mirror of
https://github.com/moparisthebest/pacman
synced 2024-11-11 03:54:59 -05:00
signing: check validity of all available signatures
Change the check into a loop over all signatures present and returned by GPGME. Also modify the return values and checks slightly now that I know a little bit more about what type of values are returned. Signed-off-by: Dan McGee <dan@archlinux.org>
This commit is contained in:
parent
23a2d2c16a
commit
cf1401a04d
@ -292,7 +292,7 @@ int _alpm_gpgme_checksig(alpm_handle_t *handle, const char *path,
|
|||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
|
|
||||||
{
|
while(gpgsig) {
|
||||||
alpm_list_t *summary_list, *summary;
|
alpm_list_t *summary_list, *summary;
|
||||||
|
|
||||||
_alpm_log(handle, PM_LOG_DEBUG, "fingerprint: %s\n", gpgsig->fpr);
|
_alpm_log(handle, PM_LOG_DEBUG, "fingerprint: %s\n", gpgsig->fpr);
|
||||||
@ -304,37 +304,38 @@ int _alpm_gpgme_checksig(alpm_handle_t *handle, const char *path,
|
|||||||
_alpm_log(handle, PM_LOG_DEBUG, "status: %s\n", gpgme_strerror(gpgsig->status));
|
_alpm_log(handle, PM_LOG_DEBUG, "status: %s\n", gpgme_strerror(gpgsig->status));
|
||||||
_alpm_log(handle, PM_LOG_DEBUG, "timestamp: %lu\n", gpgsig->timestamp);
|
_alpm_log(handle, PM_LOG_DEBUG, "timestamp: %lu\n", gpgsig->timestamp);
|
||||||
_alpm_log(handle, PM_LOG_DEBUG, "exp_timestamp: %lu\n", gpgsig->exp_timestamp);
|
_alpm_log(handle, PM_LOG_DEBUG, "exp_timestamp: %lu\n", gpgsig->exp_timestamp);
|
||||||
_alpm_log(handle, PM_LOG_DEBUG, "validity: %s\n",
|
_alpm_log(handle, PM_LOG_DEBUG, "validity: %s; reason: %s\n",
|
||||||
string_validity(gpgsig->validity));
|
string_validity(gpgsig->validity),
|
||||||
_alpm_log(handle, PM_LOG_DEBUG, "validity_reason: %s\n",
|
|
||||||
gpgme_strerror(gpgsig->validity_reason));
|
gpgme_strerror(gpgsig->validity_reason));
|
||||||
_alpm_log(handle, PM_LOG_DEBUG, "pubkey algo: %s\n",
|
|
||||||
gpgme_pubkey_algo_name(gpgsig->pubkey_algo));
|
|
||||||
_alpm_log(handle, PM_LOG_DEBUG, "hash algo: %s\n",
|
|
||||||
gpgme_hash_algo_name(gpgsig->hash_algo));
|
|
||||||
}
|
|
||||||
|
|
||||||
|
/* Note: this is structured so any bad signature will set the return code
|
||||||
|
* to a bad one, but good ones just leave the default value in place; e.g.
|
||||||
|
* worst case wins out. */
|
||||||
if(gpgsig->summary & GPGME_SIGSUM_VALID) {
|
if(gpgsig->summary & GPGME_SIGSUM_VALID) {
|
||||||
/* good signature, continue */
|
/* definite good signature */
|
||||||
_alpm_log(handle, PM_LOG_DEBUG, _("File %s has a valid signature.\n"),
|
_alpm_log(handle, PM_LOG_DEBUG, "result: valid signature\n");
|
||||||
path);
|
|
||||||
} else if(gpgsig->summary & GPGME_SIGSUM_GREEN) {
|
} else if(gpgsig->summary & GPGME_SIGSUM_GREEN) {
|
||||||
/* 'green' signature, not sure what to do here */
|
/* good signature */
|
||||||
_alpm_log(handle, PM_LOG_WARNING, _("File %s has a green signature.\n"),
|
_alpm_log(handle, PM_LOG_DEBUG, "result: green signature\n");
|
||||||
path);
|
} else if(gpgsig->summary & GPGME_SIGSUM_RED) {
|
||||||
|
/* definite bad signature, error */
|
||||||
|
_alpm_log(handle, PM_LOG_DEBUG, "result: red signature\n");
|
||||||
|
handle->pm_errno = PM_ERR_SIG_INVALID;
|
||||||
|
ret = 1;
|
||||||
} else if(gpgsig->summary & GPGME_SIGSUM_KEY_MISSING) {
|
} else if(gpgsig->summary & GPGME_SIGSUM_KEY_MISSING) {
|
||||||
|
_alpm_log(handle, PM_LOG_DEBUG, "result: signature from unknown key\n");
|
||||||
handle->pm_errno = PM_ERR_SIG_UNKNOWN;
|
handle->pm_errno = PM_ERR_SIG_UNKNOWN;
|
||||||
_alpm_log(handle, PM_LOG_WARNING, _("File %s has a signature from an unknown key.\n"),
|
ret = 1;
|
||||||
path);
|
|
||||||
ret = -1;
|
|
||||||
} else {
|
} else {
|
||||||
/* we'll capture everything else here */
|
/* we'll capture everything else here */
|
||||||
|
_alpm_log(handle, PM_LOG_DEBUG, "result: invalid signature\n");
|
||||||
handle->pm_errno = PM_ERR_SIG_INVALID;
|
handle->pm_errno = PM_ERR_SIG_INVALID;
|
||||||
_alpm_log(handle, PM_LOG_ERROR, _("File %s has an invalid signature.\n"),
|
|
||||||
path);
|
|
||||||
ret = 1;
|
ret = 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
gpgsig = gpgsig->next;
|
||||||
|
}
|
||||||
|
|
||||||
error:
|
error:
|
||||||
gpgme_data_release(sigdata);
|
gpgme_data_release(sigdata);
|
||||||
gpgme_data_release(filedata);
|
gpgme_data_release(filedata);
|
||||||
|
Loading…
Reference in New Issue
Block a user