1
0
mirror of https://github.com/moparisthebest/pacman synced 2024-11-17 23:05:00 -05:00
Commit Graph

91 Commits

Author SHA1 Message Date
Andrew Gregory
d5a5a6b512 fix style violations
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-02-16 11:06:43 +10:00
Allan McRae
bafee395a6 Fix compilation error on clang
This also lead me to notice that in _alpm_gpgme_checksig many things
were not being cleaned up.  Fix this by having CHECK_ERR goto gpg_error
and make the required adjustments.

Signed-off-by: Allan McRae <allan@archlinux.org>
2013-02-13 11:50:32 +10:00
Allan McRae
5f5469c774 Import key if needed when installing package from file
When installing a package with "pacman -U" that has a detached
signature, check if the needed key is in the keyring and download
if necessary.

Signed-off-by: Allan McRae <allan@archlinux.org>
2013-02-09 12:43:37 +10:00
Allan McRae
198154962b Make decode_signature available to the library
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-02-09 12:43:37 +10:00
Allan McRae
05745089ac Add function to extract key id from signatures
This does not support all possibilities of RFC4880, but it does
cover every key currently used in Arch Linux.

Signed-off-by: Allan McRae <allan@archlinux.org>
2013-02-09 12:43:37 +10:00
Allan McRae
4ec6848f91 Move key importing into separate function
This will be useful for checking the availablity of all keys before
perfoming validation in sync operations and for downloading a needed
key in upgrade operations.

Signed-off-by: Allan McRae <allan@archlinux.org>
2013-02-09 12:43:36 +10:00
Allan McRae
45b6d36cf7 Make key_in_keychain available in library
In preparation for checking key presence and downloading needed keys
before conflict checking.

Signed-off-by: Allan McRae <allan@archlinux.org>
2013-02-09 12:43:36 +10:00
Gerardo Exequiel Pozzi
86eefc1a3a Fix space between control structure and open parens
Signed-off-by: Gerardo Exequiel Pozzi <vmlinuz386@yahoo.com.ar>
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-01-04 21:49:38 +10:00
Gerardo Exequiel Pozzi
b5709b8171 Fix open braces style
Signed-off-by: Gerardo Exequiel Pozzi <vmlinuz386@yahoo.com.ar>
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-01-04 21:49:37 +10:00
Allan McRae
1dd3405813 Update copyright year for 2013
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-01-03 12:03:09 +10:00
Allan McRae
422a4021e4 Fix future signature timestamp warning
The warning given for a signature timstamp being in the future compared
to the system time stated the opposite.

Also, move this warning to debug output.  It is useless in its current
form as the package or database that is giving the error is not
mentioned and so other debug output is needed to find the offending
signature.

Signed-off-by: Allan McRae <allan@archlinux.org>
2012-12-14 12:35:34 +10:00
Dan McGee
369c5aa7dd Merge branch 'maint' 2012-09-18 08:36:10 -05:00
Florian Pritz
f7558856b1 signing.c: warn if time went backwards
GPG signatures have a timestamp which is checked and if it's in the
future, verification will fail.

Dan: slight wording change.

Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-09-18 08:35:53 -05:00
Dan McGee
d7b728591a Merge branch 'maint' 2012-04-12 08:57:26 -05:00
Dan McGee
ded66fbb62 Fix issues with unintialized variable value usage
Detected by clang scan-build static code analyzer.

* Don't attempt to free an uninitialized gpgme key variable
* Initialize answer variable before asking frontend a question
* Pass by reference instead of value if uninitialized fields are
  possible in download signal handler code
* Ensure we never call strlen() on NULL payload->remote_name value

Signed-off-by: Dan McGee <dan@archlinux.org>
2012-04-09 00:46:54 -05:00
Dan McGee
4ca6590af5 Merge branch 'maint'
Conflicts:
	lib/libalpm/signing.c
	lib/libalpm/sync.c
2012-04-07 11:23:55 -05:00
Dave Reisner
be0e044404 signing: cope with gpg2's failure at life
For key searches only, gpg2 will fail to lookup any and all keys that
are not prefixed with 0x.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2012-03-28 09:55:14 -05:00
Dan McGee
e50c4a8837 Merge branch 'maint'
Conflicts:
	lib/libalpm/diskspace.c
	src/pacman/util.h
2012-01-23 12:20:52 -06:00
Dan McGee
562109c0e8 Update copyright on changed files since beginning of year
Signed-off-by: Dan McGee <dan@archlinux.org>
2012-01-18 22:25:27 -06:00
Dan McGee
6e8ca48cbb Reorder some operations in sig check for efficiency
We don't need to open the data to be checked if we don't have a
signature to check against, so postpone that open until we know we have
either the base64_data or a valid signature file.

Signed-off-by: Dan McGee <dan@archlinux.org>
2012-01-12 09:31:09 -06:00
Dan McGee
4f02b98338 Merge branch 'maint'
Conflicts:
	lib/libalpm/signing.c

Signed-off-by: Dan McGee <dan@archlinux.org>
2012-01-08 12:14:04 -06:00
Dan McGee
def9e45aff Search for PGP subkeys in a keyserver-acceptable way
PGP keyservers are pieces of sh** when it comes to searching for
subkeys, and only allow it if you submit an 8-character fingerprint
rather than the recommended and less chance of collision 16-character
fingerprint.

Add a second remote lookup for the 8-character version of a key ID if we
don't find anything the first time we look up the key. This fixes
FS#27612 and the deficiency has been sent upstream to the GnuPG users
mailing list as well.

Signed-off-by: Dan McGee <dan@archlinux.org>
2012-01-05 16:34:51 -06:00
Dave Reisner
d6ccd44390 include config.h via Makefiles
Ensures that config.h is always ordered correctly (first) in the
includes. Also means that new source files get this for free without
having to remember to add it.

We opt for -imacros over -include as its more portable, and the
added constraint by -imacros doesn't bother us for config.h.

This also touches the HACKING file to remove the explicit mention of
config.h as part of the includes.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-12-21 18:13:17 -06:00
Florian Pritz
2141b7112d add key algo to import msg
Signed-off-by: Florian Pritz <bluewind@xinu.at>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-11-20 21:40:19 -06:00
Florian Pritz
2f96067fe7 change gpg import message to resemble gpg --list-keys
Dan: const pointers, don't worry about bitfields.

Signed-off-by: Florian Pritz <bluewind@xinu.at>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-11-20 21:39:33 -06:00
Dan McGee
bac670ddc9 Show an error message on failed remote key lookup
The absolutely terrible part about this is the failure on GPGME's part
to distinguish between "key not found" and "keyserver timeout". Instead,
it returns the same silly GPG_ERR_EOF in both cases (why isn't
GPG_ERR_TIMEOUT being used?), leaving us helpless to tell them apart.

Spit out a generic enough error message that covers both cases;
unfortunately we can't provide much guidance to the user because we
aren't sure what actually happened.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-10-17 09:38:35 -05:00
Dan McGee
12642a299b Add user-visible warning message if public keyring not found
This should help point users in the right direction if they have not
initialized via pacman-key just yet.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-10-12 17:54:08 -05:00
Dan McGee
2a18171afa signing: delay gpgme_init() until latest possible moment
In the default configuration, we can enter the signing code but still
have nothing to do with GPGME- for example, if database signatures are
optional but none are present. Delay initialization of GPGME until we
know there is a signature file present or we were passed base64-encoded
data.

This also makes debugging with valgrind a lot easier as you don't have
to deal with all the GPGME error noise because their code leaks like a
sieve.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-10-12 14:20:47 -05:00
Dan McGee
fa929e8258 Fix compilation using --without-gpgme
I'm really good at breaking this on a regular basis. If only we had some
sort of automated testing for this...

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-27 09:15:36 -05:00
Dan McGee
b242b2d050 Remove unnecessary logger
This is just a wrapper function; the real function we call logs an
almost identical line.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-27 09:08:01 -05:00
Dan McGee
2517ba3303 Update Doxyfile and fix some documentation errors caught by Doxygen
A few parameters were outdated or wrongly named, and a few things were
explicitly linked that Doxygen wasn't able to resolve.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-22 16:37:36 -05:00
Dan McGee
1e0ed133f4 Handle key import errors correctly and with good error messages
This adds calls to gpgme_op_import_result() which we were not looking at
before to ensure the key was actually imported. Additionally, we do some
preemptive checks to ensure the keyring is even writable if we are going
to prompt the user to add things to it.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-22 16:01:10 -05:00
Dan McGee
907e8af5be signing: be consistent with returning -1 for error cases
This also fixes a segfault found by dave when key_search is
unsuccessful; the key_search return code documentation has also been
updated to reflect reality.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-22 16:01:05 -05:00
Dan McGee
6767de5380 Add status and check for key being disabled
Because we aren't using gpgv and a dedicated keyring that is known to be
all safe, we should honor this flag being set on a given key in the
keyring to know to not honor it. This prevents a key from being
reimported that a user does not want to be used- instead of deleting,
one should mark it as disabled.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-22 11:14:35 -05:00
Dan McGee
765178c5ba Implement PGP key search and import
Add two new static methods, key_search() and key_import(), to our
growing list of signing code.

If we come across a key we do not have, attempt to look it up remotely
and ask the user if they wish to import said key. If they do, flag the
validation process as a potential 'retry', meaning it might succeed the
next time it is ran.

These depend on you having a 'keyserver hkp://foo.example.com' line in
your gpg.conf file in your gnupg home directory to function.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-22 11:14:31 -05:00
Dan McGee
0ef7129a4a signing: document most undocumented functions
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-22 11:06:03 -05:00
Dan McGee
5e7875ae6a Fix possible segfault if siglist was empty
If siglist->results wasn't a NULL pointer, we would try to free it
anyway, even if siglist->count was zero. Only attempt to free this
pointer if we had results and the pointer is valid.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-22 10:31:28 -05:00
Dan McGee
ec790ced7c signing: add a process and retry loop for database signatures
In reality, there is no retrying that happens as of now because we don't
have any import or changing of the keyring going on, but the code is set
up so we can drop this in our new _alpm_process_siglist() function. Wire
up the basics to the sync database validation code, so we see something
like the following:

    $ pacman -Ss unknowntrust
    error: core: signature from "Dan McGee <dpmcgee@gmail.com>" is unknown trust
    error: core: signature from "Dan McGee <dpmcgee@gmail.com>" is unknown trust
    error: database 'core' is not valid (invalid or corrupted database (PGP signature))

    $ pacman -Ss missingsig
    error: core: missing required signature
    error: core: missing required signature
    error: database 'core' is not valid (invalid or corrupted database (PGP signature))

Yes, there is some double output, but this should be fixable in the
future.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-20 10:23:11 -05:00
Dan McGee
994cb4da4f Allow our PGP helper method to pass back the signature results
This will make its way up the call chain eventually to allow trusting
and importing of keys as necessary.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-20 10:23:11 -05:00
Dan McGee
a7d7798032 Fix build without gpgme
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-18 15:34:28 -05:00
Dan McGee
7ea1ea88bb More package operations cleanup
Neither deltas nor filename attributes are ever present in the local
database, so we can remove all of the indirection for accessing these
attributes.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-02 22:07:06 -05:00
Dan McGee
c7e4005e5c Add more info to debug key display
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-28 19:52:10 -05:00
Dan McGee
de43d00db0 Refactor signature result return format
I was trying to take a shortcut and not introduce a wrapper struct for
the signature results, so packed it all into alpm_sigresult_t in the
first iteration. However, this is painful when one wants to add new
fields or only return information regarding a single signature.

Refactor the type into a few components which are exposed to the end
user, and will allow a lot more future flexibility. This also exposes
more information regarding the key to the frontend than was previously
available.

The "private" void *data pointer is used by the library to store the
actual key object returned by gpgme; it is typed this way so the
frontend has no expectations of what is there, and so we don't have any
hard gpgme requirement in our public API.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-28 19:51:54 -05:00
Diogo Sousa
12387ca4e5 lib/libalpm/signing.c: Fix memory leak in decode_signature() in case of error.
Signed-off-by: Diogo Sousa <diogogsousa@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-28 19:50:22 -05:00
Dan McGee
5a07b75b22 Always process validity value returned by gpgme
Don't force 'never'; you should be checking both the status and validity
anyway.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-25 17:41:47 -05:00
Dan McGee
be72e10015 Fix small memory leak in sig check code
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-25 17:41:27 -05:00
Dan McGee
e1dce078b2 Remove argument from check_pgp_helper
This one wasn't all that necessary as we only used it in one place in
the function, which can be checked easily enough at the call site.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-25 16:12:49 -05:00
Dan McGee
d9e5dab6ac Remove alpm_option_get_* usage from backend
These are all available directly on the handle without indirection.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-19 19:12:21 -05:00
Dan McGee
b952a3b08c Fix compilation using --without-gpgme
This function is used regardless of whether gpgme support is enabled, so
make sure it is always accessible.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-16 19:51:21 -05:00
Dan McGee
11f4a7a48e Only check necessary signatures and checksums
The precedence goes as follows: signature > sha256sum > md5sum

Add some logic and helper methods to check what we have available when
loading a package, and then only check what is necessary to verify the
package. This should speed up sync database verifies as we no longer
will be doing both a checksum and a signature validation.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-15 15:15:11 -05:00