summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAllan McRae <allan@archlinux.org>2012-11-03 01:16:32 +1000
committerAllan McRae <allan@archlinux.org>2013-02-09 12:43:37 +1000
commit5f5469c7746ee1699433060030bbd2e6ee43ced7 (patch)
tree7fa20de201d4480883a2e7984a0ce21d1567e9cf
parent0d89c10f4b12cb574223a23776c26144c6bceccd (diff)
Import key if needed when installing package from file
When installing a package with "pacman -U" that has a detached signature, check if the needed key is in the keyring and download if necessary. Signed-off-by: Allan McRae <allan@archlinux.org>
-rw-r--r--lib/libalpm/be_package.c64
-rw-r--r--lib/libalpm/signing.c5
2 files changed, 69 insertions, 0 deletions
diff --git a/lib/libalpm/be_package.c b/lib/libalpm/be_package.c
index cc430b17..53618934 100644
--- a/lib/libalpm/be_package.c
+++ b/lib/libalpm/be_package.c
@@ -512,6 +512,32 @@ error:
return NULL;
}
+static int read_sigfile(const char *sigpath, unsigned char **sig)
+{
+ struct stat st;
+ FILE *fp;
+
+ if(stat(sigpath, &st) != 0) {
+ return -1;
+ }
+
+ MALLOC(*sig, st.st_size, return -1);
+
+ if((fp = fopen(sigpath, "rb")) == NULL) {
+ free(*sig);
+ return -1;
+ }
+
+ if(fread(*sig, st.st_size, 1, fp) != 1) {
+ free(*sig);
+ fclose(fp);
+ return -1;
+ }
+
+ fclose(fp);
+ return st.st_size;
+}
+
int SYMEXPORT alpm_pkg_load(alpm_handle_t *handle, const char *filename, int full,
alpm_siglevel_t level, alpm_pkg_t **pkg)
{
@@ -520,6 +546,44 @@ int SYMEXPORT alpm_pkg_load(alpm_handle_t *handle, const char *filename, int ful
CHECK_HANDLE(handle, return -1);
ASSERT(pkg != NULL, RET_ERR(handle, ALPM_ERR_WRONG_ARGS, -1));
+ char *sigpath = _alpm_sigpath(handle, filename);
+ if(sigpath && !_alpm_access(handle, NULL, sigpath, R_OK)) {
+ if(level & ALPM_SIG_PACKAGE) {
+ alpm_list_t *keys = NULL;
+ int fail = 0;
+ unsigned char *sig = NULL;
+
+ int len = read_sigfile(sigpath, &sig);
+ if(len == -1) {
+ _alpm_log(handle, ALPM_LOG_ERROR,
+ _("failed to read signature file: %s\n"), sigpath);
+ free(sigpath);
+ return -1;
+ }
+
+ if(_alpm_extract_keyid(handle, filename, sig, len, &keys) == 0) {
+ alpm_list_t *k;
+ for(k = keys; k; k = k->next) {
+ char *key = k->data;
+ if(_alpm_key_in_keychain(handle, key) == 0) {
+ if(_alpm_key_import(handle, key) == -1) {
+ fail = 1;
+ }
+ }
+ }
+ FREELIST(keys);
+ }
+
+ free(sig);
+
+ if(fail) {
+ _alpm_log(handle, ALPM_LOG_ERROR, _("required key missing from keyring\n"));
+ return -1;
+ }
+ }
+ }
+ free(sigpath);
+
if(_alpm_pkg_validate_internal(handle, filename, NULL, level, NULL,
&validation) == -1) {
/* pm_errno is set by pkg_validate */
diff --git a/lib/libalpm/signing.c b/lib/libalpm/signing.c
index aa7e134a..a57c9463 100644
--- a/lib/libalpm/signing.c
+++ b/lib/libalpm/signing.c
@@ -192,6 +192,11 @@ int _alpm_key_in_keychain(alpm_handle_t *handle, const char *fpr)
gpgme_key_t key;
int ret = -1;
+ if(init_gpgme(handle)) {
+ /* pm_errno was set in gpgme_init() */
+ goto error;
+ }
+
memset(&ctx, 0, sizeof(ctx));
err = gpgme_new(&ctx);
CHECK_ERR();