diff options
author | Dan McGee <dan@archlinux.org> | 2011-07-22 10:48:13 -0500 |
---|---|---|
committer | Dan McGee <dan@archlinux.org> | 2011-07-28 18:46:52 -0500 |
commit | 66d99957114e98ce41052fcd33200d8fbfbd9f26 (patch) | |
tree | bb264bb2cee7a28cc1d0af769185d8f4aabde4f4 /src/pacman | |
parent | aecd0740cfa8f547b0e65e0ab7535c35a2b80beb (diff) |
Revamp signing checks
This ensures we are actually making correct use of the information gpgme
is returning to us. Marginal being allowed was obvious before, but
Unknown should deal with trust level, and not the presence or lack
thereof of a public key to validate the signature with.
Return status and validity information in two separate values so check
methods and the frontend can use them independently. For now, we treat
expired keys as valid, while expired signatures are invalid.
Signed-off-by: Dan McGee <dan@archlinux.org>
Diffstat (limited to 'src/pacman')
-rw-r--r-- | src/pacman/util.c | 42 |
1 files changed, 31 insertions, 11 deletions
diff --git a/src/pacman/util.c b/src/pacman/util.c index 7065abdc..8765da7f 100644 --- a/src/pacman/util.c +++ b/src/pacman/util.c @@ -678,7 +678,7 @@ void signature_display(const char *title, alpm_sigresult_t *result) int i; for(i = 0; i < result->count; i++) { char sigline[PATH_MAX]; - const char *validity, *name; + const char *status, *validity, *name; /* Don't re-indent the first result */ if(i != 0) { int j; @@ -688,22 +688,42 @@ void signature_display(const char *title, alpm_sigresult_t *result) } switch(result->status[i]) { case ALPM_SIGSTATUS_VALID: - validity = _("Valid signature"); + status = _("Valid"); break; - case ALPM_SIGSTATUS_MARGINAL: - validity = _("Marginal signature"); + case ALPM_SIGSTATUS_KEY_EXPIRED: + status = _("Key expired"); break; - case ALPM_SIGSTATUS_UNKNOWN: - validity = _("Unknown signature"); + case ALPM_SIGSTATUS_SIG_EXPIRED: + status = _("Expired"); break; - case ALPM_SIGSTATUS_BAD: - validity = _("Invalid signature"); + case ALPM_SIGSTATUS_INVALID: + status = _("Invalid"); break; + case ALPM_SIGSTATUS_KEY_UNKNOWN: + status = _("Key unknown"); + break; + default: + status = _("Signature error"); + break; + } + switch(result->validity[i]) { + case ALPM_SIGVALIDITY_FULL: + validity = _("fully trusted"); + break; + case ALPM_SIGVALIDITY_MARGINAL: + validity = _("marginal trusted"); + break; + case ALPM_SIGVALIDITY_NEVER: + validity = _("never trusted"); + break; + case ALPM_SIGVALIDITY_UNKNOWN: default: - validity = _("Signature error"); + validity = _("unknown trust"); + break; } - name = result->uid[i] ? result->uid[i] : _("<Key Unknown>"); - snprintf(sigline, PATH_MAX, _("%s from \"%s\""), validity, name); + name = result->uid[i] ? result->uid[i] : _("{Key Unknown}"); + snprintf(sigline, PATH_MAX, _("%s, %s from \"%s\""), + status, validity, name); indentprint(sigline, len); printf("\n"); } |