diff options
| author | Dan McGee <dan@archlinux.org> | 2011-09-22 22:47:57 +0200 |
|---|---|---|
| committer | Dan McGee <dan@archlinux.org> | 2011-09-22 23:01:10 +0200 |
| commit | 1e0ed133f471c35fe6979612a4cb57926223c9b9 (patch) | |
| tree | 8f37314c6bb88cd882c4d7fb7598d1f3af9090f1 /lib/libalpm/signing.c | |
| parent | 907e8af5be7579129a257b4c9952e86a22df9bb9 (diff) | |
| download | pacman-1e0ed133f471c35fe6979612a4cb57926223c9b9.tar.gz pacman-1e0ed133f471c35fe6979612a4cb57926223c9b9.tar.xz | |
Handle key import errors correctly and with good error messages
This adds calls to gpgme_op_import_result() which we were not looking at
before to ensure the key was actually imported. Additionally, we do some
preemptive checks to ensure the keyring is even writable if we are going
to prompt the user to add things to it.
Signed-off-by: Dan McGee <dan@archlinux.org>
Diffstat (limited to 'lib/libalpm/signing.c')
| -rw-r--r-- | lib/libalpm/signing.c | 42 |
1 files changed, 36 insertions, 6 deletions
diff --git a/lib/libalpm/signing.c b/lib/libalpm/signing.c index 0bb7901f..92095655 100644 --- a/lib/libalpm/signing.c +++ b/lib/libalpm/signing.c @@ -136,7 +136,7 @@ static int init_gpgme(alpm_handle_t *handle) sigdir = handle->gpgdir; - if (_alpm_access(handle, sigdir, "pubring.gpg", R_OK) + if(_alpm_access(handle, sigdir, "pubring.gpg", R_OK) || _alpm_access(handle, sigdir, "trustdb.gpg", R_OK)) { handle->pm_errno = ALPM_ERR_NOT_A_FILE; _alpm_log(handle, ALPM_LOG_DEBUG, "Signature verification will fail!\n"); @@ -285,8 +285,15 @@ static int key_import(alpm_handle_t *handle, alpm_pgpkey_t *key) gpgme_error_t err; gpgme_ctx_t ctx; gpgme_key_t keys[2]; + gpgme_import_result_t result; int ret = -1; + if(_alpm_access(handle, handle->gpgdir, "pubring.gpg", W_OK)) { + /* no chance of import succeeding if pubring isn't writable */ + _alpm_log(handle, ALPM_LOG_ERROR, _("keyring is not writable\n")); + return -1; + } + memset(&ctx, 0, sizeof(ctx)); err = gpgme_new(&ctx); CHECK_ERR(); @@ -297,7 +304,18 @@ static int key_import(alpm_handle_t *handle, alpm_pgpkey_t *key) keys[1] = NULL; err = gpgme_op_import_keys(ctx, keys); CHECK_ERR(); - ret = 0; + result = gpgme_op_import_result(ctx); + CHECK_ERR(); + /* we know we tried to import exactly one key, so check for this */ + if(result->considered != 1 || !result->imports) { + _alpm_log(handle, ALPM_LOG_DEBUG, "could not import key, 0 results\n"); + ret = -1; + } else if(result->imports->result != GPG_ERR_NO_ERROR) { + _alpm_log(handle, ALPM_LOG_DEBUG, "gpg error: %s\n", gpgme_strerror(err)); + ret = -1; + } else { + ret = 0; + } error: gpgme_release(ctx); @@ -745,10 +763,22 @@ int _alpm_process_siglist(alpm_handle_t *handle, const char *identifier, if(key_search(handle, result->key.fingerprint, &fetch_key) == 1) { _alpm_log(handle, ALPM_LOG_DEBUG, "unknown key, found %s on keyserver\n", fetch_key.uid); - QUESTION(handle, ALPM_QUESTION_IMPORT_KEY, - &fetch_key, NULL, NULL, &answer); - if(answer && !key_import(handle, &fetch_key)) { - retry = 1; + if(!_alpm_access(handle, handle->gpgdir, "pubring.gpg", W_OK)) { + QUESTION(handle, ALPM_QUESTION_IMPORT_KEY, + &fetch_key, NULL, NULL, &answer); + if(answer) { + if(key_import(handle, &fetch_key) == 0) { + retry = 1; + } else { + _alpm_log(handle, ALPM_LOG_ERROR, + _("key \"%s\" could not be imported\n"), fetch_key.uid); + } + } + } else { + /* keyring directory was not writable, so we don't even try */ + _alpm_log(handle, ALPM_LOG_WARNING, + _("key %s, \"%s\" found on keyserver, keyring is not writable\n"), + fetch_key.fingerprint, fetch_key.uid); } } else { _alpm_log(handle, ALPM_LOG_DEBUG, |