moparisthebest
/
pacman
mirror of https://github.com/moparisthebest/pacman
1
0
Fork 0
Code Issues Releases Wiki Activity

Allow VerifySig to act as a default verification in [options] 

* add _alpm_db_get_sigverify_level
* add alpm_option_{get,set}_default_sigverify

And set the default verification level to OPTIONAL if not set otherwise.

Signed-off-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
This commit is contained in:
Dave Reisner 2011-03-25 21:40:16 -04:00 committed by Dan McGee
parent 2c8c763723
commit 6760ec2b77
7 changed files with 70 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/libalpm/alpm.h
View File

@ -225,6 +225,9 @@ int alpm_option_set_usedelta(int usedelta);
int alpm_option_get_checkspace(void); int alpm_option_get_checkspace(void);
int alpm_option_set_checkspace(int checkspace); int alpm_option_set_checkspace(int checkspace);
pgp_verify_t alpm_option_get_default_sigverify(void);
int alpm_option_set_default_sigverify(pgp_verify_t level);
/** @} */ /** @} */
/** @addtogroup alpm_api_databases Database Functions /** @addtogroup alpm_api_databases Database Functions

15
lib/libalpm/handle.c
View File

@ -50,6 +50,8 @@ pmhandle_t *_alpm_handle_new()
CALLOC(handle, 1, sizeof(pmhandle_t), RET_ERR(PM_ERR_MEMORY, NULL)); CALLOC(handle, 1, sizeof(pmhandle_t), RET_ERR(PM_ERR_MEMORY, NULL));
handle->sigverify = PM_PGP_VERIFY_OPTIONAL;
return handle; return handle;
} }
@ -625,4 +627,17 @@ int SYMEXPORT alpm_option_set_checkspace(int checkspace)
return 0; return 0;
} }
int SYMEXPORT alpm_option_set_default_sigverify(pgp_verify_t level)
{
ASSERT(handle != NULL, RET_ERR(PM_ERR_HANDLE_NULL, -1));
handle->sigverify = level;
return 0;
}
pgp_verify_t SYMEXPORT alpm_option_get_default_sigverify()
{
ASSERT(handle != NULL, RET_ERR(PM_ERR_HANDLE_NULL, PM_PGP_VERIFY_UNKNOWN));
return handle->sigverify;
}
/* vim: set ts=2 sw=2 noet: */ /* vim: set ts=2 sw=2 noet: */

9
lib/libalpm/handle.h
View File

@ -68,10 +68,11 @@ typedef struct _pmhandle_t {
alpm_list_t *ignoregrp; /* List of groups to ignore */ alpm_list_t *ignoregrp; /* List of groups to ignore */
/* options */ /* options */
int usesyslog; /* Use syslog instead of logfile? */ /* TODO move to frontend */ int usesyslog; /* Use syslog instead of logfile? */ /* TODO move to frontend */
char *arch; /* Architecture of packages we should allow */ char *arch; /* Architecture of packages we should allow */
int usedelta; /* Download deltas if possible */ int usedelta; /* Download deltas if possible */
int checkspace; /* Check disk space before installing */ int checkspace; /* Check disk space before installing */
pgp_verify_t sigverify; /* Default signature verification level */
} pmhandle_t; } pmhandle_t;
/* global handle variable */ /* global handle variable */

25
lib/libalpm/signing.c
View File

@ -248,10 +248,28 @@ int _alpm_load_signature(const char *sigfile, pmpgpsig_t *pgpsig) {
return 0; return 0;
} }
/**
* Determines the necessity of checking for a valid PGP signature
* @param db the sync database to query
*
* @return signature verification level
*/
pgp_verify_t _alpm_db_get_sigverify_level(pmdb_t *db)
{
ALPM_LOG_FUNC;
ASSERT(db != NULL, RET_ERR(PM_ERR_DB_NULL, PM_PGP_VERIFY_UNKNOWN));
if(db->pgp_verify != PM_PGP_VERIFY_UNKNOWN) {
return db->pgp_verify;
} else {
return alpm_option_get_default_sigverify();
}
}
/** /**
* Check the PGP package signature for the given package file. * Check the PGP package signature for the given package file.
* @param pkg the package to check * @param pkg the package to check
* @return a int value : 0 (valid), 1 (invalid), -1 (an error occured) * @return a int value : 0 (valid), 1 (invalid), -1 (an error occurred)
*/ */
int SYMEXPORT alpm_pkg_check_pgp_signature(pmpkg_t *pkg) int SYMEXPORT alpm_pkg_check_pgp_signature(pmpkg_t *pkg)
{ {
@ -265,16 +283,15 @@ int SYMEXPORT alpm_pkg_check_pgp_signature(pmpkg_t *pkg)
/** /**
* Check the PGP package signature for the given database. * Check the PGP package signature for the given database.
* @param db the database to check * @param db the database to check
* @return a int value : 0 (valid), 1 (invalid), -1 (an error occured) * @return a int value : 0 (valid), 1 (invalid), -1 (an error occurred)
*/ */
int SYMEXPORT alpm_db_check_pgp_signature(pmdb_t *db) int SYMEXPORT alpm_db_check_pgp_signature(pmdb_t *db)
{ {
ALPM_LOG_FUNC; ALPM_LOG_FUNC;
ASSERT(db != NULL, return(0)); ASSERT(db != NULL, return 0);
return _alpm_gpgme_checksig(_alpm_db_path(db), return _alpm_gpgme_checksig(_alpm_db_path(db),
_alpm_db_pgpsig(db)); _alpm_db_pgpsig(db));
} }
/* vim: set ts=2 sw=2 noet: */ /* vim: set ts=2 sw=2 noet: */

1
lib/libalpm/signing.h
View File

@ -33,6 +33,7 @@ struct __pmpgpsig_t {
int _alpm_gpgme_checksig(const char *path, const pmpgpsig_t *sig); int _alpm_gpgme_checksig(const char *path, const pmpgpsig_t *sig);
int _alpm_load_signature(const char *sigfile, pmpgpsig_t *pgpsig); int _alpm_load_signature(const char *sigfile, pmpgpsig_t *pgpsig);
pgp_verify_t _alpm_db_get_sigverify_level(pmdb_t *db);
#endif /* _ALPM_SIGNING_H */ #endif /* _ALPM_SIGNING_H */

16
lib/libalpm/sync.c
View File

@ -842,6 +842,7 @@ int _alpm_sync_commit(pmtrans_t *trans, pmdb_t *db_local, alpm_list_t **data)
char *filepath = _alpm_filecache_find(filename); char *filepath = _alpm_filecache_find(filename);
const char *md5sum = alpm_pkg_get_md5sum(spkg); const char *md5sum = alpm_pkg_get_md5sum(spkg);
const pmpgpsig_t *pgpsig = alpm_pkg_get_pgpsig(spkg); const pmpgpsig_t *pgpsig = alpm_pkg_get_pgpsig(spkg);
pgp_verify_t check_sig;
/* check md5sum first */ /* check md5sum first */
if(test_md5sum(trans, filepath, md5sum) != 0) { if(test_md5sum(trans, filepath, md5sum) != 0) {
@ -853,10 +854,19 @@ int _alpm_sync_commit(pmtrans_t *trans, pmdb_t *db_local, alpm_list_t **data)
/* check PGP signature next */ /* check PGP signature next */
pmdb_t *sdb = alpm_pkg_get_db(spkg); pmdb_t *sdb = alpm_pkg_get_db(spkg);
if(sdb->pgp_verify != PM_PGP_VERIFY_NEVER) { check_sig = _alpm_db_get_sigverify_level(sdb);
if(check_sig == PM_PGP_VERIFY_UNKNOWN) {
_alpm_log(PM_LOG_ERROR, _("failed to determine signature verification "
"level for database: %s\n"), sdb->treename);
pm_errno = PM_ERR_PKG_INVALID;
goto error;
}
if(check_sig != PM_PGP_VERIFY_NEVER) {
int ret = _alpm_gpgme_checksig(filepath, pgpsig); int ret = _alpm_gpgme_checksig(filepath, pgpsig);
if((sdb->pgp_verify == PM_PGP_VERIFY_ALWAYS && ret != 0) || if((check_sig == PM_PGP_VERIFY_ALWAYS && ret != 0) ||
(sdb->pgp_verify == PM_PGP_VERIFY_OPTIONAL && ret == 1)) { (check_sig == PM_PGP_VERIFY_OPTIONAL && ret == 1)) {
errors++; errors++;
*data = alpm_list_add(*data, strdup(filename)); *data = alpm_list_add(*data, strdup(filename));
FREE(filepath); FREE(filepath);

12
src/pacman/pacman.c
View File

@ -1057,6 +1057,18 @@ static int _parse_options(const char *key, char *value,
pm_printf(PM_LOG_DEBUG, "config: xfercommand: %s\n", value); pm_printf(PM_LOG_DEBUG, "config: xfercommand: %s\n", value);
} else if (strcmp(key, "CleanMethod") == 0) { } else if (strcmp(key, "CleanMethod") == 0) {
setrepeatingoption(value, "CleanMethod", option_add_cleanmethod); setrepeatingoption(value, "CleanMethod", option_add_cleanmethod);
} else if(strcmp(key, "VerifySig") == 0) {
if (strcmp(value, "Always") == 0) {
alpm_option_set_default_sigverify(PM_PGP_VERIFY_ALWAYS);
} else if(strcmp(value, "Optional") == 0) {
alpm_option_set_default_sigverify(PM_PGP_VERIFY_OPTIONAL);
} else if(strcmp(value, "Never") == 0) {
alpm_option_set_default_sigverify(PM_PGP_VERIFY_NEVER);
} else {
pm_printf(PM_LOG_ERROR, _("invalid value for 'VerifySig' : '%s'\n"), value);
return 1;
}
pm_printf(PM_LOG_DEBUG, "config: setting default VerifySig: %s\n", value);
} else { } else {
pm_printf(PM_LOG_WARNING, pm_printf(PM_LOG_WARNING,