summaryrefslogtreecommitdiffstats
path: root/lib/libalpm/signing.c
AgeCommit message (Collapse)AuthorFilesLines
2011-05-04Reduce duplicate signing debug code and fix logic conditionDan McGee1-35/+23
We had a lot of similar looking code that we can collapse down into a function. This also fixes errors seen when turning on some gcc warnings and implicitly casting away the const-ness of the string. Free the list when we are done with it as well. Also, fix a logic error where we should be checking with &&, not ||. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-04-27Allow conditional compilation with GPGMEDan McGee1-1/+11
This makes it possible to omit usage of -lgpgme, just as we can do for -lcurl and -lcrypto. Thanks to Rémy Oudompheng for an initial stab at this. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-04-24signing: add more detail to unexpected signature count errorDan McGee1-1/+7
Do a quick loop and count of the returned data so we can show how many signatures were parsed and read. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-04-24Enhance GPGME debug outputDan McGee1-11/+97
Add some lookup functions for nice names for the various types used by the library, and remove some fields that are of little use to us in the debug output. This should make looking at key loading and verification a bit easier, especially in determining what makes up our good and bad criteria. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-04-24Rein in the complexity of the signature typeDan McGee1-10/+53
Given that we offer no transparency into the pmpgpsig_t type, we don't really need to expose it outside of the library, and at this point, we don't need it at all. Don't decode anything except when checking signatures. For packages/files not from a sync database, we now just read the signature file directly anyway. Also push the decoding logic down further into the check method so we don't need this hanging out in a less than ideal place. This will make it easier to conditionally compile things down the road. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-04-24signing: let GPGME handle loading signatures from filesDan McGee1-59/+35
Rather than go through all the hassle of doing this ourselves, just let GPGME handle the work by passing it a file handle. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-04-21Rename gpgsig struct fields for clarityDan McGee1-6/+6
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-04-21Form the signature file location in one placeDan McGee1-10/+14
Since we do this for all cases anyway. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-04-21syntax: if/while statements should have no trailing spaceDan McGee1-1/+1
This is the standard, and we have had a few of these introduced lately that should not be here. Done with: find -name '*.c' | xargs sed -i -e 's#if (#if(#g' find -name '*.c' | xargs sed -i -e 's#while (#while(#g' Signed-off-by: Dan McGee <dan@archlinux.org>
2011-04-21Allow VerifySig to act as a default verification in [options]Dave Reisner1-4/+21
* add _alpm_db_get_sigverify_level * add alpm_option_{get,set}_default_sigverify And set the default verification level to OPTIONAL if not set otherwise. Signed-off-by: Dave Reisner <d@falconindy.com> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-04-21style cleanup: cast as (type *) not (type*)Dave Reisner1-1/+1
Signed-off-by: Dave Reisner <d@falconindy.com> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-24Do not reuse old signatureAllan McRae1-1/+1
After updating a database, remove the old signature to prevent it being used in validation if the new signature fails to download. Signed-off-by: Allan McRae <allan@archlinux.org>
2011-03-24Refactor signature loading code into common functionDan McGee1-2/+47
We can use this for both standalone package signatures as well as standalone database signatures. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-24Add functions for verifying database signatureAllan McRae1-26/+40
Add a pmpgpsig_t struct to the database entry struct and functions for the lazy loading of database signatures. Add a function for checking database signatures, reusing (and generalizing) the code currently used for checking package signatures. TODO: The code for reading in signature files from the filesystem is duplicated for local packages and database and needs refactoring. Signed-off-by: Allan McRae <allan@archlinux.org>
2011-03-23Report output from signature checking to debug logAllan McRae1-11/+11
Move the (possibly still temporary) output generated during signature checking into the --debug output. Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23Added gpg verification options per repo to the config file.Xavier Chantry1-0/+2
Once we do this, add support for VerifySig to pactest. We just check if the repo name contains Always, Never or Optional to determine the value of VerifySig. The default is Never. pacman uses Always by default but this is not suitable for pactest. Original-work-by: shankar <jatheendra@gmail.com> Signed-off-by: Xavier Chantry <shiningxc@gmail.com> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23Integrate GPGME into libalpmDan McGee1-0/+219
Signed-off-by: Dan McGee <dan@archlinux.org>