summaryrefslogtreecommitdiffstats
path: root/lib/libalpm/sync.c
diff options
context:
space:
mode:
authorDan McGee <dan@archlinux.org>2011-04-22 06:39:01 +0200
committerDan McGee <dan@archlinux.org>2011-04-24 17:48:34 +0200
commit4d63ebe2fbe932412a7b8340af49bf30c8e17a91 (patch)
tree83555011c2e8205a4243ac389647af50e964761e /lib/libalpm/sync.c
parent1cf79eb8c8c7894d238cd906613dc1cd5b7ced1a (diff)
downloadpacman-4d63ebe2fbe932412a7b8340af49bf30c8e17a91.tar.gz
pacman-4d63ebe2fbe932412a7b8340af49bf30c8e17a91.tar.xz
Perform package verification at package load time
Both md5sum verification and PGP verification can and should be done at package load time. This allows verification to happen as early as possible for packages provided by filename and loaded in the frontend, and moves more stuff out of sync_commit that doesn't really belong there. This should also set the stage for simplified parallel loading of packages later down the road. Signed-off-by: Dan McGee <dan@archlinux.org>
Diffstat (limited to 'lib/libalpm/sync.c')
-rw-r--r--lib/libalpm/sync.c40
1 files changed, 11 insertions, 29 deletions
diff --git a/lib/libalpm/sync.c b/lib/libalpm/sync.c
index a702bac5..4b42af4d 100644
--- a/lib/libalpm/sync.c
+++ b/lib/libalpm/sync.c
@@ -862,45 +862,27 @@ int _alpm_sync_commit(pmtrans_t *trans, pmdb_t *db_local, alpm_list_t **data)
for(i = trans->add; i; i = i->next, current++) {
pmpkg_t *spkg = i->data;
int percent = (current * 100) / numtargs;
+ const char *filename;
+ char *filepath;
+ pgp_verify_t check_sig;
+
+ PROGRESS(trans, PM_TRANS_PROGRESS_INTEGRITY_START, "", percent,
+ numtargs, current);
if(spkg->origin == PKG_FROM_FILE) {
continue; /* pkg_load() has been already called, this package is valid */
}
- PROGRESS(trans, PM_TRANS_PROGRESS_INTEGRITY_START, "", percent,
- numtargs, current);
- const char *filename = alpm_pkg_get_filename(spkg);
- char *filepath = _alpm_filecache_find(filename);
- const char *md5sum = alpm_pkg_get_md5sum(spkg);
- pgp_verify_t check_sig;
-
- /* check md5sum first */
- if(test_md5sum(trans, filepath, md5sum) != 0) {
- errors++;
- *data = alpm_list_add(*data, strdup(filename));
- FREE(filepath);
- continue;
- }
- /* check PGP signature next */
+ filename = alpm_pkg_get_filename(spkg);
+ filepath = _alpm_filecache_find(filename);
pmdb_t *sdb = alpm_pkg_get_db(spkg);
-
check_sig = _alpm_db_get_sigverify_level(sdb);
- if(check_sig != PM_PGP_VERIFY_NEVER) {
- int ret = _alpm_gpgme_checksig(filepath, spkg->base64_sig);
- if((check_sig == PM_PGP_VERIFY_ALWAYS && ret != 0) ||
- (check_sig == PM_PGP_VERIFY_OPTIONAL && ret == 1)) {
- errors++;
- *data = alpm_list_add(*data, strdup(filename));
- FREE(filepath);
- continue;
- }
- }
/* load the package file and replace pkgcache entry with it in the target list */
/* TODO: alpm_pkg_get_db() will not work on this target anymore */
_alpm_log(PM_LOG_DEBUG, "replacing pkgcache entry with package file for target %s\n", spkg->name);
- pmpkg_t *pkgfile;
- if(alpm_pkg_load(filepath, 1, &pkgfile) != 0) {
- _alpm_pkg_free(pkgfile);
+ pmpkg_t *pkgfile =_alpm_pkg_load_internal(filepath, 1, spkg->md5sum,
+ spkg->base64_sig, check_sig);
+ if(!pkgfile) {
errors++;
*data = alpm_list_add(*data, strdup(filename));
FREE(filepath);