[pacman-dev] [PATCH] signing.c: warn if time went backwards

Sat, 30 Jun 2012 06:16:34 -0700 

GPG signatures have a timestamp which is checked and if it's in the
future, verification will fail.

Signed-off-by: Florian Pritz <[email protected]>
---
Allan suggested to improve the error message printed when verification
fails, but since I already have this patch I can just as well submit it.

 lib/libalpm/signing.c | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/lib/libalpm/signing.c b/lib/libalpm/signing.c
index 1e41716..6148976 100644
--- a/lib/libalpm/signing.c
+++ b/lib/libalpm/signing.c
@@ -20,6 +20,8 @@
 #include <stdlib.h>
 #include <stdio.h>
 #include <string.h>
+#include <time.h>
+#include <errno.h>
 
 #if HAVE_LIBGPGME
 #include <locale.h> /* setlocale() */
@@ -127,6 +129,10 @@ static int init_gpgme(alpm_handle_t *handle)
        gpgme_error_t err;
        gpgme_engine_info_t enginfo;
 
+       const static char *timestamp_file = "timestamp";
+       int len;
+       char *timestamp_path;
+
        if(init) {
                /* we already successfully initialized the library */
                return 0;
@@ -143,6 +149,34 @@ static int init_gpgme(alpm_handle_t *handle)
                                "pacman-key --init");
        }
 
+       len = strlen(sigdir) + strlen(timestamp_file) + 1;
+       CALLOC(timestamp_path, len, sizeof(char), RET_ERR(handle, 
ALPM_ERR_MEMORY, -1));
+       snprintf(timestamp_path, len, "%s%s", sigdir, timestamp_file);
+
+       /* check if time went backwards since last run */
+       if(!_alpm_access(handle, sigdir, timestamp_file, F_OK)) {
+               struct stat sb;
+               time_t t;
+
+               if(stat(timestamp_path, &sb) == -1) {
+                       /* TODO: should we really error here? */
+                       RET_ERR(handle, ALPM_ERR_SYSTEM, -1);
+               }
+
+               t = time(NULL);
+               if(t == ((time_t)-1)) {
+                       _alpm_log(handle, ALPM_LOG_ERROR, _("Failed to 
determine system time: %s\n"), strerror(errno));
+               }
+
+               if(sb.st_mtime > t) {
+                       _alpm_log(handle, ALPM_LOG_WARNING, _("Time went 
backwards, signature verification might fail.\n"));
+               }
+       }
+       /* create file if missing, else update timestamp */
+       close(creat(timestamp_path, O_RDWR));
+
+       free(timestamp_path);
+
        /* calling gpgme_check_version() returns the current version and runs
         * some internal library setup code */
        version = gpgme_check_version(NULL);
-- 
1.7.11.1

Reply via email to