1
0
mirror of https://github.com/moparisthebest/pacman synced 2024-11-13 21:05:05 -05:00
Commit Graph

3631 Commits

Author SHA1 Message Date
Allan McRae
38da050f31 Download and verify package database signatures
If signature verification is needed, attempt to download a signature
file for a repo when it is updated. Return an error if unable to
download signature only when checking is mandatory, or if signature is
invalid.

TODO: At the moment the database signature is only checked on download.
Should we do anything with a database if it fails to be verified to prevent
its future usage?

Signed-off-by: Allan McRae <allan@archlinux.org>
2011-03-23 22:58:00 -05:00
Dan McGee
9a3325a56d Refactor signature loading code into common function
We can use this for both standalone package signatures as well as
standalone database signatures.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23 22:56:54 -05:00
Allan McRae
ed6fda2f98 Add functions for verifying database signature
Add a pmpgpsig_t struct to the database entry struct and functions for
the lazy loading of database signatures.  Add a function for checking
database signatures, reusing (and generalizing) the code currently used
for checking package signatures.

TODO: The code for reading in signature files from the filesystem is
duplicated for local packages and database and needs refactoring.

Signed-off-by: Allan McRae <allan@archlinux.org>
2011-03-23 22:22:33 -05:00
Dave Reisner
ef26c44524 etc/makepkg.conf: use curl in place of wget as a DLAGENT
Signed-off-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23 20:37:20 -05:00
Dave Reisner
b9263fb4e1 lib/dload.c: Check for dlcb == NULL earlier
Our curl callback does a whole lot of work for nothing if the front end
never defined a callback to receive the data we'd calculate for it.

Signed-off-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23 11:04:42 -05:00
Dan McGee
351942c71b Update doc/index.txt with 3.5.1 release date
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23 11:03:35 -05:00
Dave Reisner
47e41b2023 lib/dload.c: don't use deprecated curl symbols
CURLINFO_HTTP_CODE is deprecated in favor of CURLINFO_RESPONSE_CODE.
Both yield the same values.

Signed-off-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23 03:44:16 -05:00
Dave Reisner
e29301954c lib/dload.c: don't request compressed transport
The files we transfer are generally compressed already, so this just
adds unnecessary overhead.

Signed-off-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23 03:44:10 -05:00
Dave Reisner
82fb7a0202 lib/dload.c: Fix progress callback issues on download
Use a static variable to effectively track the initialization state of
the progress callback via the last byte amount reported as downloaded by
libcurl.

Signed-off-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23 03:43:58 -05:00
Dave Reisner
768451c5e3 lib/dload.c: fix compiler warnings generated by -Wfloat-equal
* introduces new macro in util.h (DOUBLE_EQ) for properly comparing
  floating point values

Signed-off-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23 03:43:53 -05:00
Dave Reisner
db49c4a7f0 buildsys: use libcurl's m4 macro for buildtime detection
Signed-off-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23 03:43:17 -05:00
Allan McRae
2f060dec6a Report output from signature checking to debug log
Move the (possibly still temporary) output generated during signature
checking into the --debug output.

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23 03:36:48 -05:00
Xavier Chantry
f9505063f8 Added gpg verification options per repo to the config file.
Once we do this, add support for VerifySig to pactest. We just check if
the repo name contains Always, Never or Optional to determine the value
of VerifySig. The default is Never. pacman uses Always by default but
this is not suitable for pactest.

Original-work-by: shankar <jatheendra@gmail.com>
Signed-off-by: Xavier Chantry <shiningxc@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23 03:35:50 -05:00
Dan McGee
18c6946961 Remove unnecessary sanity check on db->setserver
We pass in a db object, so no need to go looking for it in the list on
the handle. This is a remnant of when we passed in a treename, more than
likely.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23 03:33:31 -05:00
Chris Brannon
ac88e90557 Let pacman specify GnuPG's home directory.
GnuPG looks for configuration files and keyrings in its home directory.
For a user, that is typically ~/.gnupg.
This patch causes pacman to use /etc/pacman.d/gnupg/ as the default
GnuPG home.  One may override the default using --gpgdir on the command-line
or GPGDir in pacman's configuration file.

Signed-off-by: Chris Brannon <cmbrannon@cox.net>
Signed-off-by: Xavier Chantry <shiningxc@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23 03:22:36 -05:00
Dan McGee
5b962f0d1c Add a pactest showing failed GPG verification
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23 03:16:29 -05:00
Dan McGee
39c75c7000 Integrate GPGME into libalpm
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23 03:16:29 -05:00
Dan McGee
061948597d Add some error codes for signature verification
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23 03:16:29 -05:00
Dan McGee
4ae902ec5f Add signature directory as option on libalpm handle
This will serve as the home directory we pass to GPGME when making calls so
we can have a libalpm-utilized keyring.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23 03:16:29 -05:00
Dan McGee
39ce9b3afc Actually read PGPSIG field in sync DB code
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23 03:07:08 -05:00
Dan McGee
f7b577dc77 Merge branch 'gpg-libalpm-basics' 2011-03-23 02:34:51 -05:00
Dan McGee
cedc633757 Add a few pactests for PGP integration
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23 02:33:07 -05:00
Dan McGee
8584c25903 Remove libfetch error code
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23 02:29:35 -05:00
Dan McGee
88746ec067 Read in .sig files when opening a package file
If a .sig file sits side-by-side on the filesystem with a package archive,
read it in during the package struct creation process so we can verify it at
a later time if necessary.

Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-03-23 02:22:00 -05:00
Dan McGee
39da0198cd Add PGP signature support to pactest
Allow pkg.pgpsig to end up in the created sync databases.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23 02:22:00 -05:00
Dan McGee
60159c2e77 Allow PGP signature to be read from sync database
Add a new field to the package struct to hold PGP information and
instruct db_read to pick it up from the database. It is currently unused
internally but this is the first step.

Due to the fact that we store the PGP sig as binary data, we need to store
both the data and the length so we have a small utility struct to assist us.

Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-03-23 02:22:00 -05:00
Dan McGee
9f2a3023f8 Add base64 algorithms from PolarSSL to libalpm
We will need these for GPG functionality (decoding the base64 encoded
signature stored in the databases).

Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-03-23 02:22:00 -05:00
Dan McGee
0908533127 Merge branch 'gpg-build-tools' 2011-03-23 02:18:57 -05:00
Dan McGee
a31d091fb3 repo-add: add sha256sum values to repo database
Implements FS#23103. Also modify libalpm so it ignores this value
without any warning as we know it is likely to exist.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23 02:18:48 -05:00
Dan McGee
36747e4a7f Merge branch 'gpg-pacman-key' 2011-03-23 02:17:58 -05:00
Dan McGee
3df49acb30 Merge branch 'maint' 2011-03-23 02:16:13 -05:00
Dan McGee
115bf1bf9f Bump version to 3.5.1
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23 02:13:49 -05:00
Dan McGee
87fbbdc649 Updated 3.5.1 translations from Transifex
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23 02:12:36 -05:00
Slobodan Terzić
02945ca7ad Add new Serbian translation from Transifex
Thanks!

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23 02:12:21 -05:00
Dan McGee
c46f21af0a 3.5.1 NEWS updates
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23 02:07:47 -05:00
Dan McGee
7d899910c5 Documentation consistency fixes
Fix the way we were referring to paths (use ``), .pac* extensions (use
''), and other general things across our main manpages.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23 02:07:47 -05:00
Dan McGee
5eca2fbdf1 Fix documentation typo in makepkg.8
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23 02:07:47 -05:00
Dan McGee
b625d03dd6 pacman-key manpage updates
Make consistent in formatting, syntax, and prose with the rest of our
documentation.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23 01:59:43 -05:00
Dan McGee
964e8c5bf2 pacman-key help, round three
Make it actually like all our other tools rather than some homegrown
format. Also make it translator friendly by not wrapping messages across
lines in different strings.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23 01:59:42 -05:00
Guillaume Alaux
482da2eceb Add man-page for pacman-key
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-03-23 01:59:42 -05:00
Allan McRae
5a89a12aa0 pacman-key: improve usage output
Make the usage output display nicely on 80 character width terminals.

Also fix parsing of "-h" and "-v" options and avoid root check when
run with no commands.

Signed-off-by: Allan McRae <allan@archlinux.org>
2011-03-23 01:59:42 -05:00
Denis A. Altoé Falqueto
422925a65e pacman-key: remake of --reload command
The --reload command was refactored to allow a more flexible management.
There are two sets of keys that will be added, one that will be
removed and one that will be kept.

The set of keys to be kept are configured in pacman.conf, with the
option HoldKeys, with the same meaning of HoldPkgs. It can be repeated
and several values can be put in the same entry.

The new behavior allows a key to be marked for removal, but the user
can decide if that key must be kept. For example, if a developer has
a public repository, signed with his own key, that key must be added
to the HoldKeys option. If the key is marked for removal from pacman's
keyring, it will not be removed for the users that have configured
HoldKeys correctly.

There are other minor fixes, mainly in the handling of --add command
when there is no aditional parameter. In that case, pacman-key will
behave just like gpg, adding the contents of stdin into pacman's keyring.

Signed-off-by: Denis A. Altoé Falqueto <denisfalqueto@gmail.com>
2011-03-23 01:59:42 -05:00
Denis A. Altoé Falqueto
ae20f88202 pacman-key: keyring management tool
The script pacman-key will manage pacman's keyring. It imports, exports,
fetches from keyservers, helps in the process of trusting and updates
the trust database.

Signed-off-by: Denis A. Altoé Falqueto <denisfalqueto@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-03-23 01:59:42 -05:00
Allan McRae
93591d428f repo-add: add symlink to signature file
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-03-23 00:26:54 -05:00
Dan McGee
f0f8319769 repo-add: Fix up usage with GPG options
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23 00:26:54 -05:00
Dan McGee
38f94da47d repo-add: add -v/--verify option
This is intended to verify an existing signature on a database before
making further changes to it and performing updates. Rarely would you
use this without immediately resigning it via the -s/--sign option.
Instead, it is intended as a "chain of trust" operation where the
previous signature is verified to give you some sense that what you sign
off on is also safe.

Still todo: don't make changes unless the signature is not only good,
but also in the accepted list of keys.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23 00:26:54 -05:00
Dan McGee
a4120f2015 repo-add: allow signing of the package database
In order to be fully secure, we can't only sign packages. We also need
to sign our repository metadata to prevent database falsification,
dependency injection, etc. Add an '-s/--sign' option that allows this
functionality, and will generate a .sig file side-by-side with the
package database.

While at it, fix the issue where a signature file would never be found
because of 'cd' madness (this needs fixing in another commit).

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23 00:26:54 -05:00
Geoffroy Carrier
8fde399fe6 Add PGPSIG field in repo-add
Use base64 encoding to store the value in the database if a .sig file exists
for the package being added.

Signed-off-by: Geoffroy Carrier <geoffroy.carrier@koon.fr>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23 00:26:54 -05:00
Allan McRae
2f2f53ddc9 makepkg: place signature symlink in build dir
Be consistent in package and signature placements when using
PKGDEST.

Signed-off-by: Allan McRae <allan@archlinux.org>
2011-03-22 23:52:00 -05:00
Dan McGee
82e22596d8 makepkg: allow signatures to work with split packages
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-22 23:52:00 -05:00