From 6767de5380d97f6544ca3968b83b74120dfcbeca Mon Sep 17 00:00:00 2001 From: Dan McGee Date: Wed, 21 Sep 2011 15:30:12 -0500 Subject: Add status and check for key being disabled Because we aren't using gpgv and a dedicated keyring that is known to be all safe, we should honor this flag being set on a given key in the keyring to know to not honor it. This prevents a key from being reimported that a user does not want to be used- instead of deleting, one should mark it as disabled. Signed-off-by: Dan McGee --- lib/libalpm/alpm.h | 1 + lib/libalpm/signing.c | 15 +++++++++++++-- src/pacman/util.c | 3 +++ 3 files changed, 17 insertions(+), 2 deletions(-) diff --git a/lib/libalpm/alpm.h b/lib/libalpm/alpm.h index 3b6b279c..75e3c4a9 100644 --- a/lib/libalpm/alpm.h +++ b/lib/libalpm/alpm.h @@ -117,6 +117,7 @@ typedef enum _alpm_sigstatus_t { ALPM_SIGSTATUS_KEY_EXPIRED, ALPM_SIGSTATUS_SIG_EXPIRED, ALPM_SIGSTATUS_KEY_UNKNOWN, + ALPM_SIGSTATUS_KEY_DISABLED, ALPM_SIGSTATUS_INVALID } alpm_sigstatus_t; diff --git a/lib/libalpm/signing.c b/lib/libalpm/signing.c index fbe64c98..66607fce 100644 --- a/lib/libalpm/signing.c +++ b/lib/libalpm/signing.c @@ -476,8 +476,10 @@ int _alpm_gpgme_checksig(alpm_handle_t *handle, const char *path, result->key.email = key->uids->email; result->key.created = key->subkeys->timestamp; result->key.expires = key->subkeys->expires; - _alpm_log(handle, ALPM_LOG_DEBUG, "key: %s, %s, owner_trust %s\n", - key->subkeys->fpr, key->uids->uid, string_validity(key->owner_trust)); + _alpm_log(handle, ALPM_LOG_DEBUG, + "key: %s, %s, owner_trust %s, disabled %d\n", + key->subkeys->fpr, key->uids->uid, + string_validity(key->owner_trust), key->disabled); } } @@ -501,6 +503,10 @@ int _alpm_gpgme_checksig(alpm_handle_t *handle, const char *path, status = ALPM_SIGSTATUS_INVALID; break; } + /* special case: key disabled is not returned in above status code */ + if(result->key.data && key->disabled) { + status = ALPM_SIGSTATUS_KEY_DISABLED; + } switch(gpgsig->validity) { case GPGME_VALIDITY_ULTIMATE: @@ -642,6 +648,7 @@ int _alpm_check_pgp_helper(alpm_handle_t *handle, const char *path, break; case ALPM_SIGSTATUS_SIG_EXPIRED: case ALPM_SIGSTATUS_KEY_UNKNOWN: + case ALPM_SIGSTATUS_KEY_DISABLED: case ALPM_SIGSTATUS_INVALID: _alpm_log(handle, ALPM_LOG_DEBUG, "signature is not valid\n"); ret = -1; @@ -745,6 +752,10 @@ int _alpm_process_siglist(alpm_handle_t *handle, const char *identifier, gpgme_key_unref(fetch_key.data); } break; + case ALPM_SIGSTATUS_KEY_DISABLED: + _alpm_log(handle, ALPM_LOG_ERROR, + _("%s: key \"%s\" is disabled\n"), identifier, name); + break; case ALPM_SIGSTATUS_SIG_EXPIRED: _alpm_log(handle, ALPM_LOG_ERROR, _("%s: signature from \"%s\" is expired\n"), identifier, name); diff --git a/src/pacman/util.c b/src/pacman/util.c index a566f4a7..ea89b39c 100644 --- a/src/pacman/util.c +++ b/src/pacman/util.c @@ -707,6 +707,9 @@ void signature_display(const char *title, alpm_siglist_t *siglist) case ALPM_SIGSTATUS_KEY_UNKNOWN: status = _("Key unknown"); break; + case ALPM_SIGSTATUS_KEY_DISABLED: + status = _("Key disabled"); + break; default: status = _("Signature error"); break; -- cgit v1.2.3-24-g4f1b