1
0
mirror of https://github.com/moparisthebest/pacman synced 2024-12-22 15:58:50 -05:00

Added gpg verification options per repo to the config file.

Once we do this, add support for VerifySig to pactest. We just check if
the repo name contains Always, Never or Optional to determine the value
of VerifySig. The default is Never. pacman uses Always by default but
this is not suitable for pactest.

Original-work-by: shankar <jatheendra@gmail.com>
Signed-off-by: Xavier Chantry <shiningxc@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
This commit is contained in:
Xavier Chantry 2008-12-17 16:25:07 +05:30 committed by Dan McGee
parent 18c6946961
commit f9505063f8
10 changed files with 72 additions and 8 deletions

View File

@ -251,6 +251,15 @@ alpm_list_t *alpm_pkg_unused_deltas(pmpkg_t *pkg);
int alpm_pkg_check_pgp_signature(pmpkg_t *pkg); int alpm_pkg_check_pgp_signature(pmpkg_t *pkg);
/* GPG signature verification option */
typedef enum _pgp_verify_t {
PM_PGP_VERIFY_ALWAYS,
PM_PGP_VERIFY_OPTIONAL,
PM_PGP_VERIFY_NEVER
} pgp_verify_t;
int alpm_db_set_pgp_verify(pmdb_t *db, pgp_verify_t verify);
/* /*
* Deltas * Deltas
*/ */

View File

@ -181,6 +181,24 @@ int SYMEXPORT alpm_db_setserver(pmdb_t *db, const char *url)
return 0; return 0;
} }
/** Set the verify gpg signature option for a database.
* @param db database pointer
* @param verify enum pgp_verify_t
* @return 0 on success, -1 on error (pm_errno is set accordingly)
*/
int SYMEXPORT alpm_db_set_pgp_verify(pmdb_t *db, pgp_verify_t verify)
{
ALPM_LOG_FUNC;
/* Sanity checks */
ASSERT(db != NULL, RET_ERR(PM_ERR_DB_NULL, -1));
db->pgp_verify = verify;
_alpm_log(PM_LOG_DEBUG, "adding VerifySig option to database '%s': %d\n",
db->treename, verify);
return(0);
}
/** Get the name of a package database /** Get the name of a package database
* @param db pointer to the package database * @param db pointer to the package database

View File

@ -60,6 +60,7 @@ struct __pmdb_t {
pmpkghash_t *pkgcache; pmpkghash_t *pkgcache;
alpm_list_t *grpcache; alpm_list_t *grpcache;
alpm_list_t *servers; alpm_list_t *servers;
pgp_verify_t pgp_verify;
struct db_operations *ops; struct db_operations *ops;
}; };

View File

@ -168,6 +168,8 @@ int _alpm_gpgme_checksig(const char *pkgpath, const pmpgpsig_t *sig)
if(gpgsig->summary & GPGME_SIGSUM_VALID) { if(gpgsig->summary & GPGME_SIGSUM_VALID) {
/* good signature, continue */ /* good signature, continue */
_alpm_log(PM_LOG_DEBUG, _("Package %s has a valid signature.\n"),
pkgpath);
} else if(gpgsig->summary & GPGME_SIGSUM_GREEN) { } else if(gpgsig->summary & GPGME_SIGSUM_GREEN) {
/* 'green' signature, not sure what to do here */ /* 'green' signature, not sure what to do here */
_alpm_log(PM_LOG_WARNING, _("Package %s has a green signature.\n"), _alpm_log(PM_LOG_WARNING, _("Package %s has a green signature.\n"),

View File

@ -847,11 +847,17 @@ int _alpm_sync_commit(pmtrans_t *trans, pmdb_t *db_local, alpm_list_t **data)
continue; continue;
} }
/* check PGP signature next */ /* check PGP signature next */
if(_alpm_gpgme_checksig(filepath, pgpsig) != 0) { pmdb_t *sdb = alpm_pkg_get_db(spkg);
errors++;
*data = alpm_list_add(*data, strdup(filename)); if(sdb->pgp_verify != PM_PGP_VERIFY_NEVER) {
FREE(filepath); int ret = _alpm_gpgme_checksig(filepath, pgpsig);
continue; if((sdb->pgp_verify == PM_PGP_VERIFY_ALWAYS && ret != 0) ||
(sdb->pgp_verify == PM_PGP_VERIFY_OPTIONAL && ret == 1)) {
errors++;
*data = alpm_list_add(*data, strdup(filename));
FREE(filepath);
continue;
}
} }
/* load the package file and replace pkgcache entry with it in the target list */ /* load the package file and replace pkgcache entry with it in the target list */
/* TODO: alpm_pkg_get_db() will not work on this target anymore */ /* TODO: alpm_pkg_get_db() will not work on this target anymore */
@ -869,9 +875,12 @@ int _alpm_sync_commit(pmtrans_t *trans, pmdb_t *db_local, alpm_list_t **data)
i->data = pkgfile; i->data = pkgfile;
_alpm_pkg_free_trans(spkg); /* spkg has been removed from the target list */ _alpm_pkg_free_trans(spkg); /* spkg has been removed from the target list */
} }
PROGRESS(trans, PM_TRANS_PROGRESS_INTEGRITY_START, "", 100, PROGRESS(trans, PM_TRANS_PROGRESS_INTEGRITY_START, "", 100,
numtargs, current); numtargs, current);
EVENT(trans, PM_TRANS_EVT_INTEGRITY_DONE, NULL, NULL); EVENT(trans, PM_TRANS_EVT_INTEGRITY_DONE, NULL, NULL);
if(errors) { if(errors) {
pm_errno = PM_ERR_PKG_INVALID; pm_errno = PM_ERR_PKG_INVALID;
goto error; goto error;

View File

@ -1241,6 +1241,24 @@ static int _parseconfig(const char *file, const char *givensection,
ret = 1; ret = 1;
goto cleanup; goto cleanup;
} }
} else if(strcmp(key, "VerifySig") == 0) {
if (strcmp(value, "Always") == 0) {
ret = alpm_db_set_pgp_verify(db,PM_PGP_VERIFY_ALWAYS);
} else if (strcmp(value, "Optional") == 0) {
ret = alpm_db_set_pgp_verify(db,PM_PGP_VERIFY_OPTIONAL);
} else if (strcmp(value, "Never") == 0) {
ret = alpm_db_set_pgp_verify(db,PM_PGP_VERIFY_NEVER);
} else {
pm_printf(PM_LOG_ERROR, _("invalid value for 'VerifySig' : '%s'\n"), value);
ret = 1;
goto cleanup;
}
if (ret != 0) {
pm_printf(PM_LOG_ERROR, _("could not add pgp verify option to database '%s': %s (%s)\n"),
alpm_db_get_name(db), value, alpm_strerrorlast());
goto cleanup;
}
pm_printf(PM_LOG_DEBUG, "config: VerifySig for %s: %s\n",alpm_db_get_name(db), value);
} else { } else {
pm_printf(PM_LOG_WARNING, pm_printf(PM_LOG_WARNING,
_("config file %s, line %d: directive '%s' in section '%s' not recognized.\n"), _("config file %s, line %d: directive '%s' in section '%s' not recognized.\n"),

View File

@ -89,6 +89,12 @@ class pmdb(object):
def __str__(self): def __str__(self):
return "%s" % self.treename return "%s" % self.treename
def getverify(self):
for value in "Always","Never","Optional":
if value in self.treename:
return value
return "Never"
def getpkg(self, name): def getpkg(self, name):
""" """
""" """

View File

@ -2,7 +2,7 @@ self.description = "Add a signature to a package DB"
sp = pmpkg("pkg1") sp = pmpkg("pkg1")
sp.pgpsig = "asdfasdfsdfasdfsdafasdfsdfasd" sp.pgpsig = "asdfasdfsdfasdfsdafasdfsdfasd"
self.addpkg2db("sync", sp) self.addpkg2db("sync+Always", sp)
self.args = "-Ss" self.args = "-Ss"

View File

@ -2,7 +2,7 @@ self.description = "Verify a signature in a sync DB (failure)"
sp = pmpkg("pkg1") sp = pmpkg("pkg1")
sp.pgpsig = "iEYEABECAAYFAkhMOggACgkQXC5GoPU6du2WVQCffVxF8GKXJIY4juJBIw/ljLrQxygAnj2QlvsUd7MdFekLX18+Ov/xzgZ1" sp.pgpsig = "iEYEABECAAYFAkhMOggACgkQXC5GoPU6du2WVQCffVxF8GKXJIY4juJBIw/ljLrQxygAnj2QlvsUd7MdFekLX18+Ov/xzgZ1"
self.addpkg2db("sync", sp) self.addpkg2db("sync+Always", sp)
self.args = "-S %s" % sp.name self.args = "-S %s" % sp.name

View File

@ -132,8 +132,9 @@ def mkcfgfile(filename, root, option, db):
if key != "local": if key != "local":
value = db[key] value = db[key]
data.append("[%s]\n" \ data.append("[%s]\n" \
"VerifySig = %s\n" \
"Server = file://%s" \ "Server = file://%s" \
% (value.treename, % (value.treename, value.getverify(), \
os.path.join(root, SYNCREPO, value.treename))) os.path.join(root, SYNCREPO, value.treename)))
for optkey, optval in value.option.iteritems(): for optkey, optval in value.option.iteritems():
data.extend(["%s = %s" % (optkey, j) for j in optval]) data.extend(["%s = %s" % (optkey, j) for j in optval])