From 33b3b6d9b854687f0fc3030eba134aad1485546f Mon Sep 17 00:00:00 2001 From: Allan McRae Date: Thu, 22 Dec 2011 20:19:18 +1000 Subject: Add configuration option for Upgrade operation SigLevel Add LocalFileSigLevel and RemoteFileSigLevel to control the signature checking for "pacman -U " and "pacman -U " operations respectively. The starting value for both these options is SigLevel, if it is specified in the [options] section, or the built-in system default. The specified values override and/or supplement this initial value. Note there is no distinction between setting "Required" and "PackageRequired" as there are no database options for Upgrade operations. Signed-off-by: Allan McRae --- src/pacman/conf.c | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++ src/pacman/conf.h | 2 ++ src/pacman/upgrade.c | 21 ++++++++++++++++++--- 3 files changed, 72 insertions(+), 3 deletions(-) (limited to 'src/pacman') diff --git a/src/pacman/conf.c b/src/pacman/conf.c index 1bea2b0e..95dce355 100644 --- a/src/pacman/conf.c +++ b/src/pacman/conf.c @@ -56,6 +56,8 @@ config_t *config_new(void) if(alpm_capabilities() & ALPM_CAPABILITY_SIGNATURES) { newconfig->siglevel = ALPM_SIG_PACKAGE | ALPM_SIG_PACKAGE_OPTIONAL | ALPM_SIG_DATABASE | ALPM_SIG_DATABASE_OPTIONAL; + newconfig->localfilesiglevel = ALPM_SIG_USE_DEFAULT; + newconfig->remotefilesiglevel = ALPM_SIG_USE_DEFAULT; } return newconfig; @@ -279,6 +281,7 @@ static int process_siglevel(alpm_list_t *values, alpm_siglevel_t *storage, if(strcmp(value, "Never") == 0) { if(package) { level &= ~ALPM_SIG_PACKAGE; + level |= ALPM_SIG_PACKAGE_SET; } if(database) { level &= ~ALPM_SIG_DATABASE; @@ -287,6 +290,7 @@ static int process_siglevel(alpm_list_t *values, alpm_siglevel_t *storage, if(package) { level |= ALPM_SIG_PACKAGE; level |= ALPM_SIG_PACKAGE_OPTIONAL; + level |= ALPM_SIG_PACKAGE_SET; } if(database) { level |= ALPM_SIG_DATABASE; @@ -296,6 +300,7 @@ static int process_siglevel(alpm_list_t *values, alpm_siglevel_t *storage, if(package) { level |= ALPM_SIG_PACKAGE; level &= ~ALPM_SIG_PACKAGE_OPTIONAL; + level |= ALPM_SIG_PACKAGE_SET; } if(database) { level |= ALPM_SIG_DATABASE; @@ -305,6 +310,7 @@ static int process_siglevel(alpm_list_t *values, alpm_siglevel_t *storage, if(package) { level &= ~ALPM_SIG_PACKAGE_MARGINAL_OK; level &= ~ALPM_SIG_PACKAGE_UNKNOWN_OK; + level |= ALPM_SIG_PACKAGE_TRUST_SET; } if(database) { level &= ~ALPM_SIG_DATABASE_MARGINAL_OK; @@ -314,6 +320,7 @@ static int process_siglevel(alpm_list_t *values, alpm_siglevel_t *storage, if(package) { level |= ALPM_SIG_PACKAGE_MARGINAL_OK; level |= ALPM_SIG_PACKAGE_UNKNOWN_OK; + level |= ALPM_SIG_PACKAGE_TRUST_SET; } if(database) { level |= ALPM_SIG_DATABASE_MARGINAL_OK; @@ -343,6 +350,30 @@ static int process_siglevel(alpm_list_t *values, alpm_siglevel_t *storage, return ret; } +/** + * Merge the package entires of two signature verification levels. + * @param base initial siglevel + * @param over overridden siglevel, derived value is stored here + */ +static void merge_siglevel(alpm_siglevel_t *base, alpm_siglevel_t *over) +{ + alpm_siglevel_t level = *over; + if(level & ALPM_SIG_USE_DEFAULT) { + level = *base; + } else { + if(!(level & ALPM_SIG_PACKAGE_SET)) { + level |= *base & ALPM_SIG_PACKAGE; + level |= *base & ALPM_SIG_PACKAGE_OPTIONAL; + } + if(!(level & ALPM_SIG_PACKAGE_TRUST_SET)) { + level |= *base & ALPM_SIG_PACKAGE_MARGINAL_OK; + level |= *base & ALPM_SIG_PACKAGE_UNKNOWN_OK; + } + } + + *over = level; +} + static int process_cleanmethods(alpm_list_t *values, const char *file, int linenum) { @@ -484,6 +515,22 @@ static int _parse_options(const char *key, char *value, return 1; } FREELIST(values); + } else if(strcmp(key, "LocalFileSigLevel") == 0) { + alpm_list_t *values = NULL; + setrepeatingoption(value, "LocalFileSigLevel", &values); + if(process_siglevel(values, &config->localfilesiglevel, file, linenum)) { + FREELIST(values); + return 1; + } + FREELIST(values); + } else if(strcmp(key, "RemoteFileSigLevel") == 0) { + alpm_list_t *values = NULL; + setrepeatingoption(value, "RemoteFileSigLevel", &values); + if(process_siglevel(values, &config->remotefilesiglevel, file, linenum)) { + FREELIST(values); + return 1; + } + FREELIST(values); } else { pm_printf(ALPM_LOG_WARNING, _("config file %s, line %d: directive '%s' in section '%s' not recognized.\n"), @@ -606,6 +653,11 @@ static int setup_libalpm(void) alpm_option_set_default_siglevel(handle, config->siglevel); + merge_siglevel(&config->siglevel, &config->localfilesiglevel); + merge_siglevel(&config->siglevel, &config->remotefilesiglevel); + alpm_option_set_local_file_siglevel(handle, config->localfilesiglevel); + alpm_option_set_remote_file_siglevel(handle, config->remotefilesiglevel); + if(config->xfercommand) { alpm_option_set_fetchcb(handle, download_with_xfercommand); } else if(!(alpm_capabilities() & ALPM_CAPABILITY_DOWNLOADER)) { diff --git a/src/pacman/conf.h b/src/pacman/conf.h index 408b5913..d85d11f2 100644 --- a/src/pacman/conf.h +++ b/src/pacman/conf.h @@ -72,6 +72,8 @@ typedef struct __config_t { unsigned int ask; alpm_transflag_t flags; alpm_siglevel_t siglevel; + alpm_siglevel_t localfilesiglevel; + alpm_siglevel_t remotefilesiglevel; /* conf file options */ /* I Love Candy! */ diff --git a/src/pacman/upgrade.c b/src/pacman/upgrade.c index 7f690917..222f7fa6 100644 --- a/src/pacman/upgrade.c +++ b/src/pacman/upgrade.c @@ -40,8 +40,7 @@ int pacman_upgrade(alpm_list_t *targets) { int retval = 0; - alpm_list_t *i; - alpm_siglevel_t level = alpm_option_get_default_siglevel(config->handle); + alpm_list_t *i, *remote = NULL; if(targets == NULL) { pm_printf(ALPM_LOG_ERROR, _("no targets specified (use -h for help)\n")); @@ -51,6 +50,8 @@ int pacman_upgrade(alpm_list_t *targets) /* Check for URL targets and process them */ for(i = targets; i; i = alpm_list_next(i)) { + int *r = malloc(sizeof(int)); + if(strstr(i->data, "://")) { char *str = alpm_fetch_pkgurl(config->handle, i->data); if(str == NULL) { @@ -60,8 +61,13 @@ int pacman_upgrade(alpm_list_t *targets) } else { free(i->data); i->data = str; + *r = 1; } + } else { + *r = 0; } + + remote = alpm_list_add(remote, r); } if(retval) { @@ -75,9 +81,16 @@ int pacman_upgrade(alpm_list_t *targets) printf(_("loading packages...\n")); /* add targets to the created transaction */ - for(i = targets; i; i = alpm_list_next(i)) { + for(i = targets; i; i = alpm_list_next(i), remote = alpm_list_next(remote)) { const char *targ = i->data; alpm_pkg_t *pkg; + alpm_siglevel_t level; + + if(*(int *)remote->data) { + level = alpm_option_get_remote_file_siglevel(config->handle); + } else { + level = alpm_option_get_local_file_siglevel(config->handle); + } if(alpm_pkg_load(config->handle, targ, 1, level, &pkg) != 0) { pm_printf(ALPM_LOG_ERROR, "'%s': %s\n", @@ -95,6 +108,8 @@ int pacman_upgrade(alpm_list_t *targets) config->explicit_adds = alpm_list_add(config->explicit_adds, pkg); } + FREELIST(remote); + if(retval) { trans_release(); return retval; -- cgit v1.2.3-70-g09d2