From 6760ec2b770e65f2aae9cfd39135cefd49961195 Mon Sep 17 00:00:00 2001 From: Dave Reisner Date: Fri, 25 Mar 2011 21:40:16 -0400 Subject: Allow VerifySig to act as a default verification in [options] * add _alpm_db_get_sigverify_level * add alpm_option_{get,set}_default_sigverify And set the default verification level to OPTIONAL if not set otherwise. Signed-off-by: Dave Reisner Signed-off-by: Dan McGee --- lib/libalpm/sync.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) (limited to 'lib/libalpm/sync.c') diff --git a/lib/libalpm/sync.c b/lib/libalpm/sync.c index a8284987..0143eed1 100644 --- a/lib/libalpm/sync.c +++ b/lib/libalpm/sync.c @@ -842,6 +842,7 @@ int _alpm_sync_commit(pmtrans_t *trans, pmdb_t *db_local, alpm_list_t **data) char *filepath = _alpm_filecache_find(filename); const char *md5sum = alpm_pkg_get_md5sum(spkg); const pmpgpsig_t *pgpsig = alpm_pkg_get_pgpsig(spkg); + pgp_verify_t check_sig; /* check md5sum first */ if(test_md5sum(trans, filepath, md5sum) != 0) { @@ -853,10 +854,19 @@ int _alpm_sync_commit(pmtrans_t *trans, pmdb_t *db_local, alpm_list_t **data) /* check PGP signature next */ pmdb_t *sdb = alpm_pkg_get_db(spkg); - if(sdb->pgp_verify != PM_PGP_VERIFY_NEVER) { + check_sig = _alpm_db_get_sigverify_level(sdb); + + if(check_sig == PM_PGP_VERIFY_UNKNOWN) { + _alpm_log(PM_LOG_ERROR, _("failed to determine signature verification " + "level for database: %s\n"), sdb->treename); + pm_errno = PM_ERR_PKG_INVALID; + goto error; + } + + if(check_sig != PM_PGP_VERIFY_NEVER) { int ret = _alpm_gpgme_checksig(filepath, pgpsig); - if((sdb->pgp_verify == PM_PGP_VERIFY_ALWAYS && ret != 0) || - (sdb->pgp_verify == PM_PGP_VERIFY_OPTIONAL && ret == 1)) { + if((check_sig == PM_PGP_VERIFY_ALWAYS && ret != 0) || + (check_sig == PM_PGP_VERIFY_OPTIONAL && ret == 1)) { errors++; *data = alpm_list_add(*data, strdup(filename)); FREE(filepath); -- cgit v1.2.3-24-g4f1b