summaryrefslogtreecommitdiff
path: root/lib/libalpm
diff options
context:
space:
mode:
authorXavier Chantry <shiningxc@gmail.com>2008-12-17 16:25:07 +0530
committerDan McGee <dan@archlinux.org>2011-03-23 03:35:50 -0500
commitf9505063f804b9e1c736299b2387e1ddfbdc4f97 (patch)
treee5659dcc137e3e1e2ea6811475f12b9d108b7b6e /lib/libalpm
parent18c69469618fef612a74ee550e157a45fc099efc (diff)
downloadpacman-f9505063f804b9e1c736299b2387e1ddfbdc4f97.tar.xz
Added gpg verification options per repo to the config file.
Once we do this, add support for VerifySig to pactest. We just check if the repo name contains Always, Never or Optional to determine the value of VerifySig. The default is Never. pacman uses Always by default but this is not suitable for pactest. Original-work-by: shankar <jatheendra@gmail.com> Signed-off-by: Xavier Chantry <shiningxc@gmail.com> Signed-off-by: Dan McGee <dan@archlinux.org>
Diffstat (limited to 'lib/libalpm')
-rw-r--r--lib/libalpm/alpm.h9
-rw-r--r--lib/libalpm/db.c18
-rw-r--r--lib/libalpm/db.h1
-rw-r--r--lib/libalpm/signing.c2
-rw-r--r--lib/libalpm/sync.c19
5 files changed, 44 insertions, 5 deletions
diff --git a/lib/libalpm/alpm.h b/lib/libalpm/alpm.h
index 150730ce..276d49cb 100644
--- a/lib/libalpm/alpm.h
+++ b/lib/libalpm/alpm.h
@@ -251,6 +251,15 @@ alpm_list_t *alpm_pkg_unused_deltas(pmpkg_t *pkg);
int alpm_pkg_check_pgp_signature(pmpkg_t *pkg);
+/* GPG signature verification option */
+typedef enum _pgp_verify_t {
+ PM_PGP_VERIFY_ALWAYS,
+ PM_PGP_VERIFY_OPTIONAL,
+ PM_PGP_VERIFY_NEVER
+} pgp_verify_t;
+
+int alpm_db_set_pgp_verify(pmdb_t *db, pgp_verify_t verify);
+
/*
* Deltas
*/
diff --git a/lib/libalpm/db.c b/lib/libalpm/db.c
index cb575c8a..f61ea918 100644
--- a/lib/libalpm/db.c
+++ b/lib/libalpm/db.c
@@ -181,6 +181,24 @@ int SYMEXPORT alpm_db_setserver(pmdb_t *db, const char *url)
return 0;
}
+/** Set the verify gpg signature option for a database.
+ * @param db database pointer
+ * @param verify enum pgp_verify_t
+ * @return 0 on success, -1 on error (pm_errno is set accordingly)
+ */
+int SYMEXPORT alpm_db_set_pgp_verify(pmdb_t *db, pgp_verify_t verify)
+{
+ ALPM_LOG_FUNC;
+
+ /* Sanity checks */
+ ASSERT(db != NULL, RET_ERR(PM_ERR_DB_NULL, -1));
+
+ db->pgp_verify = verify;
+ _alpm_log(PM_LOG_DEBUG, "adding VerifySig option to database '%s': %d\n",
+ db->treename, verify);
+
+ return(0);
+}
/** Get the name of a package database
* @param db pointer to the package database
diff --git a/lib/libalpm/db.h b/lib/libalpm/db.h
index 75776d71..dfd9f933 100644
--- a/lib/libalpm/db.h
+++ b/lib/libalpm/db.h
@@ -60,6 +60,7 @@ struct __pmdb_t {
pmpkghash_t *pkgcache;
alpm_list_t *grpcache;
alpm_list_t *servers;
+ pgp_verify_t pgp_verify;
struct db_operations *ops;
};
diff --git a/lib/libalpm/signing.c b/lib/libalpm/signing.c
index 27855798..08e9b297 100644
--- a/lib/libalpm/signing.c
+++ b/lib/libalpm/signing.c
@@ -168,6 +168,8 @@ int _alpm_gpgme_checksig(const char *pkgpath, const pmpgpsig_t *sig)
if(gpgsig->summary & GPGME_SIGSUM_VALID) {
/* good signature, continue */
+ _alpm_log(PM_LOG_DEBUG, _("Package %s has a valid signature.\n"),
+ pkgpath);
} else if(gpgsig->summary & GPGME_SIGSUM_GREEN) {
/* 'green' signature, not sure what to do here */
_alpm_log(PM_LOG_WARNING, _("Package %s has a green signature.\n"),
diff --git a/lib/libalpm/sync.c b/lib/libalpm/sync.c
index 5e7cf293..5428e40b 100644
--- a/lib/libalpm/sync.c
+++ b/lib/libalpm/sync.c
@@ -847,11 +847,17 @@ int _alpm_sync_commit(pmtrans_t *trans, pmdb_t *db_local, alpm_list_t **data)
continue;
}
/* check PGP signature next */
- if(_alpm_gpgme_checksig(filepath, pgpsig) != 0) {
- errors++;
- *data = alpm_list_add(*data, strdup(filename));
- FREE(filepath);
- continue;
+ pmdb_t *sdb = alpm_pkg_get_db(spkg);
+
+ if(sdb->pgp_verify != PM_PGP_VERIFY_NEVER) {
+ int ret = _alpm_gpgme_checksig(filepath, pgpsig);
+ if((sdb->pgp_verify == PM_PGP_VERIFY_ALWAYS && ret != 0) ||
+ (sdb->pgp_verify == PM_PGP_VERIFY_OPTIONAL && ret == 1)) {
+ errors++;
+ *data = alpm_list_add(*data, strdup(filename));
+ FREE(filepath);
+ continue;
+ }
}
/* load the package file and replace pkgcache entry with it in the target list */
/* TODO: alpm_pkg_get_db() will not work on this target anymore */
@@ -869,9 +875,12 @@ int _alpm_sync_commit(pmtrans_t *trans, pmdb_t *db_local, alpm_list_t **data)
i->data = pkgfile;
_alpm_pkg_free_trans(spkg); /* spkg has been removed from the target list */
}
+
PROGRESS(trans, PM_TRANS_PROGRESS_INTEGRITY_START, "", 100,
numtargs, current);
EVENT(trans, PM_TRANS_EVT_INTEGRITY_DONE, NULL, NULL);
+
+
if(errors) {
pm_errno = PM_ERR_PKG_INVALID;
goto error;