summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorDan McGee <dan@archlinux.org>2011-07-22 10:48:13 -0500
committerDan McGee <dan@archlinux.org>2011-07-28 18:46:52 -0500
commit66d99957114e98ce41052fcd33200d8fbfbd9f26 (patch)
treebb264bb2cee7a28cc1d0af769185d8f4aabde4f4 /src
parentaecd0740cfa8f547b0e65e0ab7535c35a2b80beb (diff)
downloadpacman-66d99957114e98ce41052fcd33200d8fbfbd9f26.tar.xz
Revamp signing checks
This ensures we are actually making correct use of the information gpgme is returning to us. Marginal being allowed was obvious before, but Unknown should deal with trust level, and not the presence or lack thereof of a public key to validate the signature with. Return status and validity information in two separate values so check methods and the frontend can use them independently. For now, we treat expired keys as valid, while expired signatures are invalid. Signed-off-by: Dan McGee <dan@archlinux.org>
Diffstat (limited to 'src')
-rw-r--r--src/pacman/util.c42
1 files changed, 31 insertions, 11 deletions
diff --git a/src/pacman/util.c b/src/pacman/util.c
index 7065abdc..8765da7f 100644
--- a/src/pacman/util.c
+++ b/src/pacman/util.c
@@ -678,7 +678,7 @@ void signature_display(const char *title, alpm_sigresult_t *result)
int i;
for(i = 0; i < result->count; i++) {
char sigline[PATH_MAX];
- const char *validity, *name;
+ const char *status, *validity, *name;
/* Don't re-indent the first result */
if(i != 0) {
int j;
@@ -688,22 +688,42 @@ void signature_display(const char *title, alpm_sigresult_t *result)
}
switch(result->status[i]) {
case ALPM_SIGSTATUS_VALID:
- validity = _("Valid signature");
+ status = _("Valid");
break;
- case ALPM_SIGSTATUS_MARGINAL:
- validity = _("Marginal signature");
+ case ALPM_SIGSTATUS_KEY_EXPIRED:
+ status = _("Key expired");
break;
- case ALPM_SIGSTATUS_UNKNOWN:
- validity = _("Unknown signature");
+ case ALPM_SIGSTATUS_SIG_EXPIRED:
+ status = _("Expired");
break;
- case ALPM_SIGSTATUS_BAD:
- validity = _("Invalid signature");
+ case ALPM_SIGSTATUS_INVALID:
+ status = _("Invalid");
break;
+ case ALPM_SIGSTATUS_KEY_UNKNOWN:
+ status = _("Key unknown");
+ break;
+ default:
+ status = _("Signature error");
+ break;
+ }
+ switch(result->validity[i]) {
+ case ALPM_SIGVALIDITY_FULL:
+ validity = _("fully trusted");
+ break;
+ case ALPM_SIGVALIDITY_MARGINAL:
+ validity = _("marginal trusted");
+ break;
+ case ALPM_SIGVALIDITY_NEVER:
+ validity = _("never trusted");
+ break;
+ case ALPM_SIGVALIDITY_UNKNOWN:
default:
- validity = _("Signature error");
+ validity = _("unknown trust");
+ break;
}
- name = result->uid[i] ? result->uid[i] : _("<Key Unknown>");
- snprintf(sigline, PATH_MAX, _("%s from \"%s\""), validity, name);
+ name = result->uid[i] ? result->uid[i] : _("{Key Unknown}");
+ snprintf(sigline, PATH_MAX, _("%s, %s from \"%s\""),
+ status, validity, name);
indentprint(sigline, len);
printf("\n");
}