
if(decode_ret) {
|
||||||
handle->pm_errno = ALPM_ERR_SIG_INVALID;
|
handle->pm_errno = ALPM_ERR_SIG_INVALID;
|
||||||
goto error;
|
goto gpg_error;
|
||||||
}
|
}
|
||||||
err = gpgme_data_new_from_mem(&sigdata,
|
err = gpgme_data_new_from_mem(&sigdata,
|
||||||
(char *)decoded_sigdata, data_len, 0);
|
(char *)decoded_sigdata, data_len, 0);
|
||||||
} else {
|
} else {
|
||||||
/* file-based, it is on disk */
|
/* file-based, it is on disk */
|
||||||
sigfile = fopen(sigpath, "rb");
|
|
||||||
if(sigfile == NULL) {
|
|
||||||
_alpm_log(handle, ALPM_LOG_DEBUG, "sig path %s could not be opened\n",
|
|
||||||
sigpath);
|
|
||||||
handle->pm_errno = ALPM_ERR_SIG_MISSING;
|
|
||||||
goto error;
|
|
||||||
}
|
|
||||||
err = gpgme_data_new_from_stream(&sigdata, sigfile);
|
err = gpgme_data_new_from_stream(&sigdata, sigfile);
|
||||||
}
|
}
|
||||||
CHECK_ERR();
|
CHECK_ERR();
|
||||||
@ -450,14 +456,14 @@ int _alpm_gpgme_checksig(alpm_handle_t *handle, const char *path,
|
|||||||
if(!verify_result || !verify_result->signatures) {
|
if(!verify_result || !verify_result->signatures) {
|
||||||
_alpm_log(handle, ALPM_LOG_DEBUG, "no signatures returned\n");
|
_alpm_log(handle, ALPM_LOG_DEBUG, "no signatures returned\n");
|
||||||
handle->pm_errno = ALPM_ERR_SIG_MISSING;
|
handle->pm_errno = ALPM_ERR_SIG_MISSING;
|
||||||
goto error;
|
goto gpg_error;
|
||||||
}
|
}
|
||||||
for(gpgsig = verify_result->signatures, sigcount = 0;
|
for(gpgsig = verify_result->signatures, sigcount = 0;
|
||||||
gpgsig; gpgsig = gpgsig->next, sigcount++);
|
gpgsig; gpgsig = gpgsig->next, sigcount++);
|
||||||
_alpm_log(handle, ALPM_LOG_DEBUG, "%d signatures returned\n", sigcount);
|
_alpm_log(handle, ALPM_LOG_DEBUG, "%d signatures returned\n", sigcount);
|
||||||
|
|
||||||
CALLOC(siglist->results, sigcount, sizeof(alpm_sigresult_t),
|
CALLOC(siglist->results, sigcount, sizeof(alpm_sigresult_t),
|
||||||
handle->pm_errno = ALPM_ERR_MEMORY; goto error);
|
handle->pm_errno = ALPM_ERR_MEMORY; goto gpg_error);
|
||||||
siglist->count = sigcount;
|
siglist->count = sigcount;
|
||||||
|
|
||||||
for(gpgsig = verify_result->signatures, sigcount = 0; gpgsig;
|
for(gpgsig = verify_result->signatures, sigcount = 0; gpgsig;
|
||||||
@ -488,7 +494,7 @@ int _alpm_gpgme_checksig(alpm_handle_t *handle, const char *path,
|
|||||||
err = GPG_ERR_NO_ERROR;
|
err = GPG_ERR_NO_ERROR;
|
||||||
/* we dupe the fpr in this case since we have no key to point at */
|
/* we dupe the fpr in this case since we have no key to point at */
|
||||||
STRDUP(result->key.fingerprint, gpgsig->fpr,
|
STRDUP(result->key.fingerprint, gpgsig->fpr,
|
||||||
handle->pm_errno = ALPM_ERR_MEMORY; goto error);
|
handle->pm_errno = ALPM_ERR_MEMORY; goto gpg_error);
|
||||||
} else {
|
} else {
|
||||||
CHECK_ERR();
|
CHECK_ERR();
|
||||||
if(key->uids) {
|
if(key->uids) {
|
||||||
@ -555,10 +561,12 @@ int _alpm_gpgme_checksig(alpm_handle_t *handle, const char *path,
|
|||||||
|
|
||||||
ret = 0;
|
ret = 0;
|
||||||
|
|
||||||
error:
|
gpg_error:
|
||||||
gpgme_data_release(sigdata);
|
gpgme_data_release(sigdata);
|
||||||
gpgme_data_release(filedata);
|
gpgme_data_release(filedata);
|
||||||
gpgme_release(ctx);
|
gpgme_release(ctx);
|
||||||
|
|
||||||
|
error:
|
||||||
if(sigfile) {
|
if(sigfile) {
|
||||||
fclose(sigfile);
|
fclose(sigfile);
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user