diff options
Diffstat (limited to 'lib')
-rw-r--r-- | lib/libalpm/alpm.h | 9 | ||||
-rw-r--r-- | lib/libalpm/db.c | 18 | ||||
-rw-r--r-- | lib/libalpm/db.h | 1 | ||||
-rw-r--r-- | lib/libalpm/signing.c | 2 | ||||
-rw-r--r-- | lib/libalpm/sync.c | 19 |
5 files changed, 44 insertions, 5 deletions
diff --git a/lib/libalpm/alpm.h b/lib/libalpm/alpm.h index 150730ce..276d49cb 100644 --- a/lib/libalpm/alpm.h +++ b/lib/libalpm/alpm.h @@ -251,6 +251,15 @@ alpm_list_t *alpm_pkg_unused_deltas(pmpkg_t *pkg); int alpm_pkg_check_pgp_signature(pmpkg_t *pkg); +/* GPG signature verification option */ +typedef enum _pgp_verify_t { + PM_PGP_VERIFY_ALWAYS, + PM_PGP_VERIFY_OPTIONAL, + PM_PGP_VERIFY_NEVER +} pgp_verify_t; + +int alpm_db_set_pgp_verify(pmdb_t *db, pgp_verify_t verify); + /* * Deltas */ diff --git a/lib/libalpm/db.c b/lib/libalpm/db.c index cb575c8a..f61ea918 100644 --- a/lib/libalpm/db.c +++ b/lib/libalpm/db.c @@ -181,6 +181,24 @@ int SYMEXPORT alpm_db_setserver(pmdb_t *db, const char *url) return 0; } +/** Set the verify gpg signature option for a database. + * @param db database pointer + * @param verify enum pgp_verify_t + * @return 0 on success, -1 on error (pm_errno is set accordingly) + */ +int SYMEXPORT alpm_db_set_pgp_verify(pmdb_t *db, pgp_verify_t verify) +{ + ALPM_LOG_FUNC; + + /* Sanity checks */ + ASSERT(db != NULL, RET_ERR(PM_ERR_DB_NULL, -1)); + + db->pgp_verify = verify; + _alpm_log(PM_LOG_DEBUG, "adding VerifySig option to database '%s': %d\n", + db->treename, verify); + + return(0); +} /** Get the name of a package database * @param db pointer to the package database diff --git a/lib/libalpm/db.h b/lib/libalpm/db.h index 75776d71..dfd9f933 100644 --- a/lib/libalpm/db.h +++ b/lib/libalpm/db.h @@ -60,6 +60,7 @@ struct __pmdb_t { pmpkghash_t *pkgcache; alpm_list_t *grpcache; alpm_list_t *servers; + pgp_verify_t pgp_verify; struct db_operations *ops; }; diff --git a/lib/libalpm/signing.c b/lib/libalpm/signing.c index 27855798..08e9b297 100644 --- a/lib/libalpm/signing.c +++ b/lib/libalpm/signing.c @@ -168,6 +168,8 @@ int _alpm_gpgme_checksig(const char *pkgpath, const pmpgpsig_t *sig) if(gpgsig->summary & GPGME_SIGSUM_VALID) { /* good signature, continue */ + _alpm_log(PM_LOG_DEBUG, _("Package %s has a valid signature.\n"), + pkgpath); } else if(gpgsig->summary & GPGME_SIGSUM_GREEN) { /* 'green' signature, not sure what to do here */ _alpm_log(PM_LOG_WARNING, _("Package %s has a green signature.\n"), diff --git a/lib/libalpm/sync.c b/lib/libalpm/sync.c index 5e7cf293..5428e40b 100644 --- a/lib/libalpm/sync.c +++ b/lib/libalpm/sync.c @@ -847,11 +847,17 @@ int _alpm_sync_commit(pmtrans_t *trans, pmdb_t *db_local, alpm_list_t **data) continue; } /* check PGP signature next */ - if(_alpm_gpgme_checksig(filepath, pgpsig) != 0) { - errors++; - *data = alpm_list_add(*data, strdup(filename)); - FREE(filepath); - continue; + pmdb_t *sdb = alpm_pkg_get_db(spkg); + + if(sdb->pgp_verify != PM_PGP_VERIFY_NEVER) { + int ret = _alpm_gpgme_checksig(filepath, pgpsig); + if((sdb->pgp_verify == PM_PGP_VERIFY_ALWAYS && ret != 0) || + (sdb->pgp_verify == PM_PGP_VERIFY_OPTIONAL && ret == 1)) { + errors++; + *data = alpm_list_add(*data, strdup(filename)); + FREE(filepath); + continue; + } } /* load the package file and replace pkgcache entry with it in the target list */ /* TODO: alpm_pkg_get_db() will not work on this target anymore */ @@ -869,9 +875,12 @@ int _alpm_sync_commit(pmtrans_t *trans, pmdb_t *db_local, alpm_list_t **data) i->data = pkgfile; _alpm_pkg_free_trans(spkg); /* spkg has been removed from the target list */ } + PROGRESS(trans, PM_TRANS_PROGRESS_INTEGRITY_START, "", 100, numtargs, current); EVENT(trans, PM_TRANS_EVT_INTEGRITY_DONE, NULL, NULL); + + if(errors) { pm_errno = PM_ERR_PKG_INVALID; goto error; |