summaryrefslogtreecommitdiff
path: root/lib/libalpm/signing.c
AgeCommit message (Collapse)Author
2014-08-04signing.c: remove useless error checkAndrew Gregory
CHECK_ERR checks gpg_err which is a local variable. Calling gpg_op_import_result cannot modify it. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2014-06-29libalpm: check for valid public key algorithmChristian Hesse
2014-06-24Update the question callbackOlivier Brunel
Much like with events, instead of using a bunch of void* arguments for all questions, we now send one pointer to an alpm_question_t union. This contains the type of question that was triggered. With this information, a question-specific struct can be accessed in order to get additional arguments. Signed-off-by: Olivier Brunel <jjk@jjacky.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2014-06-02Add compatibility with gpgme-1.5.0Allan McRae
Signed-off-by: Allan McRae <allan@archlinux.org>
2014-01-28Remove ts and sw from vim modeline when noet is setFlorian Pritz
Forcing vim users to view files with a tabstop of 2 seems really unnecessary when noet is set. I find it much easier to read code with ts=4 and I dislike having to override the modeline by hand. Command run: find . -type f -exec sed -i '/vim.* noet/s# ts=2 sw=2##' {} + Signed-off-by: Florian Pritz <bluewind@xinu.at> Signed-off-by: Allan McRae <allan@archlinux.org>
2014-01-10Consistently use #ifdefAllan McRae
Fix the occurances of #if to be #ifdef for consistency.
2014-01-10Fix build with --disable-gpgmeAllan McRae
The alpm_decode_signature function was made available for frontends to display signature information, but this required libalpm to be build with gpgme support. As that function did not require anything from gpgme, have it build unconditionally. Signed-off-by: Allan McRae <allan@archlinux.org>
2014-01-06Update copyright years for 2014Allan McRae
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-11-15Fix whitespace and other formatting issuesJason St. John
This commit: -- replaces space-based indents with tabs per the coding standards -- removes extraneous whitespace (e.g. extra spaces between function args) -- adds missing braces for a one-line if statement Signed-off-by: Jason St. John <jstjohn@purdue.edu>
2013-10-31Make functions to decode a signature and extract keyid publicAllan McRae
These are useful for frontends. Signed-off-by: Allan McRae <allan@archlinux.org>
2013-09-04libalpm: avoid name space conflictSami Kerola
The symbol 'err' refers to err() from err.h, and is wisest to be avoided as a variable name. Reference: http://man7.org/linux/man-pages/man3/err.3.html Signed-off-by: Sami Kerola <kerolasa@iki.fi> Signed-off-by: Allan McRae <allan@archlinux.org>
2013-04-18Fix spelling errors using 'codespell' toolAnatol Pomozov
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-02-16fix style violationsAndrew Gregory
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2013-02-13Fix compilation error on clangAllan McRae
This also lead me to notice that in _alpm_gpgme_checksig many things were not being cleaned up. Fix this by having CHECK_ERR goto gpg_error and make the required adjustments. Signed-off-by: Allan McRae <allan@archlinux.org>
2013-02-09Import key if needed when installing package from fileAllan McRae
When installing a package with "pacman -U" that has a detached signature, check if the needed key is in the keyring and download if necessary. Signed-off-by: Allan McRae <allan@archlinux.org>
2013-02-09Make decode_signature available to the libraryAllan McRae
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-02-09Add function to extract key id from signaturesAllan McRae
This does not support all possibilities of RFC4880, but it does cover every key currently used in Arch Linux. Signed-off-by: Allan McRae <allan@archlinux.org>
2013-02-09Move key importing into separate functionAllan McRae
This will be useful for checking the availablity of all keys before perfoming validation in sync operations and for downloading a needed key in upgrade operations. Signed-off-by: Allan McRae <allan@archlinux.org>
2013-02-09Make key_in_keychain available in libraryAllan McRae
In preparation for checking key presence and downloading needed keys before conflict checking. Signed-off-by: Allan McRae <allan@archlinux.org>
2013-01-04Fix space between control structure and open parensGerardo Exequiel Pozzi
Signed-off-by: Gerardo Exequiel Pozzi <vmlinuz386@yahoo.com.ar> Signed-off-by: Allan McRae <allan@archlinux.org>
2013-01-04Fix open braces styleGerardo Exequiel Pozzi
Signed-off-by: Gerardo Exequiel Pozzi <vmlinuz386@yahoo.com.ar> Signed-off-by: Allan McRae <allan@archlinux.org>
2013-01-03Update copyright year for 2013Allan McRae
Signed-off-by: Allan McRae <allan@archlinux.org>
2012-12-14Fix future signature timestamp warningAllan McRae
The warning given for a signature timstamp being in the future compared to the system time stated the opposite. Also, move this warning to debug output. It is useless in its current form as the package or database that is giving the error is not mentioned and so other debug output is needed to find the offending signature. Signed-off-by: Allan McRae <allan@archlinux.org>
2012-09-18Merge branch 'maint'Dan McGee
2012-09-18signing.c: warn if time went backwardsFlorian Pritz
GPG signatures have a timestamp which is checked and if it's in the future, verification will fail. Dan: slight wording change. Signed-off-by: Florian Pritz <bluewind@xinu.at>
2012-04-12Merge branch 'maint'Dan McGee
2012-04-09Fix issues with unintialized variable value usageDan McGee
Detected by clang scan-build static code analyzer. * Don't attempt to free an uninitialized gpgme key variable * Initialize answer variable before asking frontend a question * Pass by reference instead of value if uninitialized fields are possible in download signal handler code * Ensure we never call strlen() on NULL payload->remote_name value Signed-off-by: Dan McGee <dan@archlinux.org>
2012-04-07Merge branch 'maint'Dan McGee
Conflicts: lib/libalpm/signing.c lib/libalpm/sync.c
2012-03-28signing: cope with gpg2's failure at lifeDave Reisner
For key searches only, gpg2 will fail to lookup any and all keys that are not prefixed with 0x. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2012-01-23Merge branch 'maint'Dan McGee
Conflicts: lib/libalpm/diskspace.c src/pacman/util.h
2012-01-18Update copyright on changed files since beginning of yearDan McGee
Signed-off-by: Dan McGee <dan@archlinux.org>
2012-01-12Reorder some operations in sig check for efficiencyDan McGee
We don't need to open the data to be checked if we don't have a signature to check against, so postpone that open until we know we have either the base64_data or a valid signature file. Signed-off-by: Dan McGee <dan@archlinux.org>
2012-01-08Merge branch 'maint'Dan McGee
Conflicts: lib/libalpm/signing.c Signed-off-by: Dan McGee <dan@archlinux.org>
2012-01-05Search for PGP subkeys in a keyserver-acceptable wayDan McGee
PGP keyservers are pieces of sh** when it comes to searching for subkeys, and only allow it if you submit an 8-character fingerprint rather than the recommended and less chance of collision 16-character fingerprint. Add a second remote lookup for the 8-character version of a key ID if we don't find anything the first time we look up the key. This fixes FS#27612 and the deficiency has been sent upstream to the GnuPG users mailing list as well. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-12-21include config.h via MakefilesDave Reisner
Ensures that config.h is always ordered correctly (first) in the includes. Also means that new source files get this for free without having to remember to add it. We opt for -imacros over -include as its more portable, and the added constraint by -imacros doesn't bother us for config.h. This also touches the HACKING file to remove the explicit mention of config.h as part of the includes. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-11-20add key algo to import msgFlorian Pritz
Signed-off-by: Florian Pritz <bluewind@xinu.at> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-11-20change gpg import message to resemble gpg --list-keysFlorian Pritz
Dan: const pointers, don't worry about bitfields. Signed-off-by: Florian Pritz <bluewind@xinu.at> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-10-17Show an error message on failed remote key lookupDan McGee
The absolutely terrible part about this is the failure on GPGME's part to distinguish between "key not found" and "keyserver timeout". Instead, it returns the same silly GPG_ERR_EOF in both cases (why isn't GPG_ERR_TIMEOUT being used?), leaving us helpless to tell them apart. Spit out a generic enough error message that covers both cases; unfortunately we can't provide much guidance to the user because we aren't sure what actually happened. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-10-12Add user-visible warning message if public keyring not foundDan McGee
This should help point users in the right direction if they have not initialized via pacman-key just yet. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-10-12signing: delay gpgme_init() until latest possible momentDan McGee
In the default configuration, we can enter the signing code but still have nothing to do with GPGME- for example, if database signatures are optional but none are present. Delay initialization of GPGME until we know there is a signature file present or we were passed base64-encoded data. This also makes debugging with valgrind a lot easier as you don't have to deal with all the GPGME error noise because their code leaks like a sieve. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-27Fix compilation using --without-gpgmeDan McGee
I'm really good at breaking this on a regular basis. If only we had some sort of automated testing for this... Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-27Remove unnecessary loggerDan McGee
This is just a wrapper function; the real function we call logs an almost identical line. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-22Update Doxyfile and fix some documentation errors caught by DoxygenDan McGee
A few parameters were outdated or wrongly named, and a few things were explicitly linked that Doxygen wasn't able to resolve. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-22Handle key import errors correctly and with good error messagesDan McGee
This adds calls to gpgme_op_import_result() which we were not looking at before to ensure the key was actually imported. Additionally, we do some preemptive checks to ensure the keyring is even writable if we are going to prompt the user to add things to it. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-22signing: be consistent with returning -1 for error casesDan McGee
This also fixes a segfault found by dave when key_search is unsuccessful; the key_search return code documentation has also been updated to reflect reality. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-22Add status and check for key being disabledDan McGee
Because we aren't using gpgv and a dedicated keyring that is known to be all safe, we should honor this flag being set on a given key in the keyring to know to not honor it. This prevents a key from being reimported that a user does not want to be used- instead of deleting, one should mark it as disabled. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-22Implement PGP key search and importDan McGee
Add two new static methods, key_search() and key_import(), to our growing list of signing code. If we come across a key we do not have, attempt to look it up remotely and ask the user if they wish to import said key. If they do, flag the validation process as a potential 'retry', meaning it might succeed the next time it is ran. These depend on you having a 'keyserver hkp://foo.example.com' line in your gpg.conf file in your gnupg home directory to function. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-22signing: document most undocumented functionsDan McGee
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-22Fix possible segfault if siglist was emptyDan McGee
If siglist->results wasn't a NULL pointer, we would try to free it anyway, even if siglist->count was zero. Only attempt to free this pointer if we had results and the pointer is valid. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-20signing: add a process and retry loop for database signaturesDan McGee
In reality, there is no retrying that happens as of now because we don't have any import or changing of the keyring going on, but the code is set up so we can drop this in our new _alpm_process_siglist() function. Wire up the basics to the sync database validation code, so we see something like the following: $ pacman -Ss unknowntrust error: core: signature from "Dan McGee <dpmcgee@gmail.com>" is unknown trust error: core: signature from "Dan McGee <dpmcgee@gmail.com>" is unknown trust error: database 'core' is not valid (invalid or corrupted database (PGP signature)) $ pacman -Ss missingsig error: core: missing required signature error: core: missing required signature error: database 'core' is not valid (invalid or corrupted database (PGP signature)) Yes, there is some double output, but this should be fixable in the future. Signed-off-by: Dan McGee <dan@archlinux.org>