summaryrefslogtreecommitdiff
path: root/lib/libalpm/signing.h
Commit message (Collapse)AuthorAge
* Update copyright yearsAllan McRae2017-01-04
| | | | Signed-off-by: Allan McRae <allan@archlinux.org>
* Do not #define _RESERVED_IDENTIFIERSIvy Foster2016-09-25
| | | | | Signed-off-by: Ivy Foster <ivy.foster@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
* Update copyright years for 2016Allan McRae2016-01-04
| | | | | | make update-copyright OLD=2015 NEW=2016 Signed-off-by: Allan McRae <allan@archlinux.org>
* Update copyright notices for 2015Allan McRae2015-02-01
| | | | Signed-off-by: Allan McRae <allan@archlinux.org>
* Remove ts and sw from vim modeline when noet is setFlorian Pritz2014-01-28
| | | | | | | | | | | | Forcing vim users to view files with a tabstop of 2 seems really unnecessary when noet is set. I find it much easier to read code with ts=4 and I dislike having to override the modeline by hand. Command run: find . -type f -exec sed -i '/vim.* noet/s# ts=2 sw=2##' {} + Signed-off-by: Florian Pritz <bluewind@xinu.at> Signed-off-by: Allan McRae <allan@archlinux.org>
* Update copyright years for 2014Allan McRae2014-01-06
| | | | Signed-off-by: Allan McRae <allan@archlinux.org>
* Make functions to decode a signature and extract keyid publicAllan McRae2013-10-31
| | | | | | These are useful for frontends. Signed-off-by: Allan McRae <allan@archlinux.org>
* Make decode_signature available to the libraryAllan McRae2013-02-09
| | | | Signed-off-by: Allan McRae <allan@archlinux.org>
* Add function to extract key id from signaturesAllan McRae2013-02-09
| | | | | | | This does not support all possibilities of RFC4880, but it does cover every key currently used in Arch Linux. Signed-off-by: Allan McRae <allan@archlinux.org>
* Move key importing into separate functionAllan McRae2013-02-09
| | | | | | | | This will be useful for checking the availablity of all keys before perfoming validation in sync operations and for downloading a needed key in upgrade operations. Signed-off-by: Allan McRae <allan@archlinux.org>
* Make key_in_keychain available in libraryAllan McRae2013-02-09
| | | | | | | In preparation for checking key presence and downloading needed keys before conflict checking. Signed-off-by: Allan McRae <allan@archlinux.org>
* Update copyright year for 2013Allan McRae2013-01-03
| | | | Signed-off-by: Allan McRae <allan@archlinux.org>
* Update copyright yearsAllan McRae2012-02-20
| | | | | | | Add 2012 to the copyright range for all libalpm and pacman source files. Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
* signing: add a process and retry loop for database signaturesDan McGee2011-09-20
| | | | | | | | | | | | | | | | | | | | | | | In reality, there is no retrying that happens as of now because we don't have any import or changing of the keyring going on, but the code is set up so we can drop this in our new _alpm_process_siglist() function. Wire up the basics to the sync database validation code, so we see something like the following: $ pacman -Ss unknowntrust error: core: signature from "Dan McGee <dpmcgee@gmail.com>" is unknown trust error: core: signature from "Dan McGee <dpmcgee@gmail.com>" is unknown trust error: database 'core' is not valid (invalid or corrupted database (PGP signature)) $ pacman -Ss missingsig error: core: missing required signature error: core: missing required signature error: database 'core' is not valid (invalid or corrupted database (PGP signature)) Yes, there is some double output, but this should be fixable in the future. Signed-off-by: Dan McGee <dan@archlinux.org>
* Allow our PGP helper method to pass back the signature resultsDan McGee2011-09-20
| | | | | | | This will make its way up the call chain eventually to allow trusting and importing of keys as necessary. Signed-off-by: Dan McGee <dan@archlinux.org>
* Refactor signature result return formatDan McGee2011-08-28
| | | | | | | | | | | | | | | | | | | I was trying to take a shortcut and not introduce a wrapper struct for the signature results, so packed it all into alpm_sigresult_t in the first iteration. However, this is painful when one wants to add new fields or only return information regarding a single signature. Refactor the type into a few components which are exposed to the end user, and will allow a lot more future flexibility. This also exposes more information regarding the key to the frontend than was previously available. The "private" void *data pointer is used by the library to store the actual key object returned by gpgme; it is typed this way so the frontend has no expectations of what is there, and so we don't have any hard gpgme requirement in our public API. Signed-off-by: Dan McGee <dan@archlinux.org>
* Remove argument from check_pgp_helperDan McGee2011-08-25
| | | | | | | This one wasn't all that necessary as we only used it in one place in the function, which can be checked easily enough at the call site. Signed-off-by: Dan McGee <dan@archlinux.org>
* Only check necessary signatures and checksumsDan McGee2011-08-15
| | | | | | | | | | | The precedence goes as follows: signature > sha256sum > md5sum Add some logic and helper methods to check what we have available when loading a package, and then only check what is necessary to verify the package. This should speed up sync database verifies as we no longer will be doing both a checksum and a signature validation. Signed-off-by: Dan McGee <dan@archlinux.org>
* signing: move to new signing verification and return schemeDan McGee2011-07-05
| | | | | | | | | | | | | | | | | This gives us more granularity than the former Never/Optional/Always trifecta. The frontend still uses these values temporarily but that will be changed in a future patch. * Use 'siglevel' consistenly in method names, 'level' as variable name * The level becomes an enum bitmask value for flexibility * Signature check methods now return a array of status codes rather than a simple integer success/failure value. This allows callers to determine whether things such as an unknown signature are valid. * Specific signature error codes mostly disappear in favor of the above returned status code; pm_errno is now set only to PKG_INVALID_SIG or DB_INVALID_SIG as appropriate. Signed-off-by: Dan McGee <dan@archlinux.org>
* Make alpm_db_get_sigverify_level() publicDan McGee2011-06-30
| | | | Signed-off-by: Dan McGee <dan@archlinux.org>
* Rename pmdb_t to alpm_db_tAllan McRae2011-06-28
| | | | Signed-off-by: Allan McRae <allan@archlinux.org>
* Rename pmhandle_t to alpm_handle_tAllan McRae2011-06-28
| | | | Signed-off-by: Allan McRae <allan@archlinux.org>
* Require handle argument to all alpm_option_(get|set)_*() methodsDan McGee2011-06-09
| | | | | | | | This requires a lot of line changes, but not many functional changes as more often than not our handle variable is already available in some fashion. Signed-off-by: Dan McGee <dan@archlinux.org>
* Rein in the complexity of the signature typeDan McGee2011-04-24
| | | | | | | | | | | | | | Given that we offer no transparency into the pmpgpsig_t type, we don't really need to expose it outside of the library, and at this point, we don't need it at all. Don't decode anything except when checking signatures. For packages/files not from a sync database, we now just read the signature file directly anyway. Also push the decoding logic down further into the check method so we don't need this hanging out in a less than ideal place. This will make it easier to conditionally compile things down the road. Signed-off-by: Dan McGee <dan@archlinux.org>
* signing: let GPGME handle loading signatures from filesDan McGee2011-04-24
| | | | | | | Rather than go through all the hassle of doing this ourselves, just let GPGME handle the work by passing it a file handle. Signed-off-by: Dan McGee <dan@archlinux.org>
* Rename gpgsig struct fields for clarityDan McGee2011-04-20
| | | | Signed-off-by: Dan McGee <dan@archlinux.org>
* Allow VerifySig to act as a default verification in [options]Dave Reisner2011-04-20
| | | | | | | | | | * add _alpm_db_get_sigverify_level * add alpm_option_{get,set}_default_sigverify And set the default verification level to OPTIONAL if not set otherwise. Signed-off-by: Dave Reisner <d@falconindy.com> Signed-off-by: Dan McGee <dan@archlinux.org>
* Refactor signature loading code into common functionDan McGee2011-03-23
| | | | | | | We can use this for both standalone package signatures as well as standalone database signatures. Signed-off-by: Dan McGee <dan@archlinux.org>
* Add functions for verifying database signatureAllan McRae2011-03-23
| | | | | | | | | | | | Add a pmpgpsig_t struct to the database entry struct and functions for the lazy loading of database signatures. Add a function for checking database signatures, reusing (and generalizing) the code currently used for checking package signatures. TODO: The code for reading in signature files from the filesystem is duplicated for local packages and database and needs refactoring. Signed-off-by: Allan McRae <allan@archlinux.org>
* Integrate GPGME into libalpmDan McGee2011-03-23
Signed-off-by: Dan McGee <dan@archlinux.org>