diff options
| author | Dan McGee <dan@archlinux.org> | 2011-06-27 23:29:49 +0200 |
|---|---|---|
| committer | Dan McGee <dan@archlinux.org> | 2011-07-05 17:13:20 +0200 |
| commit | 7af0ab1cde9398c938a7a221aca5787934a16121 (patch) | |
| tree | 5c4327bd4c425c05514bd350d5fdda02b361e936 /lib/libalpm/be_package.c | |
| parent | 1ce7f39ad73c5c96870c6036014afad3d49a8edf (diff) | |
| download | pacman-7af0ab1cde9398c938a7a221aca5787934a16121.tar.gz pacman-7af0ab1cde9398c938a7a221aca5787934a16121.tar.xz | |
signing: move to new signing verification and return scheme
This gives us more granularity than the former Never/Optional/Always
trifecta. The frontend still uses these values temporarily but that will
be changed in a future patch.
* Use 'siglevel' consistenly in method names, 'level' as variable name
* The level becomes an enum bitmask value for flexibility
* Signature check methods now return a array of status codes rather than
a simple integer success/failure value. This allows callers to
determine whether things such as an unknown signature are valid.
* Specific signature error codes mostly disappear in favor of the above
returned status code; pm_errno is now set only to PKG_INVALID_SIG or
DB_INVALID_SIG as appropriate.
Signed-off-by: Dan McGee <dan@archlinux.org>
Diffstat (limited to 'lib/libalpm/be_package.c')
| -rw-r--r-- | lib/libalpm/be_package.c | 20 |
1 files changed, 9 insertions, 11 deletions
diff --git a/lib/libalpm/be_package.c b/lib/libalpm/be_package.c index af213241..46bdaed0 100644 --- a/lib/libalpm/be_package.c +++ b/lib/libalpm/be_package.c @@ -233,7 +233,7 @@ static int parse_descfile(alpm_handle_t *handle, struct archive *a, alpm_pkg_t * */ alpm_pkg_t *_alpm_pkg_load_internal(alpm_handle_t *handle, const char *pkgfile, int full, const char *md5sum, const char *base64_sig, - pgp_verify_t check_sig) + alpm_siglevel_t level) { int ret; int config = 0; @@ -271,14 +271,12 @@ alpm_pkg_t *_alpm_pkg_load_internal(alpm_handle_t *handle, const char *pkgfile, } _alpm_log(handle, ALPM_LOG_DEBUG, "base64_sig: %s\n", base64_sig); - if(check_sig != PM_PGP_VERIFY_NEVER) { - _alpm_log(handle, ALPM_LOG_DEBUG, "checking signature for %s\n", pkgfile); - ret = _alpm_gpgme_checksig(handle, pkgfile, base64_sig); - if((check_sig == PM_PGP_VERIFY_ALWAYS && ret != 0) || - (check_sig == PM_PGP_VERIFY_OPTIONAL && ret == 1)) { - alpm_pkg_free(newpkg); - RET_ERR(handle, ALPM_ERR_SIG_INVALID, NULL); - } + if(level & ALPM_SIG_PACKAGE && + _alpm_check_pgp_helper(handle, pkgfile, base64_sig, + level & ALPM_SIG_PACKAGE_OPTIONAL, level & ALPM_SIG_PACKAGE_MARGINAL_OK, + level & ALPM_SIG_PACKAGE_UNKNOWN_OK, ALPM_ERR_PKG_INVALID_SIG)) { + _alpm_pkg_free(newpkg); + return NULL; } /* next- try to create an archive object to read in the package */ @@ -396,12 +394,12 @@ error: } int SYMEXPORT alpm_pkg_load(alpm_handle_t *handle, const char *filename, int full, - pgp_verify_t check_sig, alpm_pkg_t **pkg) + alpm_siglevel_t level, alpm_pkg_t **pkg) { CHECK_HANDLE(handle, return -1); ASSERT(pkg != NULL, RET_ERR(handle, ALPM_ERR_WRONG_ARGS, -1)); - *pkg = _alpm_pkg_load_internal(handle, filename, full, NULL, NULL, check_sig); + *pkg = _alpm_pkg_load_internal(handle, filename, full, NULL, NULL, level); if(*pkg == NULL) { /* pm_errno is set by pkg_load */ return -1; |