On 05/19/13 at 10:44pm, Allan McRae wrote:
When attempting to install a package (either via -S or -U) and the signature is missing, the current error message "invalid or corrupted package (PGP signature)" is very unclear. Instead inform the user that the package is missing the required signature.
Partial fix for FS#34741.
Signed-off-by: Allan McRae <allan@archlinux.org> --- lib/libalpm/alpm.h | 1 + lib/libalpm/be_package.c | 6 +++++- lib/libalpm/error.c | 2 ++ 3 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/lib/libalpm/alpm.h b/lib/libalpm/alpm.h index 2277a69..806cd95 100644 --- a/lib/libalpm/alpm.h +++ b/lib/libalpm/alpm.h @@ -1267,6 +1267,7 @@ typedef enum _alpm_errno_t { ALPM_ERR_PKG_INVALID, ALPM_ERR_PKG_INVALID_CHECKSUM, ALPM_ERR_PKG_INVALID_SIG, + ALPM_ERR_PKG_MISSING_SIG, ALPM_ERR_PKG_OPEN, ALPM_ERR_PKG_CANT_REMOVE, ALPM_ERR_PKG_INVALID_NAME, diff --git a/lib/libalpm/be_package.c b/lib/libalpm/be_package.c index cfe5fb3..ea48b6e 100644 --- a/lib/libalpm/be_package.c +++ b/lib/libalpm/be_package.c @@ -323,9 +323,13 @@ int _alpm_pkg_validate_internal(alpm_handle_t *handle, }
/* even if we don't have a sig, run the check code if level tells us to */ - if(has_sig || level & ALPM_SIG_PACKAGE) { + if(level & ALPM_SIG_PACKAGE) {
I'm pretty sure we don't want to change this. If we have a sig we don't do md5/sha256 checks. So if we have a sig we need to do this regardless of what level is set to.
const char *sig = syncpkg ? syncpkg->base64_sig : NULL; _alpm_log(handle, ALPM_LOG_DEBUG, "sig data: %s\n", sig ? sig : "<from .sig>"); + if(!sig) { + handle->pm_errno = ALPM_ERR_PKG_MISSING_SIG; + return -1; + } if(_alpm_check_pgp_helper(handle, pkgfile, sig, level & ALPM_SIG_PACKAGE_OPTIONAL, level & ALPM_SIG_PACKAGE_MARGINAL_OK, level & ALPM_SIG_PACKAGE_UNKNOWN_OK, sigdata)) { diff --git a/lib/libalpm/error.c b/lib/libalpm/error.c index a59f4fe..8622180 100644 --- a/lib/libalpm/error.c +++ b/lib/libalpm/error.c @@ -111,6 +111,8 @@ const char SYMEXPORT *alpm_strerror(alpm_errno_t err) return _("invalid or corrupted package (checksum)"); case ALPM_ERR_PKG_INVALID_SIG: return _("invalid or corrupted package (PGP signature)"); + case ALPM_ERR_PKG_MISSING_SIG: + return _("package missing required signature"); case ALPM_ERR_PKG_OPEN: return _("cannot open package file"); case ALPM_ERR_PKG_CANT_REMOVE: -- 1.8.2.3