1
0
mirror of https://github.com/moparisthebest/pacman synced 2024-11-18 07:15:00 -05:00
Commit Graph

113 Commits

Author SHA1 Message Date
Allan McRae
879e4665c4 pacman-key: stricter parsing for -verify
Prevents trust being spoofed by using TRUST_FULLY in the signatory's name
or in an added notation.

Fixes FS#41147.

Signed-off-by: Allan McRae <allan@archlinux.org>
2014-08-09 17:29:08 +10:00
Florian Pritz
cd2370754a Remove ts and sw from vim modeline when noet is set
Forcing vim users to view files with a tabstop of 2 seems really
unnecessary when noet is set. I find it much easier to read code with
ts=4 and I dislike having to override the modeline by hand.

Command run:
find . -type f -exec sed -i '/vim.* noet/s# ts=2 sw=2##' {} +

Signed-off-by: Florian Pritz <bluewind@xinu.at>
Signed-off-by: Allan McRae <allan@archlinux.org>
2014-01-28 20:19:25 +10:00
Allan McRae
3bb3b1555a Update copyright years for 2014
Signed-off-by: Allan McRae <allan@archlinux.org>
2014-01-06 14:38:50 +10:00
Dave Reisner
d080a469a0 pacman-key: Do not reinterpret keys from revoked keyrings
Given a revoked keyring containing only:

  BC1FBE4D2826A0B51E47ED62E2539214C6C11350

We should only disable this specific keyid. This change enforces that the
contents of the -revoked keyring file are full fingerprints which can uniquely
identify a key.

Before:

  # pacman-key --populate archlinux
  ==> Appending keys from archlinux.gpg...
  ==> Locally signing trusted keys in keyring...
    -> Locally signing key 0E8B644079F599DFC1DDC3973348882F6AC6A4C2...
    -> Locally signing key 684148BB25B49E986A4944C55184252D824B18E8...
    -> Locally signing key 44D4A033AC140143927397D47EFD567D4C7EA887...
    -> Locally signing key 27FFC4769E19F096D41D9265A04F9397CDFD6BB0...
    -> Locally signing key AB19265E5D7D20687D303246BA1DFB64FFF979E7...
  ==> Importing owner trust values...
  ==> Disabling revoked keys in keyring...
    -> Disabling key 1390420191...
    -> Disabling key E2539214C6C11350...
    -> Disabling key 8544EA82113502DE...
  ==> Updating trust database...
  gpg: next trustdb check due at 2014-01-22

After:

  # pacman-key --populate archlinux
  ==> Appending keys from archlinux.gpg...
  ==> Locally signing trusted keys in keyring...
    -> Locally signing key 0E8B644079F599DFC1DDC3973348882F6AC6A4C2...
    -> Locally signing key 684148BB25B49E986A4944C55184252D824B18E8...
    -> Locally signing key 44D4A033AC140143927397D47EFD567D4C7EA887...
    -> Locally signing key 27FFC4769E19F096D41D9265A04F9397CDFD6BB0...
    -> Locally signing key AB19265E5D7D20687D303246BA1DFB64FFF979E7...
  ==> Importing owner trust values...
  ==> Disabling revoked keys in keyring...
    -> Disabling key BC1FBE4D2826A0B51E47ED62E2539214C6C11350...
  ==> Updating trust database...
  gpg: next trustdb check due at 2014-01-22

Partially addresses FS#35478. This does nothing to confirm whether or not the
key was successfully disabled -- a ridiculously simple request which appears to
be far too difficult for gpg to manage.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-06-04 14:01:41 +10:00
William Giokas
9d99914a18 scripts: Add color to pacman-key
Use --nocolor to suppress colored output from pacman-key, otherwise
output will be in color.

Signed-off-by: William Giokas <1007380@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-03-08 17:04:39 +10:00
Pierre Schmitz
49c5f515e9 pacman-key: reduce verbosity of --populate
Do not bother the user with gpg's verbose output.

Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-01-04 21:49:38 +10:00
Allan McRae
09295f7e40 pacman-key: handle local signing of multiple keys
gpg --lsign-key does not like being given multiple keys to sign.

Signed-off-by: Allan McRae <allan@archlinux.org>
2013-01-04 21:49:38 +10:00
Allan McRae
1dd3405813 Update copyright year for 2013
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-01-03 12:03:09 +10:00
Pierre Schmitz
ec5e6d9029 pacman-key: Use lsign_keys function in --populate
This reduces code duplication and also makes --populate a non-interactive function.

Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
2012-08-02 09:46:16 -05:00
Dan McGee
9f6a67fee7 Merge branch 'maint'
Conflicts:
	scripts/pacman-key.sh.in
2012-05-20 17:41:21 -05:00
Dave Reisner
fc9002188b pacman-key: use mapfile over read
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
2012-05-20 17:39:21 -05:00
Dave Reisner
5de465d63e pacman-key: test for content in keyring files
Test for file content (-s) rather than just existance (-f). This fixes a
bug that manifests itself in the case of an empty -revoked file. A zero
element 'keys' array would be passed to gpg, forcing it to list and,
subsequently, revoke all known keys.

Bug introduced in d1240f67ea.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2012-05-20 17:35:31 -05:00
Dan McGee
9e2078b179 pacman-key: clarify messages, s/keychain/keyring/
Signed-off-by: Dan McGee <dan@archlinux.org>
2012-05-04 15:01:53 -05:00
Dave Reisner
b2a2a98297 pacman-key: lookup keys before receiving
Perform a search for keys that clearly aren't key IDs. This allows
receiving keys by name or email address, but only if the key resolves
unambiguously.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
2012-04-24 08:46:13 -05:00
Dave Reisner
2d0a00b409 pacman-key: allow verification of multiple sig files
Loop through arguments passed to verify_sig and treat each as a
signature to be verified against a source file. Output each file as its
checked to avoid ambiguity.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
2012-04-24 08:38:36 -05:00
Dave Reisner
62dbf7ec43 scripts: avoid dumping usage on parser fail
Avoid letting the error message from parseopts get lost in the usage
output from pacman-key and makepkg (which is already verbose).
2012-04-24 08:38:36 -05:00
Dave Reisner
f61f075b1c pacman-key: adopt parseopts for option parsing
This requires an ugly amount of reworking of how pacman-key handles
options. The change simply to avoid passing keys, files, and directories
as arguments to options, but to leave them as arguments to the overall
program. This is reasonable since pacman-key limits the user to
essentially one operation per invocation (like pacman).

Since we now pass around the positional parameters to the various
operations, we can add some better sanity checking. Each operation is
responsible for testing input and making sure it can operate properly,
otherwise it throws an error and exits.

The doc is updated to reflect this, and uses similar verbiage as pacman,
describing the non-option arguments now passed to pacman-key as targets.

Similar to the doc, --help is reorganized to separate operations and
options and remove argument tokens from operations.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
2012-04-24 08:38:36 -05:00
Dan McGee
3a82885348 Merge branch 'maint' 2012-04-08 21:51:24 -05:00
Dave Reisner
ca090e10d2 pacman-key: avoid use of tempfile in verify_sig
Use --status-fd rather than --status-file to keep this contained in a
pipeline.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
2012-04-08 21:46:15 -05:00
Dave Reisner
f053141c87 pacman-key: verify TRUST_ULTIMATE keys as good
Extend our grep pattern to match TRUST_ULTIMATE, not just TRUST_FULLY,
as these keys are to be trusted as well.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2012-04-08 17:43:53 -05:00
Dan McGee
4ca6590af5 Merge branch 'maint'
Conflicts:
	lib/libalpm/signing.c
	lib/libalpm/sync.c
2012-04-07 11:23:55 -05:00
Dave Reisner
3c5d5a19b3 Revert "parseopts: normalize options into an array"
This was really only half a fix for FS#28445, as it still doesn't
correctly handle the case of filenames with spaces. In the short term,
there is no obvious fix for this. In the long term, I believe the
correct decision is to rewrite the options parser to be more in line
with GNU getopt_long.

This reverts commits:
  ca41427141.
  969dcddbdf.
2012-04-07 11:03:48 -05:00
Pierre Schmitz
a8f03d07c7 pacman-key: Actually verify signatures and exit with correct codes
We cannot rely on gpg's exit code. Instead we have to check the status-fd to
figure out whether a signature is valid or not.

In addition to this pacman-key --verify can now be used in scripts as it will
return an exit code of 1 if the signature is invalid.

Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
Signed-off-by: Dan McGee <dan@archlinux.org>
2012-04-07 10:22:10 -05:00
Allan McRae
d7f4e8fbcc pacman-key: change to more reliable default keyserver
User reports indicate that the SKS keyservers are more reliable
than both the gnupg.net and mit.edu ones.

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2012-03-29 16:49:54 -05:00
Allan McRae
ed353d91b7 pacman-key: make the -e option work as advertised
Using -e without arguments failed to export all keys. Using --export
worked as expected.

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2012-03-29 16:49:22 -05:00
Dan McGee
8de0631edb Merge branch 'maint'
Conflicts:
	lib/libalpm/be_package.c
2012-03-08 18:08:15 -06:00
Pierre Schmitz
1fe6cabc4d pacman-key: Remove useless signature verification in --populate command
Verifing the keyring at this point is useless as a malicious package is already
installed and as such has several options to bypass this check anyway.

Signed-off-by: Pierre Schmitz <pierre@archlinux.de>
Signed-off-by: Dan McGee <dan@archlinux.org>
2012-03-05 11:57:30 -06:00
Dan McGee
3849c3aec1 Merge branch 'maint'
Conflicts:
	contrib/pacsysclean.in
	src/pacman/conf.h
2012-02-20 17:00:26 -06:00
Dave Reisner
ca41427141 parseopts: normalize options into an array
Modify parse_options logic to fill an array instead of printing parsed
options. Avoid eval like the plague. Because it is the plague.

Fixes bugs such as FS#28445.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2012-02-16 17:31:16 -06:00
Dan McGee
4f54bde439 Merge branch 'maint'
Conflicts:
	scripts/makepkg.sh.in
2012-01-30 22:00:26 -06:00
Dave Reisner
9aa4d9a7b9 pacman-key: call gpg fewer times for revocation keys
Instead of iterating over the revocation keyfile and calling gpg once
for each key, map the file into an array and call gpg once, iterating
over this output to mark each key as revoked.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2012-01-30 21:59:41 -06:00
Dave Reisner
2a73f4e994 pacman-key: simplify trusted keyring iteration
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2012-01-30 21:59:34 -06:00
Dave Reisner
9e9835f464 scripts: always use printf with embedded gettext
This addresses two problems:

1) echo's behavior is inconsistent when dealing with flags, and can
potentially be problematic.

  $ echo -n
  $ echo -- -n
  -- -n

2) Always using the end of options markers prevents translated strings
from throwing errors, as shown in FS#28069.

The remaining "inconsistencies" are because printf is being used in a
guaranteed safe manner, e.g.

  printf '%s\n' "$(gettext "--this can never break")"

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2012-01-30 21:31:38 -06:00
Dan McGee
e50c4a8837 Merge branch 'maint'
Conflicts:
	lib/libalpm/diskspace.c
	src/pacman/util.h
2012-01-23 12:20:52 -06:00
Dan McGee
562109c0e8 Update copyright on changed files since beginning of year
Signed-off-by: Dan McGee <dan@archlinux.org>
2012-01-18 22:25:27 -06:00
canyonknight
c231c9af97 Improve exit statuses and error messages in pacman-key
Return codes from gpg commands are currently lost. This adds the functionality
of taking non-zero exit statuses from gpg. This includes error reporting for all
gpg commands that are run individually, run in a loop, and run through a pipe.

Includes the check_keyids_exist function which verifies a key exists locally
prior to attempted local manipulation of the key.

If a gpg command has a non-zero status, pacman-key will now exit with a non-zero
status. It will print a gettext error message of gpg's failure.

Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2012-01-18 22:01:12 -06:00
canyonknight
24ca6ce1f9 Turn gpg commands into functions in pacman-key
Adds functions for every gpg command. By pulling out the gpg commands from the
"program start" section, additional commands can be run before or after a
specific gpg command without adding additional clutter to the function call
section.

Adds an explicit exit status of 0 to prevent arithmetic expansions from
returning non-zero, thereby falsely causing pacman-key to have a non-zero exit
status.

This change creates the framework for additional error messages and better
exit statuses being added to every pacman-key gpg call.

Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2012-01-18 22:01:00 -06:00
Dan McGee
38143770a9 Merge branch 'maint' 2011-12-23 14:40:59 -06:00
Timothy Redaelli
5b749eeee9 pacman-key: Add missing quotes
Signed-off-by: Timothy Redaelli <timothy.redaelli@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-12-23 14:39:12 -06:00
Lukas Fleischer
0e4946d559 scripts/*: Declare several constant variables read-only
Be more semantically accurate and avoid accidental overwriting of some
configuration variables that are considered to be constant.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-12-07 10:02:11 -06:00
Dan McGee
4bada45464 pacman-key: add a default keyserver timeout value on --init
The default is supposidely 30 seconds from the gpg manpage, but that
sure wasn't what I was seeing- it was somewhere closer to two minutes of
silence. Add a more reasonable 10 second timeout value which should be
good enough for any keyserver that doesn't totally stink at it's job.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-10-17 09:42:46 -05:00
Dan McGee
5a39172835 pacman-key: don't escape single quote in usage message
This screws up gettext and causes the message to display always
untranslated.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-10-11 09:07:20 -05:00
Dan McGee
484d5ec624 pacman-key: treat foo-trusted as an ownertrust export file
This allows it to serve double-duty. In order to allow users to base
verification decisions off of both a valid signature and a trusted
signature, we need to assign some level of owner trust to the keys we
designate as trusted on import.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-10-05 22:00:52 -05:00
Dan McGee
ab7d2890a4 pacman-key: refine and clarify import/import-trustdb behavior
* --import now only imports keys from pubkey.gpg and does not import
  owner trust; if you want to have both simply run the operations in
  sequence.
* --import-trustdb has been simplified; it will overwrite existing
  values in the trust database as before, but there is no need to export
  it first as those values are safe if left untouched.
* Fix the manpage referring to a non-existent option.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-10-05 21:55:53 -05:00
Dave Reisner
938fb2c878 pacman-key: remove errexit flag from shebang
We're ill equipped to be using this flag as we don't trap and respond to
the ERR signal. The result is that if is ever tripped, pacman-key will
instantly exit with no indication of why. At the same time, we're
already fairly good about doing our own error checking and verbalizing
it before dying.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-30 10:48:28 -05:00
Allan McRae
07ecd40a1a pacman-key: return 0 from get_from if default value used
This prevents the error trap being set off when GPGDir is commented
in pacman.conf.  Bug introduced in 507b01b9.

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-30 10:48:19 -05:00
Dan McGee
e70d540501 pacman-key: use consistent punctuation in error messages
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-27 09:17:11 -05:00
Dave Reisner
507b01b912 pacman-key: allow get_from to return a default value
Keep the non-zero return val to let the caller know that the key wasn't
found.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-26 16:02:19 -05:00
Dave Reisner
b6ccae2d18 pacman-key: simplify writing to config file
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-26 16:02:19 -05:00
Dan McGee
1df9b2aa79 pacman-key: add an additional plain text 'foo-trusted' file
This is similar to the 'foo-revoked' file we had. This will be used to
inform the user what keys in the shipped keyring need to be explicitly
trusted by the user.

A distro such as Arch will likely have 3-4 master keys listed in this
trusted file, but an additional 25 developer keys present in the keyring
that the user shouldn't have to directly sign.

We use this list to prompt the user to sign the keys locally. If the key
is already signed locally gpg will print a bit of junk but will continue
without pestering the user.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-22 11:15:45 -05:00