1
0
mirror of https://github.com/moparisthebest/pacman synced 2024-11-11 20:05:07 -05:00

Allow our PGP helper method to pass back the signature results

This will make its way up the call chain eventually to allow trusting
and importing of keys as necessary.

Signed-off-by: Dan McGee <dan@archlinux.org>
This commit is contained in:
Dan McGee 2011-09-19 21:51:30 -05:00
parent a27f993600
commit 994cb4da4f
4 changed files with 30 additions and 11 deletions

View File

@ -330,13 +330,18 @@ int _alpm_pkg_validate_internal(alpm_handle_t *handle,
/* even if we don't have a sig, run the check code if level tells us to */
if(has_sig || level & ALPM_SIG_PACKAGE) {
const char *sig = syncpkg ? syncpkg->base64_sig : NULL;
alpm_siglist_t *siglist;
_alpm_log(handle, ALPM_LOG_DEBUG, "sig data: %s\n", sig ? sig : "<from .sig>");
if(_alpm_check_pgp_helper(handle, pkgfile, sig,
level & ALPM_SIG_PACKAGE_OPTIONAL, level & ALPM_SIG_PACKAGE_MARGINAL_OK,
level & ALPM_SIG_PACKAGE_UNKNOWN_OK)) {
level & ALPM_SIG_PACKAGE_UNKNOWN_OK, &siglist)) {
handle->pm_errno = ALPM_ERR_PKG_INVALID_SIG;
alpm_siglist_cleanup(siglist);
free(siglist);
return -1;
}
alpm_siglist_cleanup(siglist);
free(siglist);
}
return 0;

View File

@ -70,6 +70,7 @@ static int sync_db_validate(alpm_db_t *db)
{
alpm_siglevel_t level;
const char *dbpath;
alpm_siglist_t *siglist;
if(db->status & DB_STATUS_VALID || db->status & DB_STATUS_MISSING) {
return 0;
@ -102,10 +103,14 @@ static int sync_db_validate(alpm_db_t *db)
if(level & ALPM_SIG_DATABASE) {
if(_alpm_check_pgp_helper(db->handle, dbpath, NULL,
level & ALPM_SIG_DATABASE_OPTIONAL, level & ALPM_SIG_DATABASE_MARGINAL_OK,
level & ALPM_SIG_DATABASE_UNKNOWN_OK)) {
level & ALPM_SIG_DATABASE_UNKNOWN_OK, &siglist)) {
db->handle->pm_errno = ALPM_ERR_DB_INVALID_SIG;
alpm_siglist_cleanup(siglist);
free(siglist);
return 1;
}
alpm_siglist_cleanup(siglist);
free(siglist);
}
valid:

View File

@ -435,15 +435,17 @@ char *_alpm_sigpath(alpm_handle_t *handle, const char *path)
}
int _alpm_check_pgp_helper(alpm_handle_t *handle, const char *path,
const char *base64_sig, int optional, int marginal, int unknown)
const char *base64_sig, int optional, int marginal, int unknown,
alpm_siglist_t **sigdata)
{
alpm_siglist_t siglist;
alpm_siglist_t *siglist;
int ret;
memset(&siglist, 0, sizeof(alpm_siglist_t));
CALLOC(siglist, 1, sizeof(alpm_siglist_t),
RET_ERR(handle, ALPM_ERR_MEMORY, -1));
_alpm_log(handle, ALPM_LOG_DEBUG, "checking signatures for %s\n", path);
ret = _alpm_gpgme_checksig(handle, path, base64_sig, &siglist);
ret = _alpm_gpgme_checksig(handle, path, base64_sig, siglist);
if(ret && handle->pm_errno == ALPM_ERR_SIG_MISSING) {
if(optional) {
_alpm_log(handle, ALPM_LOG_DEBUG, "missing optional signature\n");
@ -458,12 +460,12 @@ int _alpm_check_pgp_helper(alpm_handle_t *handle, const char *path,
/* ret will already be -1 */
} else {
size_t num;
for(num = 0; !ret && num < siglist.count; num++) {
switch(siglist.results[num].status) {
for(num = 0; !ret && num < siglist->count; num++) {
switch(siglist->results[num].status) {
case ALPM_SIGSTATUS_VALID:
case ALPM_SIGSTATUS_KEY_EXPIRED:
_alpm_log(handle, ALPM_LOG_DEBUG, "signature is valid\n");
switch(siglist.results[num].validity) {
switch(siglist->results[num].validity) {
case ALPM_SIGVALIDITY_FULL:
_alpm_log(handle, ALPM_LOG_DEBUG, "signature is fully trusted\n");
break;
@ -495,7 +497,13 @@ int _alpm_check_pgp_helper(alpm_handle_t *handle, const char *path,
}
}
alpm_siglist_cleanup(&siglist);
if(sigdata) {
*sigdata = siglist;
} else {
alpm_siglist_cleanup(siglist);
free(siglist);
}
return ret;
}

View File

@ -25,7 +25,8 @@ char *_alpm_sigpath(alpm_handle_t *handle, const char *path);
int _alpm_gpgme_checksig(alpm_handle_t *handle, const char *path,
const char *base64_sig, alpm_siglist_t *result);
int _alpm_check_pgp_helper(alpm_handle_t *handle, const char *path,
const char *base64_sig, int optional, int marginal, int unknown);
const char *base64_sig, int optional, int marginal, int unknown,
alpm_siglist_t **sigdata);
#endif /* _ALPM_SIGNING_H */