This makes it possible to compile libalpm without the gpgme library. This option is reflected in the configure script. Signed-off-by: Rémy Oudompheng <remy@archlinux.org> --- configure.ac | 19 +++++++++++++++++-- lib/libalpm/signing.c | 33 ++++++++++++++++++++++++++++++--- lib/libalpm/signing.h | 2 +- lib/libalpm/sync.c | 2 +- 4 files changed, 49 insertions(+), 7 deletions(-) diff --git a/configure.ac b/configure.ac index 87330af..b71058a 100644 --- a/configure.ac +++ b/configure.ac @@ -93,6 +93,11 @@ AC_ARG_WITH(openssl, AS_HELP_STRING([--with-openssl], [use OpenSSL crypto implementations instead of internal routines]), [], [with_openssl=check]) +# Help line for using GPGME +AC_ARG_WITH(gpgme, + AS_HELP_STRING([--with-gpgme], [enable signing capabilities]), + [], [with_gpgme=check]) + # Check for useable libcurl LIBCURL_CHECK_CONFIG([yes], [7.19.4]) @@ -148,8 +153,17 @@ AS_IF([test "x$with_openssl" != "xno"], AM_CONDITIONAL([HAVE_LIBSSL], [test "x$ac_cv_lib_ssl_MD5_Final" = "xyes"]) # Check for gpgme -AC_CHECK_LIB([gpgme], [gpgme_check_version], , - AC_MSG_ERROR([gpgme is needed to compile pacman!])) +AC_MSG_CHECKING(whether to enable gpgme) +AS_IF([test "x$with_gpgme" != "xno"], + [AC_MSG_RESULT(yes) + AC_CHECK_LIB([gpgme], [gpgme_check_version], , + [if test "x$with_gpgme" != "xcheck"; then + AC_MSG_FAILURE([--with-gpgme was given, but -lgpgme was not found]) + fi], + [-lgpgme])] + with_gpgme=$ac_cv_lib_gpgme_gpgme_check_version, + AC_MSG_RESULT(no)) +AM_CONDITIONAL([HAVE_LIBGPGME], [test "x$ac_cv_lib_gpgme_gpgme_check_version" = "xyes"]) # Checks for header files. AC_CHECK_HEADERS([fcntl.h glob.h libintl.h locale.h mntent.h string.h \ @@ -402,6 +416,7 @@ ${PACKAGE_NAME}: Compilation options: Run make in doc/ dir : ${wantdoc} ${asciidoc} Doxygen support : ${usedoxygen} + GPGME signing support : ${with_gpgme} debug support : ${debug} " diff --git a/lib/libalpm/signing.c b/lib/libalpm/signing.c index c30650b..581d5c2 100644 --- a/lib/libalpm/signing.c +++ b/lib/libalpm/signing.c @@ -23,19 +23,24 @@ #include <stdio.h> #include <string.h> #include <locale.h> /* setlocale() */ + +#ifdef HAVE_LIBGPGME #include <gpgme.h> +#endif /* libalpm */ #include "signing.h" #include "package.h" #include "util.h" #include "log.h" +#include "handle.h" #include "alpm.h" #define CHECK_ERR(void) do { \ if(err != GPG_ERR_NO_ERROR) { goto error; } \ } while(0) +#ifdef HAVE_LIBGPGME static int gpgme_init(void) { static int init = 0; @@ -97,7 +102,7 @@ error: * @param sig PGP signature data in raw form (already decoded) * @return a int value : 0 (valid), 1 (invalid), -1 (an error occured) */ -int _alpm_gpgme_checksig(const char *path, const pmpgpsig_t *sig) +static int _alpm_gpgme_checksig(const char *path, const pmpgpsig_t *sig) { int ret = 0; gpgme_error_t err; @@ -202,6 +207,7 @@ error: } return ret; } +#endif /** * Load the signature from the given path into the provided struct. @@ -248,6 +254,27 @@ int _alpm_load_signature(const char *sigfile, pmpgpsig_t *pgpsig) { return 0; } +/** Check the PGP signature for an arbitrary file. + * This function redirects to the standard gpgme checking + * function or a user-defined external callback. + */ +int _alpm_file_checksig(const char *path, const pmpgpsig_t *sig) +{ + if(handle->checksigcb == NULL) { +#ifdef HAVE_LIBGPGME + return _alpm_gpgme_checksig(path, sig); +#else + RET_ERR(PM_ERR_EXTERNAL_SIGCHECK, -1); +#endif + } else { + int ret = handle->checksigcb(path, sig); + if(ret == -1) { + RET_ERR(PM_ERR_EXTERNAL_SIGCHECK, -1); + } + return ret; + } +} + /** * Check the PGP package signature for the given package file. * @param pkg the package to check @@ -258,7 +285,7 @@ int SYMEXPORT alpm_pkg_check_pgp_signature(pmpkg_t *pkg) ALPM_LOG_FUNC; ASSERT(pkg != NULL, return 0); - return _alpm_gpgme_checksig(alpm_pkg_get_filename(pkg), + return _alpm_file_checksig(alpm_pkg_get_filename(pkg), alpm_pkg_get_pgpsig(pkg)); } @@ -272,7 +299,7 @@ int SYMEXPORT alpm_db_check_pgp_signature(pmdb_t *db) ALPM_LOG_FUNC; ASSERT(db != NULL, return(0)); - return _alpm_gpgme_checksig(_alpm_db_path(db), + return _alpm_file_checksig(_alpm_db_path(db), _alpm_db_pgpsig(db)); } diff --git a/lib/libalpm/signing.h b/lib/libalpm/signing.h index b37abf0..6781377 100644 --- a/lib/libalpm/signing.h +++ b/lib/libalpm/signing.h @@ -31,7 +31,7 @@ struct __pmpgpsig_t { unsigned char *rawdata; }; -int _alpm_gpgme_checksig(const char *path, const pmpgpsig_t *sig); +int _alpm_file_checksig(const char *path, const pmpgpsig_t *sig); int _alpm_load_signature(const char *sigfile, pmpgpsig_t *pgpsig); #endif /* _ALPM_SIGNING_H */ diff --git a/lib/libalpm/sync.c b/lib/libalpm/sync.c index 5428e40..4f55c95 100644 --- a/lib/libalpm/sync.c +++ b/lib/libalpm/sync.c @@ -850,7 +850,7 @@ int _alpm_sync_commit(pmtrans_t *trans, pmdb_t *db_local, alpm_list_t **data) pmdb_t *sdb = alpm_pkg_get_db(spkg); if(sdb->pgp_verify != PM_PGP_VERIFY_NEVER) { - int ret = _alpm_gpgme_checksig(filepath, pgpsig); + int ret = _alpm_file_checksig(filepath, pgpsig); if((sdb->pgp_verify == PM_PGP_VERIFY_ALWAYS && ret != 0) || (sdb->pgp_verify == PM_PGP_VERIFY_OPTIONAL && ret == 1)) { errors++; -- 1.7.4.2