Allow our PGP helper method to pass back the signature results

This will make its way up the call chain eventually to allow trusting
and importing of keys as necessary.

Signed-off-by: Dan McGee <dan@archlinux.org>

lib/libalpm/be_package.c

@@ -330,13 +330,18 @@ int _alpm_pkg_validate_internal(alpm_handle_t *handle,
 	/* even if we don't have a sig, run the check code if level tells us to */
 	if(has_sig || level & ALPM_SIG_PACKAGE) {
 		const char *sig = syncpkg ? syncpkg->base64_sig : NULL;
+		alpm_siglist_t *siglist;
 		_alpm_log(handle, ALPM_LOG_DEBUG, "sig data: %s\n", sig ? sig : "<from .sig>");
 		if(_alpm_check_pgp_helper(handle, pkgfile, sig,
 					level & ALPM_SIG_PACKAGE_OPTIONAL, level & ALPM_SIG_PACKAGE_MARGINAL_OK,
-					level & ALPM_SIG_PACKAGE_UNKNOWN_OK)) {
+					level & ALPM_SIG_PACKAGE_UNKNOWN_OK, &siglist)) {
 			handle->pm_errno = ALPM_ERR_PKG_INVALID_SIG;
+			alpm_siglist_cleanup(siglist);
+			free(siglist);
 			return -1;
 		}
+		alpm_siglist_cleanup(siglist);
+		free(siglist);
 	}
 
 	return 0;

lib/libalpm/be_sync.c

@@ -70,6 +70,7 @@ static int sync_db_validate(alpm_db_t *db)
 {
 	alpm_siglevel_t level;
 	const char *dbpath;
+	alpm_siglist_t *siglist;
 
 	if(db->status & DB_STATUS_VALID || db->status & DB_STATUS_MISSING) {
 		return 0;
@@ -102,10 +103,14 @@ static int sync_db_validate(alpm_db_t *db)
 	if(level & ALPM_SIG_DATABASE) {
 		if(_alpm_check_pgp_helper(db->handle, dbpath, NULL,
 					level & ALPM_SIG_DATABASE_OPTIONAL, level & ALPM_SIG_DATABASE_MARGINAL_OK,
-					level & ALPM_SIG_DATABASE_UNKNOWN_OK)) {
+					level & ALPM_SIG_DATABASE_UNKNOWN_OK, &siglist)) {
 			db->handle->pm_errno = ALPM_ERR_DB_INVALID_SIG;
+			alpm_siglist_cleanup(siglist);
+			free(siglist);
 			return 1;
 		}
+		alpm_siglist_cleanup(siglist);
+		free(siglist);
 	}
 
 valid:

lib/libalpm/signing.c

@@ -435,15 +435,17 @@ char *_alpm_sigpath(alpm_handle_t *handle, const char *path)
 }
 
 int _alpm_check_pgp_helper(alpm_handle_t *handle, const char *path,
-		const char *base64_sig, int optional, int marginal, int unknown)
+		const char *base64_sig, int optional, int marginal, int unknown,
+		alpm_siglist_t **sigdata)
 {
-	alpm_siglist_t siglist;
+	alpm_siglist_t *siglist;
 	int ret;
 
-	memset(&siglist, 0, sizeof(alpm_siglist_t));
+	CALLOC(siglist, 1, sizeof(alpm_siglist_t),
+			RET_ERR(handle, ALPM_ERR_MEMORY, -1));
 
 	_alpm_log(handle, ALPM_LOG_DEBUG, "checking signatures for %s\n", path);
-	ret = _alpm_gpgme_checksig(handle, path, base64_sig, &siglist);
+	ret = _alpm_gpgme_checksig(handle, path, base64_sig, siglist);
 	if(ret && handle->pm_errno == ALPM_ERR_SIG_MISSING) {
 		if(optional) {
 			_alpm_log(handle, ALPM_LOG_DEBUG, "missing optional signature\n");
@@ -458,12 +460,12 @@ int _alpm_check_pgp_helper(alpm_handle_t *handle, const char *path,
 		/* ret will already be -1 */
 	} else {
 		size_t num;
-		for(num = 0; !ret && num < siglist.count; num++) {
-			switch(siglist.results[num].status) {
+		for(num = 0; !ret && num < siglist->count; num++) {
+			switch(siglist->results[num].status) {
 				case ALPM_SIGSTATUS_VALID:
 				case ALPM_SIGSTATUS_KEY_EXPIRED:
 					_alpm_log(handle, ALPM_LOG_DEBUG, "signature is valid\n");
-					switch(siglist.results[num].validity) {
+					switch(siglist->results[num].validity) {
 						case ALPM_SIGVALIDITY_FULL:
 							_alpm_log(handle, ALPM_LOG_DEBUG, "signature is fully trusted\n");
 							break;
@@ -495,7 +497,13 @@ int _alpm_check_pgp_helper(alpm_handle_t *handle, const char *path,
 		}
 	}
 
-	alpm_siglist_cleanup(&siglist);
+	if(sigdata) {
+		*sigdata = siglist;
+	} else {
+		alpm_siglist_cleanup(siglist);
+		free(siglist);
+	}
+
 	return ret;
 }
 

lib/libalpm/signing.h

@@ -25,7 +25,8 @@ char *_alpm_sigpath(alpm_handle_t *handle, const char *path);
 int _alpm_gpgme_checksig(alpm_handle_t *handle, const char *path,
 		const char *base64_sig, alpm_siglist_t *result);
 int _alpm_check_pgp_helper(alpm_handle_t *handle, const char *path,
-		const char *base64_sig, int optional, int marginal, int unknown);
+		const char *base64_sig, int optional, int marginal, int unknown,
+		alpm_siglist_t **sigdata);
 
 #endif /* _ALPM_SIGNING_H */