1
0
mirror of https://github.com/moparisthebest/pacman synced 2024-11-15 13:55:09 -05:00
Commit Graph

67 Commits

Author SHA1 Message Date
Dan McGee
c03faa32f3 Reduce duplicate signing debug code and fix logic condition
We had a lot of similar looking code that we can collapse down into a
function. This also fixes errors seen when turning on some gcc warnings
and implicitly casting away the const-ness of the string. Free the list
when we are done with it as well.

Also, fix a logic error where we should be checking with &&, not ||.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-05-04 15:46:18 -05:00
Dan McGee
97be2f0e0a Allow conditional compilation with GPGME
This makes it possible to omit usage of -lgpgme, just as we can do for
-lcurl and -lcrypto.

Thanks to Rémy Oudompheng for an initial stab at this.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-04-27 16:58:58 -05:00
Dan McGee
b7b3fc2386 signing: add more detail to unexpected signature count error
Do a quick loop and count of the returned data so we can show how many
signatures were parsed and read.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-04-24 10:50:06 -05:00
Dan McGee
1d7ad5d24b Enhance GPGME debug output
Add some lookup functions for nice names for the various types used by
the library, and remove some fields that are of little use to us in the
debug output. This should make looking at key loading and verification a
bit easier, especially in determining what makes up our good and bad
criteria.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-04-24 10:48:34 -05:00
Dan McGee
225acbbff1 Rein in the complexity of the signature type
Given that we offer no transparency into the pmpgpsig_t type, we don't
really need to expose it outside of the library, and at this point, we
don't need it at all. Don't decode anything except when checking
signatures. For packages/files not from a sync database, we now just
read the signature file directly anyway.

Also push the decoding logic down further into the check method so we
don't need this hanging out in a less than ideal place. This will make
it easier to conditionally compile things down the road.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-04-24 10:48:33 -05:00
Dan McGee
31e55b8049 signing: let GPGME handle loading signatures from files
Rather than go through all the hassle of doing this ourselves, just let
GPGME handle the work by passing it a file handle.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-04-24 10:48:33 -05:00
Dan McGee
442e1420f9 Rename gpgsig struct fields for clarity
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-04-20 20:11:26 -05:00
Dan McGee
3c5661ec3c Form the signature file location in one place
Since we do this for all cases anyway.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-04-20 20:10:27 -05:00
Dan McGee
4af6c72d79 syntax: if/while statements should have no trailing space
This is the standard, and we have had a few of these introduced lately
that should not be here.

Done with:
  find -name '*.c' | xargs sed -i -e 's#if (#if(#g'
  find -name '*.c' | xargs sed -i -e 's#while (#while(#g'

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-04-20 19:47:39 -05:00
Dave Reisner
6760ec2b77 Allow VerifySig to act as a default verification in [options]
* add _alpm_db_get_sigverify_level
* add alpm_option_{get,set}_default_sigverify

And set the default verification level to OPTIONAL if not set otherwise.

Signed-off-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-04-20 19:42:01 -05:00
Dave Reisner
91594a1ef8 style cleanup: cast as (type *) not (type*)
Signed-off-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-04-20 19:04:53 -05:00
Allan McRae
a8b22e16ef Do not reuse old signature
After updating a database, remove the old signature to prevent it
being used in validation if the new signature fails to download.

Signed-off-by: Allan McRae <allan@archlinux.org>
2011-03-23 22:58:32 -05:00
Dan McGee
9a3325a56d Refactor signature loading code into common function
We can use this for both standalone package signatures as well as
standalone database signatures.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23 22:56:54 -05:00
Allan McRae
ed6fda2f98 Add functions for verifying database signature
Add a pmpgpsig_t struct to the database entry struct and functions for
the lazy loading of database signatures.  Add a function for checking
database signatures, reusing (and generalizing) the code currently used
for checking package signatures.

TODO: The code for reading in signature files from the filesystem is
duplicated for local packages and database and needs refactoring.

Signed-off-by: Allan McRae <allan@archlinux.org>
2011-03-23 22:22:33 -05:00
Allan McRae
2f060dec6a Report output from signature checking to debug log
Move the (possibly still temporary) output generated during signature
checking into the --debug output.

Signed-off-by: Allan McRae <allan@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23 03:36:48 -05:00
Xavier Chantry
f9505063f8 Added gpg verification options per repo to the config file.
Once we do this, add support for VerifySig to pactest. We just check if
the repo name contains Always, Never or Optional to determine the value
of VerifySig. The default is Never. pacman uses Always by default but
this is not suitable for pactest.

Original-work-by: shankar <jatheendra@gmail.com>
Signed-off-by: Xavier Chantry <shiningxc@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23 03:35:50 -05:00
Dan McGee
39c75c7000 Integrate GPGME into libalpm
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23 03:16:29 -05:00