From 7af0ab1cde9398c938a7a221aca5787934a16121 Mon Sep 17 00:00:00 2001 From: Dan McGee Date: Mon, 27 Jun 2011 16:29:49 -0500 Subject: signing: move to new signing verification and return scheme This gives us more granularity than the former Never/Optional/Always trifecta. The frontend still uses these values temporarily but that will be changed in a future patch. * Use 'siglevel' consistenly in method names, 'level' as variable name * The level becomes an enum bitmask value for flexibility * Signature check methods now return a array of status codes rather than a simple integer success/failure value. This allows callers to determine whether things such as an unknown signature are valid. * Specific signature error codes mostly disappear in favor of the above returned status code; pm_errno is now set only to PKG_INVALID_SIG or DB_INVALID_SIG as appropriate. Signed-off-by: Dan McGee --- src/util/cleanupdelta.c | 3 ++- src/util/pactree.c | 3 ++- src/util/testdb.c | 3 ++- src/util/testpkg.c | 3 ++- 4 files changed, 8 insertions(+), 4 deletions(-) (limited to 'src/util') diff --git a/src/util/cleanupdelta.c b/src/util/cleanupdelta.c index 08d8a557..a45efdcc 100644 --- a/src/util/cleanupdelta.c +++ b/src/util/cleanupdelta.c @@ -71,11 +71,12 @@ static void checkdbs(const char *dbpath, alpm_list_t *dbnames) { char syncdbpath[PATH_MAX]; alpm_db_t *db = NULL; alpm_list_t *i; + const alpm_siglevel_t level = ALPM_SIG_DATABASE | ALPM_SIG_DATABASE_OPTIONAL; for(i = dbnames; i; i = alpm_list_next(i)) { char *dbname = alpm_list_getdata(i); snprintf(syncdbpath, PATH_MAX, "%s/sync/%s", dbpath, dbname); - db = alpm_db_register_sync(handle, dbname, PM_PGP_VERIFY_OPTIONAL); + db = alpm_db_register_sync(handle, dbname, level); if(db == NULL) { fprintf(stderr, "error: could not register sync database (%s)\n", alpm_strerror(alpm_errno(handle))); diff --git a/src/util/pactree.c b/src/util/pactree.c index 7b87ac13..9b678631 100644 --- a/src/util/pactree.c +++ b/src/util/pactree.c @@ -124,6 +124,7 @@ static int register_syncs(void) { FILE *fp; char *ptr, *section = NULL; char line[LINE_MAX]; + const alpm_siglevel_t level = ALPM_SIG_DATABASE | ALPM_SIG_DATABASE_OPTIONAL; fp = fopen(CONFFILE, "r"); if(!fp) { @@ -147,7 +148,7 @@ static int register_syncs(void) { section = strndup(&line[1], strlen(line) - 2); if(section && strcmp(section, "options") != 0) { - alpm_db_register_sync(handle, section, PM_PGP_VERIFY_OPTIONAL); + alpm_db_register_sync(handle, section, level); } } } diff --git a/src/util/testdb.c b/src/util/testdb.c index 642890b6..ee169df2 100644 --- a/src/util/testdb.c +++ b/src/util/testdb.c @@ -148,10 +148,11 @@ static int check_syncdbs(alpm_list_t *dbnames) { int ret = 0; alpm_db_t *db = NULL; alpm_list_t *i, *pkglist, *syncpkglist = NULL; + const alpm_siglevel_t level = ALPM_SIG_DATABASE | ALPM_SIG_DATABASE_OPTIONAL; for(i = dbnames; i; i = alpm_list_next(i)) { char *dbname = alpm_list_getdata(i); - db = alpm_db_register_sync(handle, dbname, PM_PGP_VERIFY_OPTIONAL); + db = alpm_db_register_sync(handle, dbname, level); if(db == NULL) { fprintf(stderr, "error: could not register sync database (%s)\n", alpm_strerror(alpm_errno(handle))); diff --git a/src/util/testpkg.c b/src/util/testpkg.c index 03234ed5..ac2dde28 100644 --- a/src/util/testpkg.c +++ b/src/util/testpkg.c @@ -43,6 +43,7 @@ int main(int argc, char *argv[]) alpm_handle_t *handle; enum _alpm_errno_t err; alpm_pkg_t *pkg = NULL; + const alpm_siglevel_t level = ALPM_SIG_PACKAGE | ALPM_SIG_PACKAGE_OPTIONAL; if(argc != 2) { fprintf(stderr, "usage: %s \n", BASENAME); @@ -58,7 +59,7 @@ int main(int argc, char *argv[]) /* let us get log messages from libalpm */ alpm_option_set_logcb(handle, output_cb); - if(alpm_pkg_load(handle, argv[1], 1, PM_PGP_VERIFY_OPTIONAL, &pkg) == -1 + if(alpm_pkg_load(handle, argv[1], 1, level, &pkg) == -1 || pkg == NULL) { err = alpm_errno(handle); switch(err) { -- cgit v1.2.3-70-g09d2