From b01bcc7d3d680856bd60c4ae03e4ba3f6d889cb2 Mon Sep 17 00:00:00 2001 From: Anatol Pomozov Date: Tue, 26 May 2020 19:12:08 -0700 Subject: Fallback to detached signatures during keyring check Pacman has a 'key in keyring' verification step that makes sure the signatures have a valid keyid. Currently pacman parses embedded package signatures only. Add a fallback to detached signatures. If embedded signature is missing then it tries to read corresponding *.sig file and get keyid from there. Verification: debug: found cached pkg: /var/cache/pacman/pkg/glib-networking-2.64.3-1-x86_64.pkg.tar.zst debug: found detached signature /var/cache/pacman/pkg/glib-networking-2.64.3-1-x86_64.pkg.tar.zst.sig with size 310 debug: found signature key: A5E9288C4FA415FA debug: looking up key A5E9288C4FA415FA locally debug: key lookup success, key exists Signed-off-by: Anatol Pomozov Signed-off-by: Allan McRae --- lib/libalpm/package.c | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) (limited to 'lib/libalpm/package.c') diff --git a/lib/libalpm/package.c b/lib/libalpm/package.c index 5c5fa073..0885b27b 100644 --- a/lib/libalpm/package.c +++ b/lib/libalpm/package.c @@ -268,6 +268,46 @@ const char SYMEXPORT *alpm_pkg_get_base64_sig(alpm_pkg_t *pkg) return pkg->base64_sig; } +int SYMEXPORT alpm_pkg_get_sig(alpm_pkg_t *pkg, unsigned char **sig, size_t *sig_len) +{ + if(pkg != NULL) { + RET_ERR(pkg->handle, ALPM_ERR_WRONG_ARGS, -1); + } + + if(pkg->base64_sig) { + int ret = alpm_decode_signature(pkg->base64_sig, sig, sig_len); + if(ret != 0) { + RET_ERR(pkg->handle, ALPM_ERR_SIG_INVALID, -1); + } + return 0; + } else { + char *pkgpath = NULL, *sigpath = NULL; + alpm_errno_t err; + int ret = -1; + + pkgpath = _alpm_filecache_find(pkg->handle, pkg->filename); + if(!pkgpath) { + GOTO_ERR(pkg->handle, ALPM_ERR_PKG_NOT_FOUND, cleanup); + } + sigpath = _alpm_sigpath(pkg->handle, pkgpath); + if(!sigpath || _alpm_access(pkg->handle, NULL, sigpath, R_OK)) { + GOTO_ERR(pkg->handle, ALPM_ERR_SIG_MISSING, cleanup); + } + err = _alpm_read_file(sigpath, sig, sig_len); + if(err == ALPM_ERR_OK) { + _alpm_log(pkg->handle, ALPM_LOG_DEBUG, "found detached signature %s with size %ld\n", + sigpath, *sig_len); + } else { + GOTO_ERR(pkg->handle, err, cleanup); + } + ret = 0; +cleanup: + FREE(pkgpath); + FREE(sigpath); + return ret; + } +} + const char SYMEXPORT *alpm_pkg_get_arch(alpm_pkg_t *pkg) { ASSERT(pkg != NULL, return NULL); -- cgit v1.2.3-24-g4f1b