From 7af0ab1cde9398c938a7a221aca5787934a16121 Mon Sep 17 00:00:00 2001 From: Dan McGee Date: Mon, 27 Jun 2011 16:29:49 -0500 Subject: signing: move to new signing verification and return scheme This gives us more granularity than the former Never/Optional/Always trifecta. The frontend still uses these values temporarily but that will be changed in a future patch. * Use 'siglevel' consistenly in method names, 'level' as variable name * The level becomes an enum bitmask value for flexibility * Signature check methods now return a array of status codes rather than a simple integer success/failure value. This allows callers to determine whether things such as an unknown signature are valid. * Specific signature error codes mostly disappear in favor of the above returned status code; pm_errno is now set only to PKG_INVALID_SIG or DB_INVALID_SIG as appropriate. Signed-off-by: Dan McGee --- lib/libalpm/alpm.h | 67 ++++++++++++++++++++++++++++++++++++++---------------- 1 file changed, 47 insertions(+), 20 deletions(-) (limited to 'lib/libalpm/alpm.h') diff --git a/lib/libalpm/alpm.h b/lib/libalpm/alpm.h index e733eb2d..049eae2f 100644 --- a/lib/libalpm/alpm.h +++ b/lib/libalpm/alpm.h @@ -87,14 +87,31 @@ typedef enum _alpm_fileconflicttype_t { } alpm_fileconflicttype_t; /** - * GPG signature verification options + * PGP signature verification options */ -typedef enum _pgp_verify_t { - PM_PGP_VERIFY_UNKNOWN, - PM_PGP_VERIFY_NEVER, - PM_PGP_VERIFY_OPTIONAL, - PM_PGP_VERIFY_ALWAYS -} pgp_verify_t; +typedef enum _alpm_siglevel_t { + ALPM_SIG_PACKAGE = (1 << 0), + ALPM_SIG_PACKAGE_OPTIONAL = (1 << 1), + ALPM_SIG_PACKAGE_MARGINAL_OK = (1 << 2), + ALPM_SIG_PACKAGE_UNKNOWN_OK = (1 << 3), + + ALPM_SIG_DATABASE = (1 << 10), + ALPM_SIG_DATABASE_OPTIONAL = (1 << 11), + ALPM_SIG_DATABASE_MARGINAL_OK = (1 << 12), + ALPM_SIG_DATABASE_UNKNOWN_OK = (1 << 13), + + ALPM_SIG_USE_DEFAULT = (1 << 31) +} alpm_siglevel_t; + +/** + * PGP signature verification return codes + */ +typedef enum _alpm_sigstatus_t { + ALPM_SIGSTATUS_VALID = 0, + ALPM_SIGSTATUS_MARGINAL, + ALPM_SIGSTATUS_UNKNOWN, + ALPM_SIGSTATUS_BAD +} alpm_sigstatus_t; /* * Structures @@ -173,6 +190,15 @@ typedef struct _alpm_backup_t { char *hash; } alpm_backup_t; +/** Signature result. Contains the number of signatures found and pointers to + * arrays containing key and status info. All contained arrays have size + * #count.*/ +typedef struct _alpm_sigresult_t { + int count; + alpm_sigstatus_t *status; + char **uid; +} alpm_sigresult_t; + /* * Logging facilities */ @@ -335,8 +361,8 @@ int alpm_option_set_usedelta(alpm_handle_t *handle, int usedelta); int alpm_option_get_checkspace(alpm_handle_t *handle); int alpm_option_set_checkspace(alpm_handle_t *handle, int checkspace); -pgp_verify_t alpm_option_get_default_sigverify(alpm_handle_t *handle); -int alpm_option_set_default_sigverify(alpm_handle_t *handle, pgp_verify_t level); +alpm_siglevel_t alpm_option_get_default_siglevel(alpm_handle_t *handle); +int alpm_option_set_default_siglevel(alpm_handle_t *handle, alpm_siglevel_t level); /** @} */ @@ -364,12 +390,12 @@ alpm_list_t *alpm_option_get_syncdbs(alpm_handle_t *handle); /** Register a sync database of packages. * @param handle the context handle * @param treename the name of the sync repository - * @param check_sig what level of signature checking to perform on the + * @param level what level of signature checking to perform on the * database; note that this must be a '.sig' file type verification - * @return a alpm_db_t* on success (the value), NULL on error + * @return an alpm_db_t* on success (the value), NULL on error */ alpm_db_t *alpm_db_register_sync(alpm_handle_t *handle, const char *treename, - pgp_verify_t check_sig); + alpm_siglevel_t level); /** Unregister a package database. * @param db pointer to the package database to unregister @@ -391,11 +417,11 @@ const char *alpm_db_get_name(const alpm_db_t *db); /** Get the signature verification level for a database. * Will return the default verification level if this database is set up - * with PM_PGP_VERIFY_UNKNOWN. + * with ALPM_SIG_USE_DEFAULT. * @param db pointer to the package database * @return the signature verification level */ -pgp_verify_t alpm_db_get_sigverify_level(alpm_db_t *db); +alpm_siglevel_t alpm_db_get_siglevel(alpm_db_t *db); /** Check the validity of a database. * This is most useful for sync databases and verifying signature status. @@ -473,13 +499,13 @@ int alpm_db_set_pkgreason(alpm_db_t *db, const char *name, alpm_pkgreason_t reas * @param filename location of the package tarball * @param full whether to stop the load after metadata is read or continue * through the full archive - * @param check_sig what level of package signature checking to perform on the + * @param level what level of package signature checking to perform on the * package; note that this must be a '.sig' file type verification * @param pkg address of the package pointer * @return 0 on success, -1 on error (pm_errno is set accordingly) */ int alpm_pkg_load(alpm_handle_t *handle, const char *filename, int full, - pgp_verify_t check_sig, alpm_pkg_t **pkg); + alpm_siglevel_t, alpm_pkg_t **pkg); /** Free a package. * @param pkg package pointer to free @@ -715,9 +741,9 @@ alpm_list_t *alpm_pkg_unused_deltas(alpm_pkg_t *pkg); * Signatures */ -int alpm_pkg_check_pgp_signature(alpm_pkg_t *pkg); +int alpm_pkg_check_pgp_signature(alpm_pkg_t *pkg, alpm_sigresult_t *result); -int alpm_db_check_pgp_signature(alpm_db_t *db); +int alpm_db_check_pgp_signature(alpm_db_t *db, alpm_sigresult_t *result); /* * Groups @@ -1025,6 +1051,7 @@ enum _alpm_errno_t { ALPM_ERR_DB_NOT_NULL, ALPM_ERR_DB_NOT_FOUND, ALPM_ERR_DB_INVALID, + ALPM_ERR_DB_INVALID_SIG, ALPM_ERR_DB_VERSION, ALPM_ERR_DB_WRITE, ALPM_ERR_DB_REMOVE, @@ -1044,15 +1071,15 @@ enum _alpm_errno_t { ALPM_ERR_PKG_NOT_FOUND, ALPM_ERR_PKG_IGNORED, ALPM_ERR_PKG_INVALID, + ALPM_ERR_PKG_INVALID_SIG, ALPM_ERR_PKG_OPEN, ALPM_ERR_PKG_CANT_REMOVE, ALPM_ERR_PKG_INVALID_NAME, ALPM_ERR_PKG_INVALID_ARCH, ALPM_ERR_PKG_REPO_NOT_FOUND, /* Signatures */ - ALPM_ERR_SIG_MISSINGDIR, + ALPM_ERR_SIG_MISSING, ALPM_ERR_SIG_INVALID, - ALPM_ERR_SIG_UNKNOWN, /* Deltas */ ALPM_ERR_DLT_INVALID, ALPM_ERR_DLT_PATCHFAILED, -- cgit v1.2.3-24-g4f1b