diff options
author | Anatol Pomozov <anatol.pomozov@gmail.com> | 2020-05-27 04:12:08 +0200 |
---|---|---|
committer | Allan McRae <allan@archlinux.org> | 2020-07-07 13:38:13 +0200 |
commit | b01bcc7d3d680856bd60c4ae03e4ba3f6d889cb2 (patch) | |
tree | 847eebcbde07999814ee3137f6d2f4ec11a0a11c /lib/libalpm/sync.c | |
parent | f3dfba73d22b7eca3810a8114f2aab63da488b4c (diff) | |
download | pacman-b01bcc7d3d680856bd60c4ae03e4ba3f6d889cb2.tar.gz pacman-b01bcc7d3d680856bd60c4ae03e4ba3f6d889cb2.tar.xz |
Fallback to detached signatures during keyring check
Pacman has a 'key in keyring' verification step that makes sure the signatures
have a valid keyid. Currently pacman parses embedded package signatures only.
Add a fallback to detached signatures. If embedded signature is missing then it
tries to read corresponding *.sig file and get keyid from there.
Verification:
debug: found cached pkg: /var/cache/pacman/pkg/glib-networking-2.64.3-1-x86_64.pkg.tar.zst
debug: found detached signature /var/cache/pacman/pkg/glib-networking-2.64.3-1-x86_64.pkg.tar.zst.sig with size 310
debug: found signature key: A5E9288C4FA415FA
debug: looking up key A5E9288C4FA415FA locally
debug: key lookup success, key exists
Signed-off-by: Anatol Pomozov <anatol.pomozov@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
Diffstat (limited to 'lib/libalpm/sync.c')
-rw-r--r-- | lib/libalpm/sync.c | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/lib/libalpm/sync.c b/lib/libalpm/sync.c index 8c01ad95..9350793a 100644 --- a/lib/libalpm/sync.c +++ b/lib/libalpm/sync.c @@ -880,18 +880,18 @@ static int check_keyring(alpm_handle_t *handle) } level = alpm_db_get_siglevel(alpm_pkg_get_db(pkg)); - if((level & ALPM_SIG_PACKAGE) && pkg->base64_sig) { - unsigned char *decoded_sigdata = NULL; - size_t data_len; - int decode_ret = alpm_decode_signature(pkg->base64_sig, - &decoded_sigdata, &data_len); - if(decode_ret == 0) { + if((level & ALPM_SIG_PACKAGE)) { + unsigned char *sig = NULL; + size_t sig_len; + int ret = alpm_pkg_get_sig(pkg, &sig, &sig_len); + if(ret == 0) { alpm_list_t *keys = NULL; - if(alpm_extract_keyid(handle, pkg->name, decoded_sigdata, - data_len, &keys) == 0) { + if(alpm_extract_keyid(handle, pkg->name, sig, + sig_len, &keys) == 0) { alpm_list_t *k; for(k = keys; k; k = k->next) { char *key = k->data; + _alpm_log(handle, ALPM_LOG_DEBUG, "found signature key: %s\n", key); if(!alpm_list_find(errors, key, key_cmp) && _alpm_key_in_keychain(handle, key) == 0) { keyinfo = malloc(sizeof(struct keyinfo_t)); @@ -905,8 +905,8 @@ static int check_keyring(alpm_handle_t *handle) } FREELIST(keys); } - free(decoded_sigdata); } + free(sig); } } |