diff --git a/lib/libalpm/alpm.h b/lib/libalpm/alpm.h index 2277a69c..806cd959 100644 --- a/lib/libalpm/alpm.h +++ b/lib/libalpm/alpm.h @@ -1267,6 +1267,7 @@ typedef enum _alpm_errno_t { ALPM_ERR_PKG_INVALID, ALPM_ERR_PKG_INVALID_CHECKSUM, ALPM_ERR_PKG_INVALID_SIG, + ALPM_ERR_PKG_MISSING_SIG, ALPM_ERR_PKG_OPEN, ALPM_ERR_PKG_CANT_REMOVE, ALPM_ERR_PKG_INVALID_NAME, diff --git a/lib/libalpm/be_package.c b/lib/libalpm/be_package.c index cfe5fb36..5a709680 100644 --- a/lib/libalpm/be_package.c +++ b/lib/libalpm/be_package.c @@ -323,9 +323,13 @@ int _alpm_pkg_validate_internal(alpm_handle_t *handle, } /* even if we don't have a sig, run the check code if level tells us to */ - if(has_sig || level & ALPM_SIG_PACKAGE) { + if(level & ALPM_SIG_PACKAGE) { const char *sig = syncpkg ? syncpkg->base64_sig : NULL; _alpm_log(handle, ALPM_LOG_DEBUG, "sig data: %s\n", sig ? sig : ""); + if(!has_sig && !(level & ALPM_SIG_PACKAGE_OPTIONAL)) { + handle->pm_errno = ALPM_ERR_PKG_MISSING_SIG; + return -1; + } if(_alpm_check_pgp_helper(handle, pkgfile, sig, level & ALPM_SIG_PACKAGE_OPTIONAL, level & ALPM_SIG_PACKAGE_MARGINAL_OK, level & ALPM_SIG_PACKAGE_UNKNOWN_OK, sigdata)) { diff --git a/lib/libalpm/error.c b/lib/libalpm/error.c index a59f4fe1..86221807 100644 --- a/lib/libalpm/error.c +++ b/lib/libalpm/error.c @@ -111,6 +111,8 @@ const char SYMEXPORT *alpm_strerror(alpm_errno_t err) return _("invalid or corrupted package (checksum)"); case ALPM_ERR_PKG_INVALID_SIG: return _("invalid or corrupted package (PGP signature)"); + case ALPM_ERR_PKG_MISSING_SIG: + return _("package missing required signature"); case ALPM_ERR_PKG_OPEN: return _("cannot open package file"); case ALPM_ERR_PKG_CANT_REMOVE: