From 6767de5380d97f6544ca3968b83b74120dfcbeca Mon Sep 17 00:00:00 2001
From: Dan McGee <dan@archlinux.org>
Date: Wed, 21 Sep 2011 15:30:12 -0500
Subject: Add status and check for key being disabled

Because we aren't using gpgv and a dedicated keyring that is known to be
all safe, we should honor this flag being set on a given key in the
keyring to know to not honor it. This prevents a key from being
reimported that a user does not want to be used- instead of deleting,
one should mark it as disabled.

Signed-off-by: Dan McGee <dan@archlinux.org>
---
 lib/libalpm/signing.c | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

(limited to 'lib/libalpm/signing.c')

diff --git a/lib/libalpm/signing.c b/lib/libalpm/signing.c
index fbe64c98..66607fce 100644
--- a/lib/libalpm/signing.c
+++ b/lib/libalpm/signing.c
@@ -476,8 +476,10 @@ int _alpm_gpgme_checksig(alpm_handle_t *handle, const char *path,
 				result->key.email = key->uids->email;
 				result->key.created = key->subkeys->timestamp;
 				result->key.expires = key->subkeys->expires;
-				_alpm_log(handle, ALPM_LOG_DEBUG, "key: %s, %s, owner_trust %s\n",
-						key->subkeys->fpr, key->uids->uid, string_validity(key->owner_trust));
+				_alpm_log(handle, ALPM_LOG_DEBUG,
+						"key: %s, %s, owner_trust %s, disabled %d\n",
+						key->subkeys->fpr, key->uids->uid,
+						string_validity(key->owner_trust), key->disabled);
 			}
 		}
 
@@ -501,6 +503,10 @@ int _alpm_gpgme_checksig(alpm_handle_t *handle, const char *path,
 				status = ALPM_SIGSTATUS_INVALID;
 				break;
 		}
+		/* special case: key disabled is not returned in above status code */
+		if(result->key.data && key->disabled) {
+			status = ALPM_SIGSTATUS_KEY_DISABLED;
+		}
 
 		switch(gpgsig->validity) {
 			case GPGME_VALIDITY_ULTIMATE:
@@ -642,6 +648,7 @@ int _alpm_check_pgp_helper(alpm_handle_t *handle, const char *path,
 					break;
 				case ALPM_SIGSTATUS_SIG_EXPIRED:
 				case ALPM_SIGSTATUS_KEY_UNKNOWN:
+				case ALPM_SIGSTATUS_KEY_DISABLED:
 				case ALPM_SIGSTATUS_INVALID:
 					_alpm_log(handle, ALPM_LOG_DEBUG, "signature is not valid\n");
 					ret = -1;
@@ -745,6 +752,10 @@ int _alpm_process_siglist(alpm_handle_t *handle, const char *identifier,
 					gpgme_key_unref(fetch_key.data);
 				}
 				break;
+			case ALPM_SIGSTATUS_KEY_DISABLED:
+				_alpm_log(handle, ALPM_LOG_ERROR,
+						_("%s: key \"%s\" is disabled\n"), identifier, name);
+				break;
 			case ALPM_SIGSTATUS_SIG_EXPIRED:
 				_alpm_log(handle, ALPM_LOG_ERROR,
 						_("%s: signature from \"%s\" is expired\n"), identifier, name);
-- 
cgit v1.2.3-24-g4f1b