From 6767de5380d97f6544ca3968b83b74120dfcbeca Mon Sep 17 00:00:00 2001 From: Dan McGee Date: Wed, 21 Sep 2011 15:30:12 -0500 Subject: Add status and check for key being disabled Because we aren't using gpgv and a dedicated keyring that is known to be all safe, we should honor this flag being set on a given key in the keyring to know to not honor it. This prevents a key from being reimported that a user does not want to be used- instead of deleting, one should mark it as disabled. Signed-off-by: Dan McGee --- lib/libalpm/signing.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) (limited to 'lib/libalpm/signing.c') diff --git a/lib/libalpm/signing.c b/lib/libalpm/signing.c index fbe64c98..66607fce 100644 --- a/lib/libalpm/signing.c +++ b/lib/libalpm/signing.c @@ -476,8 +476,10 @@ int _alpm_gpgme_checksig(alpm_handle_t *handle, const char *path, result->key.email = key->uids->email; result->key.created = key->subkeys->timestamp; result->key.expires = key->subkeys->expires; - _alpm_log(handle, ALPM_LOG_DEBUG, "key: %s, %s, owner_trust %s\n", - key->subkeys->fpr, key->uids->uid, string_validity(key->owner_trust)); + _alpm_log(handle, ALPM_LOG_DEBUG, + "key: %s, %s, owner_trust %s, disabled %d\n", + key->subkeys->fpr, key->uids->uid, + string_validity(key->owner_trust), key->disabled); } } @@ -501,6 +503,10 @@ int _alpm_gpgme_checksig(alpm_handle_t *handle, const char *path, status = ALPM_SIGSTATUS_INVALID; break; } + /* special case: key disabled is not returned in above status code */ + if(result->key.data && key->disabled) { + status = ALPM_SIGSTATUS_KEY_DISABLED; + } switch(gpgsig->validity) { case GPGME_VALIDITY_ULTIMATE: @@ -642,6 +648,7 @@ int _alpm_check_pgp_helper(alpm_handle_t *handle, const char *path, break; case ALPM_SIGSTATUS_SIG_EXPIRED: case ALPM_SIGSTATUS_KEY_UNKNOWN: + case ALPM_SIGSTATUS_KEY_DISABLED: case ALPM_SIGSTATUS_INVALID: _alpm_log(handle, ALPM_LOG_DEBUG, "signature is not valid\n"); ret = -1; @@ -745,6 +752,10 @@ int _alpm_process_siglist(alpm_handle_t *handle, const char *identifier, gpgme_key_unref(fetch_key.data); } break; + case ALPM_SIGSTATUS_KEY_DISABLED: + _alpm_log(handle, ALPM_LOG_ERROR, + _("%s: key \"%s\" is disabled\n"), identifier, name); + break; case ALPM_SIGSTATUS_SIG_EXPIRED: _alpm_log(handle, ALPM_LOG_ERROR, _("%s: signature from \"%s\" is expired\n"), identifier, name); -- cgit v1.2.3