From 07502f2d82393854f36f5c3ff608458e74fcb747 Mon Sep 17 00:00:00 2001 From: Dan McGee Date: Fri, 1 Jul 2011 16:50:32 -0500 Subject: Allow frontend access to signature verification information Show output in -Qip for each package signature, which includes the UID string from the key ("Joe User ") and the validity of said key. Example output: Signatures : Valid signature from "Dan McGee " Unknown signature from "" Invalid signature from "Dan McGee " Also add a backend alpm_sigresult_cleanup() function since memory allocation took place on this object, and we need some way of freeing it. Signed-off-by: Dan McGee --- lib/libalpm/alpm.h | 2 ++ lib/libalpm/signing.c | 22 ++++++++++++++++++++-- src/pacman/package.c | 11 +++++++++++ src/pacman/util.c | 48 +++++++++++++++++++++++++++++++++++++++++++++++- src/pacman/util.h | 1 + 5 files changed, 81 insertions(+), 3 deletions(-) diff --git a/lib/libalpm/alpm.h b/lib/libalpm/alpm.h index 049eae2f..c7cab043 100644 --- a/lib/libalpm/alpm.h +++ b/lib/libalpm/alpm.h @@ -745,6 +745,8 @@ int alpm_pkg_check_pgp_signature(alpm_pkg_t *pkg, alpm_sigresult_t *result); int alpm_db_check_pgp_signature(alpm_db_t *db, alpm_sigresult_t *result); +int alpm_sigresult_cleanup(alpm_sigresult_t *result); + /* * Groups */ diff --git a/lib/libalpm/signing.c b/lib/libalpm/signing.c index 49d075ef..cfa9a02c 100644 --- a/lib/libalpm/signing.c +++ b/lib/libalpm/signing.c @@ -310,6 +310,7 @@ int _alpm_gpgme_checksig(alpm_handle_t *handle, const char *path, gpgsig = gpgsig->next, sigcount++) { alpm_list_t *summary_list, *summary; alpm_sigstatus_t status; + gpgme_key_t key; _alpm_log(handle, ALPM_LOG_DEBUG, "fingerprint: %s\n", gpgsig->fpr); summary_list = list_sigsum(gpgsig->summary); @@ -449,8 +450,7 @@ int _alpm_check_pgp_helper(alpm_handle_t *handle, const char *path, } } - free(result.status); - free(result.uid); + alpm_sigresult_cleanup(&result); return ret; } @@ -485,4 +485,22 @@ int SYMEXPORT alpm_db_check_pgp_signature(alpm_db_t *db, return _alpm_gpgme_checksig(db->handle, _alpm_db_path(db), NULL, result); } +int SYMEXPORT alpm_sigresult_cleanup(alpm_sigresult_t *result) +{ + ASSERT(result != NULL, return -1); + /* Because it is likely result is on the stack, uid and status may have bogus + * values in the struct. Only look at them if count is greater than 0. */ + if(result->count > 0) { + free(result->status); + if(result->uid) { + int i; + for(i = 0; i < result->count; i++) { + free(result->uid[i]); + } + free(result->uid); + } + } + return 0; +} + /* vim: set ts=2 sw=2 noet: */ diff --git a/src/pacman/package.c b/src/pacman/package.c index 5514f001..afbac6b7 100644 --- a/src/pacman/package.c +++ b/src/pacman/package.c @@ -136,6 +136,17 @@ void dump_pkg_full(alpm_pkg_t *pkg, enum pkg_from from, int extra) if(from == PKG_FROM_SYNCDB) { string_display(_("MD5 Sum :"), alpm_pkg_get_md5sum(pkg)); } + if(from == PKG_FROM_FILE) { + alpm_sigresult_t result; + int err = alpm_pkg_check_pgp_signature(pkg, &result); + if(err) { + string_display(_("Signatures :"), + alpm_strerror(alpm_errno(config->handle))); + } else { + signature_display(_("Signatures :"), &result); + } + alpm_sigresult_cleanup(&result); + } string_display(_("Description :"), alpm_pkg_get_desc(pkg)); /* Print additional package info if info flag passed more than once */ diff --git a/src/pacman/util.c b/src/pacman/util.c index 9ced7aad..28beaca3 100644 --- a/src/pacman/util.c +++ b/src/pacman/util.c @@ -613,7 +613,6 @@ void list_display(const char *title, const alpm_list_t *list) void list_display_linebreak(const char *title, const alpm_list_t *list) { - const alpm_list_t *i; int len = 0; if(title) { @@ -624,6 +623,7 @@ void list_display_linebreak(const char *title, const alpm_list_t *list) if(!list) { printf("%s\n", _("None")); } else { + const alpm_list_t *i; /* Print the first element */ indentprint((const char *) alpm_list_getdata(list), len); printf("\n"); @@ -639,6 +639,52 @@ void list_display_linebreak(const char *title, const alpm_list_t *list) } } +void signature_display(const char *title, alpm_sigresult_t *result) +{ + int len = 0; + + if(title) { + len = string_length(title) + 1; + printf("%s ", title); + } + if(result->count == 0) { + printf(_("None")); + } else { + int i; + for(i = 0; i < result->count; i++) { + char sigline[PATH_MAX]; + const char *validity, *name; + /* Don't re-indent the first result */ + if(i != 0) { + int j; + for(j = 1; j <= len; j++) { + printf(" "); + } + } + switch(result->status[i]) { + case ALPM_SIGSTATUS_VALID: + validity = _("Valid signature"); + break; + case ALPM_SIGSTATUS_MARGINAL: + validity = _("Marginal signature"); + break; + case ALPM_SIGSTATUS_UNKNOWN: + validity = _("Unknown signature"); + break; + case ALPM_SIGSTATUS_BAD: + validity = _("Invalid signature"); + break; + default: + validity = _("Signature error"); + } + name = result->uid[i] ? result->uid[i] : _(""); + snprintf(sigline, PATH_MAX, _("%s from \"%s\""), validity, name); + indentprint(sigline, len); + printf("\n"); + } + } +} + /* creates a header row for use with table_display */ static alpm_list_t *create_verbose_header(int install) { diff --git a/src/pacman/util.h b/src/pacman/util.h index 5d86dfda..a914d0c6 100644 --- a/src/pacman/util.h +++ b/src/pacman/util.h @@ -56,6 +56,7 @@ double humanize_size(off_t bytes, const char target_unit, int long_labels, const int table_display(const char *title, const alpm_list_t *header, const alpm_list_t *rows); void list_display(const char *title, const alpm_list_t *list); void list_display_linebreak(const char *title, const alpm_list_t *list); +void signature_display(const char *title, alpm_sigresult_t *result); void display_targets(const alpm_list_t *pkgs, int install); int str_cmp(const void *s1, const void *s2); void display_new_optdepends(alpm_pkg_t *oldpkg, alpm_pkg_t *newpkg); -- cgit v1.2.3-24-g4f1b