diff options
| author | Dan McGee <dan@archlinux.org> | 2012-01-05 23:34:51 +0100 |
|---|---|---|
| committer | Dan McGee <dan@archlinux.org> | 2012-01-05 23:34:51 +0100 |
| commit | def9e45affaf5212cd10b71a55f0b668f2e73ee4 (patch) | |
| tree | 2655de030e8d6159efd1c6c30bc112cd20e51320 /lib/libalpm/signing.c | |
| parent | f1d9b0a74a9e38dc9e6153eac76f4c2482fd24aa (diff) | |
| download | pacman-def9e45affaf5212cd10b71a55f0b668f2e73ee4.tar.gz pacman-def9e45affaf5212cd10b71a55f0b668f2e73ee4.tar.xz | |
Search for PGP subkeys in a keyserver-acceptable way
PGP keyservers are pieces of sh** when it comes to searching for
subkeys, and only allow it if you submit an 8-character fingerprint
rather than the recommended and less chance of collision 16-character
fingerprint.
Add a second remote lookup for the 8-character version of a key ID if we
don't find anything the first time we look up the key. This fixes
FS#27612 and the deficiency has been sent upstream to the GnuPG users
mailing list as well.
Signed-off-by: Dan McGee <dan@archlinux.org>
Diffstat (limited to 'lib/libalpm/signing.c')
| -rw-r--r-- | lib/libalpm/signing.c | 26 |
1 files changed, 21 insertions, 5 deletions
diff --git a/lib/libalpm/signing.c b/lib/libalpm/signing.c index 92f34b56..1a53deaa 100644 --- a/lib/libalpm/signing.c +++ b/lib/libalpm/signing.c @@ -251,10 +251,24 @@ static int key_search(alpm_handle_t *handle, const char *fpr, err = gpgme_get_key(ctx, fpr, &key, 0); if(gpg_err_code(err) == GPG_ERR_EOF) { _alpm_log(handle, ALPM_LOG_DEBUG, "key lookup failed, unknown key\n"); - ret = 0; - goto error; - } else if(gpg_err_code(err) != GPG_ERR_NO_ERROR) { - _alpm_log(handle, ALPM_LOG_DEBUG, "gpg error: %s\n", gpgme_strerror(err)); + /* Try an alternate lookup using the 8 character fingerprint value, since + * busted-ass keyservers can't support lookups using subkeys with the full + * value as of now. This is why 2012 is not the year of PGP encryption. */ + if(strlen(fpr) > 8) { + const char *short_fpr = fpr + strlen(fpr) - 8; + _alpm_log(handle, ALPM_LOG_DEBUG, + "looking up key %s remotely\n", short_fpr); + err = gpgme_get_key(ctx, short_fpr, &key, 0); + if(gpg_err_code(err) == GPG_ERR_EOF) { + _alpm_log(handle, ALPM_LOG_DEBUG, "key lookup failed, unknown key\n"); + ret = 0; + } + } else { + ret = 0; + } + } + + if(gpg_err_code(err) != GPG_ERR_NO_ERROR) { goto error; } @@ -270,9 +284,11 @@ static int key_search(alpm_handle_t *handle, const char *fpr, pgpkey->email = key->uids->email; pgpkey->created = key->subkeys->timestamp; pgpkey->expires = key->subkeys->expires; - ret = 1; + gpgme_release(ctx); + return 1; error: + _alpm_log(handle, ALPM_LOG_DEBUG, "gpg error: %s\n", gpgme_strerror(err)); gpgme_release(ctx); return ret; } |