summaryrefslogtreecommitdiffstats
path: root/lib/libalpm/signing.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/libalpm/signing.c')
-rw-r--r--lib/libalpm/signing.c108
1 files changed, 97 insertions, 11 deletions
diff --git a/lib/libalpm/signing.c b/lib/libalpm/signing.c
index d69fd52e..0abf34f1 100644
--- a/lib/libalpm/signing.c
+++ b/lib/libalpm/signing.c
@@ -37,6 +37,82 @@
if(err != GPG_ERR_NO_ERROR) { goto error; } \
} while(0)
+static const char *gpgme_string_validity(gpgme_validity_t validity)
+{
+ switch(validity) {
+ case GPGME_VALIDITY_UNKNOWN:
+ return "unknown";
+ case GPGME_VALIDITY_UNDEFINED:
+ return "undefined";
+ case GPGME_VALIDITY_NEVER:
+ return "never";
+ case GPGME_VALIDITY_MARGINAL:
+ return "marginal";
+ case GPGME_VALIDITY_FULL:
+ return "full";
+ case GPGME_VALIDITY_ULTIMATE:
+ return "ultimate";
+ }
+ return "???";
+}
+
+static alpm_list_t *gpgme_list_sigsum(gpgme_sigsum_t sigsum)
+{
+ alpm_list_t *summary = NULL;
+ /* The docs say this can be a bitmask...not sure I believe it, but we'll code
+ * for it anyway and show all possible flags in the returned string. */
+
+ /* The signature is fully valid. */
+ if(sigsum & GPGME_SIGSUM_VALID) {
+ summary = alpm_list_add(summary, "valid");
+ }
+ /* The signature is good. */
+ if(sigsum & GPGME_SIGSUM_GREEN) {
+ summary = alpm_list_add(summary, "green");
+ }
+ /* The signature is bad. */
+ if(sigsum & GPGME_SIGSUM_RED) {
+ summary = alpm_list_add(summary, "red");
+ }
+ /* One key has been revoked. */
+ if(sigsum & GPGME_SIGSUM_KEY_REVOKED) {
+ summary = alpm_list_add(summary, "key revoked");
+ }
+ /* One key has expired. */
+ if(sigsum & GPGME_SIGSUM_KEY_EXPIRED) {
+ summary = alpm_list_add(summary, "key expired");
+ }
+ /* The signature has expired. */
+ if(sigsum & GPGME_SIGSUM_SIG_EXPIRED) {
+ summary = alpm_list_add(summary, "sig expired");
+ }
+ /* Can't verify: key missing. */
+ if(sigsum & GPGME_SIGSUM_KEY_MISSING) {
+ summary = alpm_list_add(summary, "key missing");
+ }
+ /* CRL not available. */
+ if(sigsum & GPGME_SIGSUM_CRL_MISSING) {
+ summary = alpm_list_add(summary, "crl missing");
+ }
+ /* Available CRL is too old. */
+ if(sigsum & GPGME_SIGSUM_CRL_TOO_OLD) {
+ summary = alpm_list_add(summary, "crl too old");
+ }
+ /* A policy was not met. */
+ if(sigsum & GPGME_SIGSUM_BAD_POLICY) {
+ summary = alpm_list_add(summary, "bad policy");
+ }
+ /* A system error occured. */
+ if(sigsum & GPGME_SIGSUM_SYS_ERROR) {
+ summary = alpm_list_add(summary, "sys error");
+ }
+ /* Fallback case */
+ if(!sigsum) {
+ summary = alpm_list_add(summary, "(empty)");
+ }
+ return summary;
+}
+
static int gpgme_init(void)
{
static int init = 0;
@@ -221,17 +297,27 @@ int _alpm_gpgme_checksig(const char *path, const char *base64_sig)
ret = -1;
goto error;
}
- _alpm_log(PM_LOG_DEBUG, "summary=%x\n", gpgsig->summary);
- _alpm_log(PM_LOG_DEBUG, "fpr=%s\n", gpgsig->fpr);
- _alpm_log(PM_LOG_DEBUG, "status=%d\n", gpgsig->status);
- _alpm_log(PM_LOG_DEBUG, "timestamp=%lu\n", gpgsig->timestamp);
- _alpm_log(PM_LOG_DEBUG, "wrong_key_usage=%u\n", gpgsig->wrong_key_usage);
- _alpm_log(PM_LOG_DEBUG, "pka_trust=%u\n", gpgsig->pka_trust);
- _alpm_log(PM_LOG_DEBUG, "chain_model=%u\n", gpgsig->chain_model);
- _alpm_log(PM_LOG_DEBUG, "validity=%d\n", gpgsig->validity);
- _alpm_log(PM_LOG_DEBUG, "validity_reason=%d\n", gpgsig->validity_reason);
- _alpm_log(PM_LOG_DEBUG, "key=%d\n", gpgsig->pubkey_algo);
- _alpm_log(PM_LOG_DEBUG, "hash=%d\n", gpgsig->hash_algo);
+
+ {
+ alpm_list_t *summary_list, *summary;
+
+ _alpm_log(PM_LOG_DEBUG, "fingerprint: %s\n", gpgsig->fpr);
+ summary_list = gpgme_list_sigsum(gpgsig->summary);
+ for(summary = summary_list; summary; summary = summary->next) {
+ _alpm_log(PM_LOG_DEBUG, "summary: %s\n", (const char *)summary->data);
+ }
+ _alpm_log(PM_LOG_DEBUG, "status: %s\n", gpgme_strerror(gpgsig->status));
+ _alpm_log(PM_LOG_DEBUG, "timestamp: %lu\n", gpgsig->timestamp);
+ _alpm_log(PM_LOG_DEBUG, "exp_timestamp: %lu\n", gpgsig->exp_timestamp);
+ _alpm_log(PM_LOG_DEBUG, "validity: %s\n",
+ gpgme_string_validity(gpgsig->validity));
+ _alpm_log(PM_LOG_DEBUG, "validity_reason: %s\n",
+ gpgme_strerror(gpgsig->validity_reason));
+ _alpm_log(PM_LOG_DEBUG, "pubkey algo: %s\n",
+ gpgme_pubkey_algo_name(gpgsig->pubkey_algo));
+ _alpm_log(PM_LOG_DEBUG, "hash algo: %s\n",
+ gpgme_hash_algo_name(gpgsig->hash_algo));
+ }
if(gpgsig->summary & GPGME_SIGSUM_VALID) {
/* good signature, continue */