A patch for adding VerifySignature options in pacman.conf
From cbe0f2ccf64509f6182136bbfa35ec934dd18d2d Mon Sep 17 00:00:00 2001 From: shankar <jatheendra@gmail.com> Date: Wed, 17 Dec 2008 16:25:07 +0530 Subject: [PATCH] Added gpg verification options per repo to the config file
--- lib/libalpm/alpm.h | 9 +++++++++ lib/libalpm/db.c | 31 +++++++++++++++++++++++++++++++ lib/libalpm/db.h | 2 ++ src/pacman/pacman.c | 18 ++++++++++++++++++ 4 files changed, 60 insertions(+), 0 deletions(-) diff --git a/lib/libalpm/alpm.h b/lib/libalpm/alpm.h index c26b8bb..fedfc12 100644 --- a/lib/libalpm/alpm.h +++ b/lib/libalpm/alpm.h @@ -249,6 +249,15 @@ typedef enum _pgpcheck_t { pgpcheck_t alpm_pkg_check_pgp_signature(pmpkg_t *pkg); +/* GPG signature verification option */ +typedef enum _pmdb_verify_gpg { + PM_GPG_VERIFY_ALWAYS, + PM_GPG_VERIFY_OPTIONAL, + PM_GPG_VERIFY_NEVER +} pmdb_verify_gpg; + + +int alpm_db_set_gpg_opt(pmdb_t *db, pmdb_verify_gpg verify); /* * Deltas */ diff --git a/lib/libalpm/db.c b/lib/libalpm/db.c index 9b91ce4..2bf03fb 100644 --- a/lib/libalpm/db.c +++ b/lib/libalpm/db.c @@ -206,6 +206,37 @@ int SYMEXPORT alpm_db_setserver(pmdb_t *db, const char *url) return(0); } +/** Set the verify gpg signature option for a database. + * @param db database pointer + * @param verify enum pmdb_verify_gpg + * @return 0 on success, -1 on error (pm_errno is set accordingly) + */ +int SYMEXPORT alpm_db_set_gpg_opt(pmdb_t *db, pmdb_verify_gpg verify) +{ + alpm_list_t *i; + int found = 0; + + ALPM_LOG_FUNC; + + /* Sanity checks */ + ASSERT(db != NULL, RET_ERR(PM_ERR_DB_NULL, -1)); + + for(i = handle->dbs_sync; i && !found; i = i->next) { + pmdb_t *sdb = i->data; + if(strcmp(db->treename, sdb->treename) == 0) { + found = 1; + } + } + if(!found) { + RET_ERR(PM_ERR_DB_NOT_FOUND, -1); + } + + db->verify_gpg = verify; + _alpm_log(PM_LOG_DEBUG, "adding VerifySig option to database '%s': %d\n", + db->treename, verify); + + return(0); +} /** Get the name of a package database * @param db pointer to the package database diff --git a/lib/libalpm/db.h b/lib/libalpm/db.h index 96fac0d..b94ef01 100644 --- a/lib/libalpm/db.h +++ b/lib/libalpm/db.h @@ -37,6 +37,7 @@ typedef enum _pmdbinfrq_t { INFRQ_ALL = 0x3F } pmdbinfrq_t; + /* Database */ struct __pmdb_t { char *path; @@ -45,6 +46,7 @@ struct __pmdb_t { alpm_list_t *pkgcache; alpm_list_t *grpcache; alpm_list_t *servers; + pmdb_verify_gpg verify_gpg; }; /* db.c, database general calls */ diff --git a/src/pacman/pacman.c b/src/pacman/pacman.c index 18fd3a8..0292cfa 100644 --- a/src/pacman/pacman.c +++ b/src/pacman/pacman.c @@ -788,6 +788,24 @@ static int _parseconfig(const char *file, const char *givensection, } free(server); + } else if(strcmp(key, "VerifySig") == 0) { + if (strcmp(ptr, "Always") == 0) { + ret = alpm_db_set_gpg_opt(db,PM_GPG_VERIFY_ALWAYS); + } else if (strcmp(ptr, "Optional") == 0) { + ret = alpm_db_set_gpg_opt(db,PM_GPG_VERIFY_OPTIONAL); + } else if (strcmp(ptr, "Never") == 0) { + ret = alpm_db_set_gpg_opt(db,PM_GPG_VERIFY_NEVER); + } else { + pm_printf(PM_LOG_ERROR, _("invalid value for 'VerifySig' : '%s'\n"), ptr); + ret = 1; + goto cleanup; + } + if ( ret != 0) { + pm_printf(PM_LOG_ERROR, _("could not add gpg verify option to database '%s': %s (%s)\n"), + alpm_db_get_name(db), ptr, alpm_strerrorlast()); + goto cleanup; + } + pm_printf(PM_LOG_DEBUG, "Verify GPG signature for %s: %s\n",alpm_db_get_name(db), ptr); } else { pm_printf(PM_LOG_ERROR, _("config file %s, line %d: directive '%s' not recognized.\n"), file, linenum, key); -- 1.6.0.4 On Tue, Dec 16, 2008 at 3:49 AM, Dan McGee <dpmcgee@gmail.com> wrote:
On Mon, Dec 15, 2008 at 2:11 PM, Gerhard Brauer <gerbra@archlinux.de> wrote:
Am Mon, 15 Dec 2008 13:50:49 -0600 schrieb Chris Brannon <cmbrannon@cox.net>:
I think pacman should at least complain if the signing key is not found in the public keyring. Thoughts?
IMHO pacman should refuse to install anything from core and extra if the signature is not found or corrupted. I don't know what to to with community (maybe a second keyring with TU signatures?)
Pacman knows nothing about [core], [extra], and [community], so this will not be possible. However, I had considered a few possibilities for this type of stuff and this was the best I could think of: One shared keyring for all repos. Under each repository section, we would have a VerifySignatures option or something similar, which would take values of "Always", "Optional", or "Never", with one of these as a sane default. We would fail when set to "Always" if packages had no signature, we didn't have the signature on the package, or if the signature was invalid. For optional, we would verify the signature if it was there and we had it in our keychain; spit a warning otherwise but continue on. Never seems self explanatory
My thoughts were to make a option to each repo section in pacman.conf. With this option: Keyring = /foo/bar we have an indicator that pacman should check for correct signatures and users could have their unsigned or self-signed repos additionally.
Ha! We think alike. I actually typed the above before I read this.
-Dan _______________________________________________ pacman-dev mailing list pacman-dev@archlinux.org http://archlinux.org/mailman/listinfo/pacman-dev