From b01bcc7d3d680856bd60c4ae03e4ba3f6d889cb2 Mon Sep 17 00:00:00 2001 From: Anatol Pomozov Date: Tue, 26 May 2020 19:12:08 -0700 Subject: Fallback to detached signatures during keyring check Pacman has a 'key in keyring' verification step that makes sure the signatures have a valid keyid. Currently pacman parses embedded package signatures only. Add a fallback to detached signatures. If embedded signature is missing then it tries to read corresponding *.sig file and get keyid from there. Verification: debug: found cached pkg: /var/cache/pacman/pkg/glib-networking-2.64.3-1-x86_64.pkg.tar.zst debug: found detached signature /var/cache/pacman/pkg/glib-networking-2.64.3-1-x86_64.pkg.tar.zst.sig with size 310 debug: found signature key: A5E9288C4FA415FA debug: looking up key A5E9288C4FA415FA locally debug: key lookup success, key exists Signed-off-by: Anatol Pomozov Signed-off-by: Allan McRae --- lib/libalpm/util.h | 1 + 1 file changed, 1 insertion(+) (limited to 'lib/libalpm/util.h') diff --git a/lib/libalpm/util.h b/lib/libalpm/util.h index 4fc6e718..03c8ed44 100644 --- a/lib/libalpm/util.h +++ b/lib/libalpm/util.h @@ -155,6 +155,7 @@ int _alpm_fnmatch_patterns(alpm_list_t *patterns, const char *string); int _alpm_fnmatch(const void *pattern, const void *string); void *_alpm_realloc(void **data, size_t *current, const size_t required); void *_alpm_greedy_grow(void **data, size_t *current, const size_t required); +alpm_errno_t _alpm_read_file(const char *filepath, unsigned char **data, size_t *data_len); #ifndef HAVE_STRSEP char *strsep(char **, const char *); -- cgit v1.2.3-24-g4f1b