[pacman-dev] [PATCH] Search for PGP subkeys in a keyserver-acceptable way

Thu, 05 Jan 2012 14:47:50 -0800 

PGP keyservers are pieces of sh** when it comes to searching for
subkeys, and only allow it if you submit an 8-character fingerprint
rather than the recommended and less chance of collision 16-character
fingerprint.

Add a second remote lookup for the 8-character version of a key ID if we
don't find anything the first time we look up the key. This fixes
FS#27612 and the deficiency has been sent upstream to the GnuPG users
mailing list as well.

Signed-off-by: Dan McGee <[email protected]>
---
 lib/libalpm/signing.c |   26 +++++++++++++++++++++-----
 1 files changed, 21 insertions(+), 5 deletions(-)

diff --git a/lib/libalpm/signing.c b/lib/libalpm/signing.c
index 92f34b5..1a53dea 100644
--- a/lib/libalpm/signing.c
+++ b/lib/libalpm/signing.c
@@ -251,10 +251,24 @@ static int key_search(alpm_handle_t *handle, const char 
*fpr,
        err = gpgme_get_key(ctx, fpr, &key, 0);
        if(gpg_err_code(err) == GPG_ERR_EOF) {
                _alpm_log(handle, ALPM_LOG_DEBUG, "key lookup failed, unknown 
key\n");
-               ret = 0;
-               goto error;
-       } else if(gpg_err_code(err) != GPG_ERR_NO_ERROR) {
-               _alpm_log(handle, ALPM_LOG_DEBUG, "gpg error: %s\n", 
gpgme_strerror(err));
+               /* Try an alternate lookup using the 8 character fingerprint 
value, since
+                * busted-ass keyservers can't support lookups using subkeys 
with the full
+                * value as of now. This is why 2012 is not the year of PGP 
encryption. */
+               if(strlen(fpr) > 8) {
+                       const char *short_fpr = fpr + strlen(fpr) - 8;
+                       _alpm_log(handle, ALPM_LOG_DEBUG,
+                                       "looking up key %s remotely\n", 
short_fpr);
+                       err = gpgme_get_key(ctx, short_fpr, &key, 0);
+                       if(gpg_err_code(err) == GPG_ERR_EOF) {
+                               _alpm_log(handle, ALPM_LOG_DEBUG, "key lookup 
failed, unknown key\n");
+                               ret = 0;
+                       }
+               } else {
+                       ret = 0;
+               }
+       }
+
+       if(gpg_err_code(err) != GPG_ERR_NO_ERROR) {
                goto error;
        }
 
@@ -270,9 +284,11 @@ static int key_search(alpm_handle_t *handle, const char 
*fpr,
        pgpkey->email = key->uids->email;
        pgpkey->created = key->subkeys->timestamp;
        pgpkey->expires = key->subkeys->expires;
-       ret = 1;
+       gpgme_release(ctx);
+       return 1;
 
 error:
+       _alpm_log(handle, ALPM_LOG_DEBUG, "gpg error: %s\n", 
gpgme_strerror(err));
        gpgme_release(ctx);
        return ret;
 }
-- 
1.7.8.1

Reply via email to