1
0
mirror of https://github.com/moparisthebest/pacman synced 2024-11-13 12:55:08 -05:00
Commit Graph

102 Commits

Author SHA1 Message Date
Christian Hesse
e05fd5e060 libalpm: check for valid public key algorithm 2014-06-29 11:12:36 +10:00
Olivier Brunel
f1fadecfb3 Update the question callback
Much like with events, instead of using a bunch of void* arguments for
all questions, we now send one pointer to an alpm_question_t union.
This contains the type of question that was triggered.

With this information, a question-specific struct can be accessed in
order to get additional arguments.

Signed-off-by: Olivier Brunel <jjk@jjacky.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
2014-06-24 13:52:15 +10:00
Allan McRae
b9f98ae97c Add compatibility with gpgme-1.5.0
Signed-off-by: Allan McRae <allan@archlinux.org>
2014-06-02 10:31:25 +10:00
Florian Pritz
cd2370754a Remove ts and sw from vim modeline when noet is set
Forcing vim users to view files with a tabstop of 2 seems really
unnecessary when noet is set. I find it much easier to read code with
ts=4 and I dislike having to override the modeline by hand.

Command run:
find . -type f -exec sed -i '/vim.* noet/s# ts=2 sw=2##' {} +

Signed-off-by: Florian Pritz <bluewind@xinu.at>
Signed-off-by: Allan McRae <allan@archlinux.org>
2014-01-28 20:19:25 +10:00
Allan McRae
bce495e56f Consistently use #ifdef
Fix the occurances of #if to be #ifdef for consistency.
2014-01-10 14:32:38 +10:00
Allan McRae
1d3b17e251 Fix build with --disable-gpgme
The alpm_decode_signature function was made available for frontends to
display signature information, but this required libalpm to be build with
gpgme support.  As that function did not require anything from gpgme,
have it build unconditionally.

Signed-off-by: Allan McRae <allan@archlinux.org>
2014-01-10 14:30:05 +10:00
Allan McRae
3bb3b1555a Update copyright years for 2014
Signed-off-by: Allan McRae <allan@archlinux.org>
2014-01-06 14:38:50 +10:00
Jason St. John
230bd5c2fd Fix whitespace and other formatting issues
This commit:
-- replaces space-based indents with tabs per the coding standards
-- removes extraneous whitespace (e.g. extra spaces between function args)
-- adds missing braces for a one-line if statement

Signed-off-by: Jason St. John <jstjohn@purdue.edu>
2013-11-15 11:02:27 +10:00
Allan McRae
c7f159c1c9 Make functions to decode a signature and extract keyid public
These are useful for frontends.

Signed-off-by: Allan McRae <allan@archlinux.org>
2013-10-31 16:20:02 +10:00
Sami Kerola
aade18cf3b libalpm: avoid name space conflict
The symbol 'err' refers to err() from err.h, and is wisest to be avoided
as a variable name.

Reference: http://man7.org/linux/man-pages/man3/err.3.html
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-09-04 09:51:20 +10:00
Anatol Pomozov
769facca22 Fix spelling errors using 'codespell' tool
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-04-18 13:20:13 +10:00
Andrew Gregory
d5a5a6b512 fix style violations
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-02-16 11:06:43 +10:00
Allan McRae
bafee395a6 Fix compilation error on clang
This also lead me to notice that in _alpm_gpgme_checksig many things
were not being cleaned up.  Fix this by having CHECK_ERR goto gpg_error
and make the required adjustments.

Signed-off-by: Allan McRae <allan@archlinux.org>
2013-02-13 11:50:32 +10:00
Allan McRae
5f5469c774 Import key if needed when installing package from file
When installing a package with "pacman -U" that has a detached
signature, check if the needed key is in the keyring and download
if necessary.

Signed-off-by: Allan McRae <allan@archlinux.org>
2013-02-09 12:43:37 +10:00
Allan McRae
198154962b Make decode_signature available to the library
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-02-09 12:43:37 +10:00
Allan McRae
05745089ac Add function to extract key id from signatures
This does not support all possibilities of RFC4880, but it does
cover every key currently used in Arch Linux.

Signed-off-by: Allan McRae <allan@archlinux.org>
2013-02-09 12:43:37 +10:00
Allan McRae
4ec6848f91 Move key importing into separate function
This will be useful for checking the availablity of all keys before
perfoming validation in sync operations and for downloading a needed
key in upgrade operations.

Signed-off-by: Allan McRae <allan@archlinux.org>
2013-02-09 12:43:36 +10:00
Allan McRae
45b6d36cf7 Make key_in_keychain available in library
In preparation for checking key presence and downloading needed keys
before conflict checking.

Signed-off-by: Allan McRae <allan@archlinux.org>
2013-02-09 12:43:36 +10:00
Gerardo Exequiel Pozzi
86eefc1a3a Fix space between control structure and open parens
Signed-off-by: Gerardo Exequiel Pozzi <vmlinuz386@yahoo.com.ar>
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-01-04 21:49:38 +10:00
Gerardo Exequiel Pozzi
b5709b8171 Fix open braces style
Signed-off-by: Gerardo Exequiel Pozzi <vmlinuz386@yahoo.com.ar>
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-01-04 21:49:37 +10:00
Allan McRae
1dd3405813 Update copyright year for 2013
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-01-03 12:03:09 +10:00
Allan McRae
422a4021e4 Fix future signature timestamp warning
The warning given for a signature timstamp being in the future compared
to the system time stated the opposite.

Also, move this warning to debug output.  It is useless in its current
form as the package or database that is giving the error is not
mentioned and so other debug output is needed to find the offending
signature.

Signed-off-by: Allan McRae <allan@archlinux.org>
2012-12-14 12:35:34 +10:00
Dan McGee
369c5aa7dd Merge branch 'maint' 2012-09-18 08:36:10 -05:00
Florian Pritz
f7558856b1 signing.c: warn if time went backwards
GPG signatures have a timestamp which is checked and if it's in the
future, verification will fail.

Dan: slight wording change.

Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-09-18 08:35:53 -05:00
Dan McGee
d7b728591a Merge branch 'maint' 2012-04-12 08:57:26 -05:00
Dan McGee
ded66fbb62 Fix issues with unintialized variable value usage
Detected by clang scan-build static code analyzer.

* Don't attempt to free an uninitialized gpgme key variable
* Initialize answer variable before asking frontend a question
* Pass by reference instead of value if uninitialized fields are
  possible in download signal handler code
* Ensure we never call strlen() on NULL payload->remote_name value

Signed-off-by: Dan McGee <dan@archlinux.org>
2012-04-09 00:46:54 -05:00
Dan McGee
4ca6590af5 Merge branch 'maint'
Conflicts:
	lib/libalpm/signing.c
	lib/libalpm/sync.c
2012-04-07 11:23:55 -05:00
Dave Reisner
be0e044404 signing: cope with gpg2's failure at life
For key searches only, gpg2 will fail to lookup any and all keys that
are not prefixed with 0x.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2012-03-28 09:55:14 -05:00
Dan McGee
e50c4a8837 Merge branch 'maint'
Conflicts:
	lib/libalpm/diskspace.c
	src/pacman/util.h
2012-01-23 12:20:52 -06:00
Dan McGee
562109c0e8 Update copyright on changed files since beginning of year
Signed-off-by: Dan McGee <dan@archlinux.org>
2012-01-18 22:25:27 -06:00
Dan McGee
6e8ca48cbb Reorder some operations in sig check for efficiency
We don't need to open the data to be checked if we don't have a
signature to check against, so postpone that open until we know we have
either the base64_data or a valid signature file.

Signed-off-by: Dan McGee <dan@archlinux.org>
2012-01-12 09:31:09 -06:00
Dan McGee
4f02b98338 Merge branch 'maint'
Conflicts:
	lib/libalpm/signing.c

Signed-off-by: Dan McGee <dan@archlinux.org>
2012-01-08 12:14:04 -06:00
Dan McGee
def9e45aff Search for PGP subkeys in a keyserver-acceptable way
PGP keyservers are pieces of sh** when it comes to searching for
subkeys, and only allow it if you submit an 8-character fingerprint
rather than the recommended and less chance of collision 16-character
fingerprint.

Add a second remote lookup for the 8-character version of a key ID if we
don't find anything the first time we look up the key. This fixes
FS#27612 and the deficiency has been sent upstream to the GnuPG users
mailing list as well.

Signed-off-by: Dan McGee <dan@archlinux.org>
2012-01-05 16:34:51 -06:00
Dave Reisner
d6ccd44390 include config.h via Makefiles
Ensures that config.h is always ordered correctly (first) in the
includes. Also means that new source files get this for free without
having to remember to add it.

We opt for -imacros over -include as its more portable, and the
added constraint by -imacros doesn't bother us for config.h.

This also touches the HACKING file to remove the explicit mention of
config.h as part of the includes.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-12-21 18:13:17 -06:00
Florian Pritz
2141b7112d add key algo to import msg
Signed-off-by: Florian Pritz <bluewind@xinu.at>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-11-20 21:40:19 -06:00
Florian Pritz
2f96067fe7 change gpg import message to resemble gpg --list-keys
Dan: const pointers, don't worry about bitfields.

Signed-off-by: Florian Pritz <bluewind@xinu.at>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-11-20 21:39:33 -06:00
Dan McGee
bac670ddc9 Show an error message on failed remote key lookup
The absolutely terrible part about this is the failure on GPGME's part
to distinguish between "key not found" and "keyserver timeout". Instead,
it returns the same silly GPG_ERR_EOF in both cases (why isn't
GPG_ERR_TIMEOUT being used?), leaving us helpless to tell them apart.

Spit out a generic enough error message that covers both cases;
unfortunately we can't provide much guidance to the user because we
aren't sure what actually happened.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-10-17 09:38:35 -05:00
Dan McGee
12642a299b Add user-visible warning message if public keyring not found
This should help point users in the right direction if they have not
initialized via pacman-key just yet.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-10-12 17:54:08 -05:00
Dan McGee
2a18171afa signing: delay gpgme_init() until latest possible moment
In the default configuration, we can enter the signing code but still
have nothing to do with GPGME- for example, if database signatures are
optional but none are present. Delay initialization of GPGME until we
know there is a signature file present or we were passed base64-encoded
data.

This also makes debugging with valgrind a lot easier as you don't have
to deal with all the GPGME error noise because their code leaks like a
sieve.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-10-12 14:20:47 -05:00
Dan McGee
fa929e8258 Fix compilation using --without-gpgme
I'm really good at breaking this on a regular basis. If only we had some
sort of automated testing for this...

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-27 09:15:36 -05:00
Dan McGee
b242b2d050 Remove unnecessary logger
This is just a wrapper function; the real function we call logs an
almost identical line.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-27 09:08:01 -05:00
Dan McGee
2517ba3303 Update Doxyfile and fix some documentation errors caught by Doxygen
A few parameters were outdated or wrongly named, and a few things were
explicitly linked that Doxygen wasn't able to resolve.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-22 16:37:36 -05:00
Dan McGee
1e0ed133f4 Handle key import errors correctly and with good error messages
This adds calls to gpgme_op_import_result() which we were not looking at
before to ensure the key was actually imported. Additionally, we do some
preemptive checks to ensure the keyring is even writable if we are going
to prompt the user to add things to it.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-22 16:01:10 -05:00
Dan McGee
907e8af5be signing: be consistent with returning -1 for error cases
This also fixes a segfault found by dave when key_search is
unsuccessful; the key_search return code documentation has also been
updated to reflect reality.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-22 16:01:05 -05:00
Dan McGee
6767de5380 Add status and check for key being disabled
Because we aren't using gpgv and a dedicated keyring that is known to be
all safe, we should honor this flag being set on a given key in the
keyring to know to not honor it. This prevents a key from being
reimported that a user does not want to be used- instead of deleting,
one should mark it as disabled.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-22 11:14:35 -05:00
Dan McGee
765178c5ba Implement PGP key search and import
Add two new static methods, key_search() and key_import(), to our
growing list of signing code.

If we come across a key we do not have, attempt to look it up remotely
and ask the user if they wish to import said key. If they do, flag the
validation process as a potential 'retry', meaning it might succeed the
next time it is ran.

These depend on you having a 'keyserver hkp://foo.example.com' line in
your gpg.conf file in your gnupg home directory to function.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-22 11:14:31 -05:00
Dan McGee
0ef7129a4a signing: document most undocumented functions
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-22 11:06:03 -05:00
Dan McGee
5e7875ae6a Fix possible segfault if siglist was empty
If siglist->results wasn't a NULL pointer, we would try to free it
anyway, even if siglist->count was zero. Only attempt to free this
pointer if we had results and the pointer is valid.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-22 10:31:28 -05:00
Dan McGee
ec790ced7c signing: add a process and retry loop for database signatures
In reality, there is no retrying that happens as of now because we don't
have any import or changing of the keyring going on, but the code is set
up so we can drop this in our new _alpm_process_siglist() function. Wire
up the basics to the sync database validation code, so we see something
like the following:

    $ pacman -Ss unknowntrust
    error: core: signature from "Dan McGee <dpmcgee@gmail.com>" is unknown trust
    error: core: signature from "Dan McGee <dpmcgee@gmail.com>" is unknown trust
    error: database 'core' is not valid (invalid or corrupted database (PGP signature))

    $ pacman -Ss missingsig
    error: core: missing required signature
    error: core: missing required signature
    error: database 'core' is not valid (invalid or corrupted database (PGP signature))

Yes, there is some double output, but this should be fixable in the
future.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-20 10:23:11 -05:00
Dan McGee
994cb4da4f Allow our PGP helper method to pass back the signature results
This will make its way up the call chain eventually to allow trusting
and importing of keys as necessary.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-20 10:23:11 -05:00