A patch for adding VerifySignature options in pacman.conf
>From cbe0f2ccf64509f6182136bbfa35ec934dd18d2d Mon Sep 17 00:00:00 2001 From: shankar <[email protected]> Date: Wed, 17 Dec 2008 16:25:07 +0530 Subject: [PATCH] Added gpg verification options per repo to the config file --- lib/libalpm/alpm.h | 9 +++++++++ lib/libalpm/db.c | 31 +++++++++++++++++++++++++++++++ lib/libalpm/db.h | 2 ++ src/pacman/pacman.c | 18 ++++++++++++++++++ 4 files changed, 60 insertions(+), 0 deletions(-) diff --git a/lib/libalpm/alpm.h b/lib/libalpm/alpm.h index c26b8bb..fedfc12 100644 --- a/lib/libalpm/alpm.h +++ b/lib/libalpm/alpm.h @@ -249,6 +249,15 @@ typedef enum _pgpcheck_t { pgpcheck_t alpm_pkg_check_pgp_signature(pmpkg_t *pkg); +/* GPG signature verification option */ +typedef enum _pmdb_verify_gpg { + PM_GPG_VERIFY_ALWAYS, + PM_GPG_VERIFY_OPTIONAL, + PM_GPG_VERIFY_NEVER +} pmdb_verify_gpg; + + +int alpm_db_set_gpg_opt(pmdb_t *db, pmdb_verify_gpg verify); /* * Deltas */ diff --git a/lib/libalpm/db.c b/lib/libalpm/db.c index 9b91ce4..2bf03fb 100644 --- a/lib/libalpm/db.c +++ b/lib/libalpm/db.c @@ -206,6 +206,37 @@ int SYMEXPORT alpm_db_setserver(pmdb_t *db, const char *url) return(0); } +/** Set the verify gpg signature option for a database. + * @param db database pointer + * @param verify enum pmdb_verify_gpg + * @return 0 on success, -1 on error (pm_errno is set accordingly) + */ +int SYMEXPORT alpm_db_set_gpg_opt(pmdb_t *db, pmdb_verify_gpg verify) +{ + alpm_list_t *i; + int found = 0; + + ALPM_LOG_FUNC; + + /* Sanity checks */ + ASSERT(db != NULL, RET_ERR(PM_ERR_DB_NULL, -1)); + + for(i = handle->dbs_sync; i && !found; i = i->next) { + pmdb_t *sdb = i->data; + if(strcmp(db->treename, sdb->treename) == 0) { + found = 1; + } + } + if(!found) { + RET_ERR(PM_ERR_DB_NOT_FOUND, -1); + } + + db->verify_gpg = verify; + _alpm_log(PM_LOG_DEBUG, "adding VerifySig option to database '%s': %d\n", + db->treename, verify); + + return(0); +} /** Get the name of a package database * @param db pointer to the package database diff --git a/lib/libalpm/db.h b/lib/libalpm/db.h index 96fac0d..b94ef01 100644 --- a/lib/libalpm/db.h +++ b/lib/libalpm/db.h @@ -37,6 +37,7 @@ typedef enum _pmdbinfrq_t { INFRQ_ALL = 0x3F } pmdbinfrq_t; + /* Database */ struct __pmdb_t { char *path; @@ -45,6 +46,7 @@ struct __pmdb_t { alpm_list_t *pkgcache; alpm_list_t *grpcache; alpm_list_t *servers; + pmdb_verify_gpg verify_gpg; }; /* db.c, database general calls */ diff --git a/src/pacman/pacman.c b/src/pacman/pacman.c index 18fd3a8..0292cfa 100644 --- a/src/pacman/pacman.c +++ b/src/pacman/pacman.c @@ -788,6 +788,24 @@ static int _parseconfig(const char *file, const char *givensection, } free(server); + } else if(strcmp(key, "VerifySig") == 0) { + if (strcmp(ptr, "Always") == 0) { + ret = alpm_db_set_gpg_opt(db,PM_GPG_VERIFY_ALWAYS); + } else if (strcmp(ptr, "Optional") == 0) { + ret = alpm_db_set_gpg_opt(db,PM_GPG_VERIFY_OPTIONAL); + } else if (strcmp(ptr, "Never") == 0) { + ret = alpm_db_set_gpg_opt(db,PM_GPG_VERIFY_NEVER); + } else { + pm_printf(PM_LOG_ERROR, _("invalid value for 'VerifySig' : '%s'\n"), ptr); + ret = 1; + goto cleanup; + } + if ( ret != 0) { + pm_printf(PM_LOG_ERROR, _("could not add gpg verify option to database '%s': %s (%s)\n"), + alpm_db_get_name(db), ptr, alpm_strerrorlast()); + goto cleanup; + } + pm_printf(PM_LOG_DEBUG, "Verify GPG signature for %s: %s\n",alpm_db_get_name(db), ptr); } else { pm_printf(PM_LOG_ERROR, _("config file %s, line %d: directive '%s' not recognized.\n"), file, linenum, key); -- 1.6.0.4 On Tue, Dec 16, 2008 at 3:49 AM, Dan McGee <[email protected]> wrote: > > On Mon, Dec 15, 2008 at 2:11 PM, Gerhard Brauer <[email protected]> wrote: > > Am Mon, 15 Dec 2008 13:50:49 -0600 > > schrieb Chris Brannon <[email protected]>: > >> I think pacman should at least complain if the signing key is not > >> found in the public keyring. Thoughts? > > > > IMHO pacman should refuse to install anything from core and extra if > > the signature is not found or corrupted. > > I don't know what to to with community (maybe a second keyring with > > TU signatures?) > > Pacman knows nothing about [core], [extra], and [community], so this > will not be possible. However, I had considered a few possibilities > for this type of stuff and this was the best I could think of: > One shared keyring for all repos. Under each repository section, we > would have a VerifySignatures option or something similar, which would > take values of "Always", "Optional", or "Never", with one of these as > a sane default. We would fail when set to "Always" if packages had no > signature, we didn't have the signature on the package, or if the > signature was invalid. For optional, we would verify the signature if > it was there and we had it in our keychain; spit a warning otherwise > but continue on. Never seems self explanatory > > > My thoughts were to make a option to each repo section in pacman.conf. > > With this option: Keyring = /foo/bar we have an indicator that pacman > > should check for correct signatures and users could have their > > unsigned or self-signed repos additionally. > > Ha! We think alike. I actually typed the above before I read this. > > -Dan > _______________________________________________ > pacman-dev mailing list > [email protected] > http://archlinux.org/mailman/listinfo/pacman-dev
0014-Added-gpg-verification-options-per-repo-to-the-confi.patch
Description: Binary data
_______________________________________________ pacman-dev mailing list [email protected] http://archlinux.org/mailman/listinfo/pacman-dev
