diff options
author | Dan McGee <dan@archlinux.org> | 2011-09-19 21:51:30 -0500 |
---|---|---|
committer | Dan McGee <dan@archlinux.org> | 2011-09-20 10:23:11 -0500 |
commit | 994cb4da4f6bc8efbb6a649cb7d99d95bce5c37a (patch) | |
tree | 9cec25c9312ce01792d259141d786813bf7776da | |
parent | a27f993600a518ef6a15bd7fb29575b218b58a0a (diff) |
Allow our PGP helper method to pass back the signature results
This will make its way up the call chain eventually to allow trusting
and importing of keys as necessary.
Signed-off-by: Dan McGee <dan@archlinux.org>
-rw-r--r-- | lib/libalpm/be_package.c | 7 | ||||
-rw-r--r-- | lib/libalpm/be_sync.c | 7 | ||||
-rw-r--r-- | lib/libalpm/signing.c | 24 | ||||
-rw-r--r-- | lib/libalpm/signing.h | 3 |
4 files changed, 30 insertions, 11 deletions
diff --git a/lib/libalpm/be_package.c b/lib/libalpm/be_package.c index b6cb8c4e..31a7297d 100644 --- a/lib/libalpm/be_package.c +++ b/lib/libalpm/be_package.c @@ -330,13 +330,18 @@ int _alpm_pkg_validate_internal(alpm_handle_t *handle, /* even if we don't have a sig, run the check code if level tells us to */ if(has_sig || level & ALPM_SIG_PACKAGE) { const char *sig = syncpkg ? syncpkg->base64_sig : NULL; + alpm_siglist_t *siglist; _alpm_log(handle, ALPM_LOG_DEBUG, "sig data: %s\n", sig ? sig : "<from .sig>"); if(_alpm_check_pgp_helper(handle, pkgfile, sig, level & ALPM_SIG_PACKAGE_OPTIONAL, level & ALPM_SIG_PACKAGE_MARGINAL_OK, - level & ALPM_SIG_PACKAGE_UNKNOWN_OK)) { + level & ALPM_SIG_PACKAGE_UNKNOWN_OK, &siglist)) { handle->pm_errno = ALPM_ERR_PKG_INVALID_SIG; + alpm_siglist_cleanup(siglist); + free(siglist); return -1; } + alpm_siglist_cleanup(siglist); + free(siglist); } return 0; diff --git a/lib/libalpm/be_sync.c b/lib/libalpm/be_sync.c index 7eb2539b..ef0f1ef4 100644 --- a/lib/libalpm/be_sync.c +++ b/lib/libalpm/be_sync.c @@ -70,6 +70,7 @@ static int sync_db_validate(alpm_db_t *db) { alpm_siglevel_t level; const char *dbpath; + alpm_siglist_t *siglist; if(db->status & DB_STATUS_VALID || db->status & DB_STATUS_MISSING) { return 0; @@ -102,10 +103,14 @@ static int sync_db_validate(alpm_db_t *db) if(level & ALPM_SIG_DATABASE) { if(_alpm_check_pgp_helper(db->handle, dbpath, NULL, level & ALPM_SIG_DATABASE_OPTIONAL, level & ALPM_SIG_DATABASE_MARGINAL_OK, - level & ALPM_SIG_DATABASE_UNKNOWN_OK)) { + level & ALPM_SIG_DATABASE_UNKNOWN_OK, &siglist)) { db->handle->pm_errno = ALPM_ERR_DB_INVALID_SIG; + alpm_siglist_cleanup(siglist); + free(siglist); return 1; } + alpm_siglist_cleanup(siglist); + free(siglist); } valid: diff --git a/lib/libalpm/signing.c b/lib/libalpm/signing.c index bcc91046..7e05a237 100644 --- a/lib/libalpm/signing.c +++ b/lib/libalpm/signing.c @@ -435,15 +435,17 @@ char *_alpm_sigpath(alpm_handle_t *handle, const char *path) } int _alpm_check_pgp_helper(alpm_handle_t *handle, const char *path, - const char *base64_sig, int optional, int marginal, int unknown) + const char *base64_sig, int optional, int marginal, int unknown, + alpm_siglist_t **sigdata) { - alpm_siglist_t siglist; + alpm_siglist_t *siglist; int ret; - memset(&siglist, 0, sizeof(alpm_siglist_t)); + CALLOC(siglist, 1, sizeof(alpm_siglist_t), + RET_ERR(handle, ALPM_ERR_MEMORY, -1)); _alpm_log(handle, ALPM_LOG_DEBUG, "checking signatures for %s\n", path); - ret = _alpm_gpgme_checksig(handle, path, base64_sig, &siglist); + ret = _alpm_gpgme_checksig(handle, path, base64_sig, siglist); if(ret && handle->pm_errno == ALPM_ERR_SIG_MISSING) { if(optional) { _alpm_log(handle, ALPM_LOG_DEBUG, "missing optional signature\n"); @@ -458,12 +460,12 @@ int _alpm_check_pgp_helper(alpm_handle_t *handle, const char *path, /* ret will already be -1 */ } else { size_t num; - for(num = 0; !ret && num < siglist.count; num++) { - switch(siglist.results[num].status) { + for(num = 0; !ret && num < siglist->count; num++) { + switch(siglist->results[num].status) { case ALPM_SIGSTATUS_VALID: case ALPM_SIGSTATUS_KEY_EXPIRED: _alpm_log(handle, ALPM_LOG_DEBUG, "signature is valid\n"); - switch(siglist.results[num].validity) { + switch(siglist->results[num].validity) { case ALPM_SIGVALIDITY_FULL: _alpm_log(handle, ALPM_LOG_DEBUG, "signature is fully trusted\n"); break; @@ -495,7 +497,13 @@ int _alpm_check_pgp_helper(alpm_handle_t *handle, const char *path, } } - alpm_siglist_cleanup(&siglist); + if(sigdata) { + *sigdata = siglist; + } else { + alpm_siglist_cleanup(siglist); + free(siglist); + } + return ret; } diff --git a/lib/libalpm/signing.h b/lib/libalpm/signing.h index 8e47b2cd..ee4a94a0 100644 --- a/lib/libalpm/signing.h +++ b/lib/libalpm/signing.h @@ -25,7 +25,8 @@ char *_alpm_sigpath(alpm_handle_t *handle, const char *path); int _alpm_gpgme_checksig(alpm_handle_t *handle, const char *path, const char *base64_sig, alpm_siglist_t *result); int _alpm_check_pgp_helper(alpm_handle_t *handle, const char *path, - const char *base64_sig, int optional, int marginal, int unknown); + const char *base64_sig, int optional, int marginal, int unknown, + alpm_siglist_t **sigdata); #endif /* _ALPM_SIGNING_H */ |