From 994cb4da4f6bc8efbb6a649cb7d99d95bce5c37a Mon Sep 17 00:00:00 2001 From: Dan McGee Date: Mon, 19 Sep 2011 21:51:30 -0500 Subject: [PATCH] Allow our PGP helper method to pass back the signature results This will make its way up the call chain eventually to allow trusting and importing of keys as necessary. Signed-off-by: Dan McGee --- lib/libalpm/be_package.c | 7 ++++++- lib/libalpm/be_sync.c | 7 ++++++- lib/libalpm/signing.c | 24 ++++++++++++++++-------- lib/libalpm/signing.h | 3 ++- 4 files changed, 30 insertions(+), 11 deletions(-) diff --git a/lib/libalpm/be_package.c b/lib/libalpm/be_package.c index b6cb8c4e..31a7297d 100644 --- a/lib/libalpm/be_package.c +++ b/lib/libalpm/be_package.c @@ -330,13 +330,18 @@ int _alpm_pkg_validate_internal(alpm_handle_t *handle, /* even if we don't have a sig, run the check code if level tells us to */ if(has_sig || level & ALPM_SIG_PACKAGE) { const char *sig = syncpkg ? syncpkg->base64_sig : NULL; + alpm_siglist_t *siglist; _alpm_log(handle, ALPM_LOG_DEBUG, "sig data: %s\n", sig ? sig : ""); if(_alpm_check_pgp_helper(handle, pkgfile, sig, level & ALPM_SIG_PACKAGE_OPTIONAL, level & ALPM_SIG_PACKAGE_MARGINAL_OK, - level & ALPM_SIG_PACKAGE_UNKNOWN_OK)) { + level & ALPM_SIG_PACKAGE_UNKNOWN_OK, &siglist)) { handle->pm_errno = ALPM_ERR_PKG_INVALID_SIG; + alpm_siglist_cleanup(siglist); + free(siglist); return -1; } + alpm_siglist_cleanup(siglist); + free(siglist); } return 0; diff --git a/lib/libalpm/be_sync.c b/lib/libalpm/be_sync.c index 7eb2539b..ef0f1ef4 100644 --- a/lib/libalpm/be_sync.c +++ b/lib/libalpm/be_sync.c @@ -70,6 +70,7 @@ static int sync_db_validate(alpm_db_t *db) { alpm_siglevel_t level; const char *dbpath; + alpm_siglist_t *siglist; if(db->status & DB_STATUS_VALID || db->status & DB_STATUS_MISSING) { return 0; @@ -102,10 +103,14 @@ static int sync_db_validate(alpm_db_t *db) if(level & ALPM_SIG_DATABASE) { if(_alpm_check_pgp_helper(db->handle, dbpath, NULL, level & ALPM_SIG_DATABASE_OPTIONAL, level & ALPM_SIG_DATABASE_MARGINAL_OK, - level & ALPM_SIG_DATABASE_UNKNOWN_OK)) { + level & ALPM_SIG_DATABASE_UNKNOWN_OK, &siglist)) { db->handle->pm_errno = ALPM_ERR_DB_INVALID_SIG; + alpm_siglist_cleanup(siglist); + free(siglist); return 1; } + alpm_siglist_cleanup(siglist); + free(siglist); } valid: diff --git a/lib/libalpm/signing.c b/lib/libalpm/signing.c index bcc91046..7e05a237 100644 --- a/lib/libalpm/signing.c +++ b/lib/libalpm/signing.c @@ -435,15 +435,17 @@ char *_alpm_sigpath(alpm_handle_t *handle, const char *path) } int _alpm_check_pgp_helper(alpm_handle_t *handle, const char *path, - const char *base64_sig, int optional, int marginal, int unknown) + const char *base64_sig, int optional, int marginal, int unknown, + alpm_siglist_t **sigdata) { - alpm_siglist_t siglist; + alpm_siglist_t *siglist; int ret; - memset(&siglist, 0, sizeof(alpm_siglist_t)); + CALLOC(siglist, 1, sizeof(alpm_siglist_t), + RET_ERR(handle, ALPM_ERR_MEMORY, -1)); _alpm_log(handle, ALPM_LOG_DEBUG, "checking signatures for %s\n", path); - ret = _alpm_gpgme_checksig(handle, path, base64_sig, &siglist); + ret = _alpm_gpgme_checksig(handle, path, base64_sig, siglist); if(ret && handle->pm_errno == ALPM_ERR_SIG_MISSING) { if(optional) { _alpm_log(handle, ALPM_LOG_DEBUG, "missing optional signature\n"); @@ -458,12 +460,12 @@ int _alpm_check_pgp_helper(alpm_handle_t *handle, const char *path, /* ret will already be -1 */ } else { size_t num; - for(num = 0; !ret && num < siglist.count; num++) { - switch(siglist.results[num].status) { + for(num = 0; !ret && num < siglist->count; num++) { + switch(siglist->results[num].status) { case ALPM_SIGSTATUS_VALID: case ALPM_SIGSTATUS_KEY_EXPIRED: _alpm_log(handle, ALPM_LOG_DEBUG, "signature is valid\n"); - switch(siglist.results[num].validity) { + switch(siglist->results[num].validity) { case ALPM_SIGVALIDITY_FULL: _alpm_log(handle, ALPM_LOG_DEBUG, "signature is fully trusted\n"); break; @@ -495,7 +497,13 @@ int _alpm_check_pgp_helper(alpm_handle_t *handle, const char *path, } } - alpm_siglist_cleanup(&siglist); + if(sigdata) { + *sigdata = siglist; + } else { + alpm_siglist_cleanup(siglist); + free(siglist); + } + return ret; } diff --git a/lib/libalpm/signing.h b/lib/libalpm/signing.h index 8e47b2cd..ee4a94a0 100644 --- a/lib/libalpm/signing.h +++ b/lib/libalpm/signing.h @@ -25,7 +25,8 @@ char *_alpm_sigpath(alpm_handle_t *handle, const char *path); int _alpm_gpgme_checksig(alpm_handle_t *handle, const char *path, const char *base64_sig, alpm_siglist_t *result); int _alpm_check_pgp_helper(alpm_handle_t *handle, const char *path, - const char *base64_sig, int optional, int marginal, int unknown); + const char *base64_sig, int optional, int marginal, int unknown, + alpm_siglist_t **sigdata); #endif /* _ALPM_SIGNING_H */