Added gpg verification options per repo to the config file.

Once we do this, add support for VerifySig to pactest. We just check if
the repo name contains Always, Never or Optional to determine the value
of VerifySig. The default is Never. pacman uses Always by default but
this is not suitable for pactest.

Original-work-by: shankar <jatheendra@gmail.com>
Signed-off-by: Xavier Chantry <shiningxc@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>

1 files changed, 14 insertions, 5 deletions

diff --git a/lib/libalpm/sync.c b/lib/libalpm/sync.c
index 5e7cf293..5428e40b 100644
--- a/lib/libalpm/sync.c
+++ b/lib/libalpm/sync.c
@@ -847,11 +847,17 @@ int _alpm_sync_commit(pmtrans_t *trans, pmdb_t *db_local, alpm_list_t **data)
 			continue;
 		}
 		/* check PGP signature next */
-		if(_alpm_gpgme_checksig(filepath, pgpsig) != 0) {
-			errors++;
-			*data = alpm_list_add(*data, strdup(filename));
-			FREE(filepath);
-			continue;
+		pmdb_t *sdb = alpm_pkg_get_db(spkg);
+
+		if(sdb->pgp_verify != PM_PGP_VERIFY_NEVER) {
+			int ret = _alpm_gpgme_checksig(filepath, pgpsig);
+			if((sdb->pgp_verify == PM_PGP_VERIFY_ALWAYS && ret != 0) ||
+					(sdb->pgp_verify == PM_PGP_VERIFY_OPTIONAL && ret == 1)) {
+				errors++;
+				*data = alpm_list_add(*data, strdup(filename));
+				FREE(filepath);
+				continue;
+			}
 		}
 		/* load the package file and replace pkgcache entry with it in the target list */
 		/* TODO: alpm_pkg_get_db() will not work on this target anymore */
@@ -869,9 +875,12 @@ int _alpm_sync_commit(pmtrans_t *trans, pmdb_t *db_local, alpm_list_t **data)
 		i->data = pkgfile;
 		_alpm_pkg_free_trans(spkg); /* spkg has been removed from the target list */
 	}
+
 	PROGRESS(trans, PM_TRANS_PROGRESS_INTEGRITY_START, "", 100,
 			numtargs, current);
 	EVENT(trans, PM_TRANS_EVT_INTEGRITY_DONE, NULL, NULL);
+
+
 	if(errors) {
 		pm_errno = PM_ERR_PKG_INVALID;
 		goto error;