moparisthebest/pacman
1
0
Fork 0
mirror of https://github.com/moparisthebest/pacman synced 2024-11-11 20:05:07 -05:00
Code Issues Releases Wiki Activity

Allow our PGP helper method to pass back the signature results

Browse Source 
This will make its way up the call chain eventually to allow trusting
and importing of keys as necessary.

Signed-off-by: Dan McGee <dan@archlinux.org>
This commit is contained in:
Dan McGee 2011-09-19 21:51:30 -05:00
parent a27f993600
commit 994cb4da4f
4 changed files with 30 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
lib/libalpm/be_package.c
View File

@ -330,13 +330,18 @@ int _alpm_pkg_validate_internal(alpm_handle_t *handle,
/* even if we don't have a sig, run the check code if level tells us to */ /* even if we don't have a sig, run the check code if level tells us to */
if(has_sig || level & ALPM_SIG_PACKAGE) { if(has_sig || level & ALPM_SIG_PACKAGE) {
const char *sig = syncpkg ? syncpkg->base64_sig : NULL; const char *sig = syncpkg ? syncpkg->base64_sig : NULL;
alpm_siglist_t *siglist;
_alpm_log(handle, ALPM_LOG_DEBUG, "sig data: %s\n", sig ? sig : "<from .sig>"); _alpm_log(handle, ALPM_LOG_DEBUG, "sig data: %s\n", sig ? sig : "<from .sig>");
if(_alpm_check_pgp_helper(handle, pkgfile, sig, if(_alpm_check_pgp_helper(handle, pkgfile, sig,
level & ALPM_SIG_PACKAGE_OPTIONAL, level & ALPM_SIG_PACKAGE_MARGINAL_OK, level & ALPM_SIG_PACKAGE_OPTIONAL, level & ALPM_SIG_PACKAGE_MARGINAL_OK,
level & ALPM_SIG_PACKAGE_UNKNOWN_OK)) { level & ALPM_SIG_PACKAGE_UNKNOWN_OK, &siglist)) {
handle->pm_errno = ALPM_ERR_PKG_INVALID_SIG; handle->pm_errno = ALPM_ERR_PKG_INVALID_SIG;
alpm_siglist_cleanup(siglist);
free(siglist);
return -1; return -1;
} }
alpm_siglist_cleanup(siglist);
free(siglist);
} }
return 0; return 0;

7
lib/libalpm/be_sync.c
View File

@ -70,6 +70,7 @@ static int sync_db_validate(alpm_db_t *db)
{ {
alpm_siglevel_t level; alpm_siglevel_t level;
const char *dbpath; const char *dbpath;
alpm_siglist_t *siglist;
if(db->status & DB_STATUS_VALID || db->status & DB_STATUS_MISSING) { if(db->status & DB_STATUS_VALID || db->status & DB_STATUS_MISSING) {
return 0; return 0;
@ -102,10 +103,14 @@ static int sync_db_validate(alpm_db_t *db)
if(level & ALPM_SIG_DATABASE) { if(level & ALPM_SIG_DATABASE) {
if(_alpm_check_pgp_helper(db->handle, dbpath, NULL, if(_alpm_check_pgp_helper(db->handle, dbpath, NULL,
level & ALPM_SIG_DATABASE_OPTIONAL, level & ALPM_SIG_DATABASE_MARGINAL_OK, level & ALPM_SIG_DATABASE_OPTIONAL, level & ALPM_SIG_DATABASE_MARGINAL_OK,
level & ALPM_SIG_DATABASE_UNKNOWN_OK)) { level & ALPM_SIG_DATABASE_UNKNOWN_OK, &siglist)) {
db->handle->pm_errno = ALPM_ERR_DB_INVALID_SIG; db->handle->pm_errno = ALPM_ERR_DB_INVALID_SIG;
alpm_siglist_cleanup(siglist);
free(siglist);
return 1; return 1;
} }
alpm_siglist_cleanup(siglist);
free(siglist);
} }
valid: valid:

24
lib/libalpm/signing.c
View File

@ -435,15 +435,17 @@ char *_alpm_sigpath(alpm_handle_t *handle, const char *path)
} }
int _alpm_check_pgp_helper(alpm_handle_t *handle, const char *path, int _alpm_check_pgp_helper(alpm_handle_t *handle, const char *path,
const char *base64_sig, int optional, int marginal, int unknown) const char *base64_sig, int optional, int marginal, int unknown,
alpm_siglist_t **sigdata)
{ {
alpm_siglist_t siglist; alpm_siglist_t *siglist;
int ret; int ret;
memset(&siglist, 0, sizeof(alpm_siglist_t)); CALLOC(siglist, 1, sizeof(alpm_siglist_t),
RET_ERR(handle, ALPM_ERR_MEMORY, -1));
_alpm_log(handle, ALPM_LOG_DEBUG, "checking signatures for %s\n", path); _alpm_log(handle, ALPM_LOG_DEBUG, "checking signatures for %s\n", path);
ret = _alpm_gpgme_checksig(handle, path, base64_sig, &siglist); ret = _alpm_gpgme_checksig(handle, path, base64_sig, siglist);
if(ret && handle->pm_errno == ALPM_ERR_SIG_MISSING) { if(ret && handle->pm_errno == ALPM_ERR_SIG_MISSING) {
if(optional) { if(optional) {
_alpm_log(handle, ALPM_LOG_DEBUG, "missing optional signature\n"); _alpm_log(handle, ALPM_LOG_DEBUG, "missing optional signature\n");
@ -458,12 +460,12 @@ int _alpm_check_pgp_helper(alpm_handle_t *handle, const char *path,
/* ret will already be -1 */ /* ret will already be -1 */
} else { } else {
size_t num; size_t num;
for(num = 0; !ret && num < siglist.count; num++) { for(num = 0; !ret && num < siglist->count; num++) {
switch(siglist.results[num].status) { switch(siglist->results[num].status) {
case ALPM_SIGSTATUS_VALID: case ALPM_SIGSTATUS_VALID:
case ALPM_SIGSTATUS_KEY_EXPIRED: case ALPM_SIGSTATUS_KEY_EXPIRED:
_alpm_log(handle, ALPM_LOG_DEBUG, "signature is valid\n"); _alpm_log(handle, ALPM_LOG_DEBUG, "signature is valid\n");
switch(siglist.results[num].validity) { switch(siglist->results[num].validity) {
case ALPM_SIGVALIDITY_FULL: case ALPM_SIGVALIDITY_FULL:
_alpm_log(handle, ALPM_LOG_DEBUG, "signature is fully trusted\n"); _alpm_log(handle, ALPM_LOG_DEBUG, "signature is fully trusted\n");
break; break;
@ -495,7 +497,13 @@ int _alpm_check_pgp_helper(alpm_handle_t *handle, const char *path,
} }
} }
alpm_siglist_cleanup(&siglist); if(sigdata) {
*sigdata = siglist;
} else {
alpm_siglist_cleanup(siglist);
free(siglist);
}
return ret; return ret;
} }

3
lib/libalpm/signing.h
View File

@ -25,7 +25,8 @@ char *_alpm_sigpath(alpm_handle_t *handle, const char *path);
int _alpm_gpgme_checksig(alpm_handle_t *handle, const char *path, int _alpm_gpgme_checksig(alpm_handle_t *handle, const char *path,
const char *base64_sig, alpm_siglist_t *result); const char *base64_sig, alpm_siglist_t *result);
int _alpm_check_pgp_helper(alpm_handle_t *handle, const char *path, int _alpm_check_pgp_helper(alpm_handle_t *handle, const char *path,
const char *base64_sig, int optional, int marginal, int unknown); const char *base64_sig, int optional, int marginal, int unknown,
alpm_siglist_t **sigdata);
#endif /* _ALPM_SIGNING_H */ #endif /* _ALPM_SIGNING_H */