A quick question...... I saw this in be_package.c pkg_load() /* look around for a PGP signature file; load if available */
MALLOC(pgpfile, strlen(pkgfile) + 5, RET_ERR(PM_ERR_MEMORY, NULL)); sprintf(pgpfile, "%s.sig", pkgfile); if(access(pgpfile, R_OK) == 0) { FILE *f; long bytes; f = fopen(pgpfile, "rb"); fseek(f, 0L, SEEK_END); bytes = ftell(f); fseek(f, 0L, SEEK_SET); /* don't read the file in if it is obviously not the size of a sig */ if(bytes == 72) { CALLOC(newpkg->pgpsig.rawdata, bytes, sizeof(char), RET_ERR(PM_ERR_MEMORY, NULL)); fread(newpkg->pgpsig.rawdata, sizeof(char), bytes, f); newpkg->pgpsig.rawlen = bytes; _alpm_log(PM_LOG_DEBUG, "loaded package .sig file, location %s\n", pgpfile); } else { _alpm_log(PM_LOG_WARNING, _("PGP signature file for %s was abnormal" " (had length %ld), skipping\n"), pkgfile, bytes); } fclose(f); } else { _alpm_log(PM_LOG_DEBUG, "no package signature file found\n"); } FREE(pgpfile);
So do we download the signature file along with the package? Or use %PGPSIG% in the db? On Tue, Dec 16, 2008 at 3:49 AM, Dan McGee <dpmcgee@gmail.com> wrote:
On Mon, Dec 15, 2008 at 2:11 PM, Gerhard Brauer <gerbra@archlinux.de> wrote:
Am Mon, 15 Dec 2008 13:50:49 -0600 schrieb Chris Brannon <cmbrannon@cox.net>:
I think pacman should at least complain if the signing key is not found in the public keyring. Thoughts?
IMHO pacman should refuse to install anything from core and extra if the signature is not found or corrupted. I don't know what to to with community (maybe a second keyring with TU signatures?)
Pacman knows nothing about [core], [extra], and [community], so this will not be possible. However, I had considered a few possibilities for this type of stuff and this was the best I could think of: One shared keyring for all repos. Under each repository section, we would have a VerifySignatures option or something similar, which would take values of "Always", "Optional", or "Never", with one of these as a sane default. We would fail when set to "Always" if packages had no signature, we didn't have the signature on the package, or if the signature was invalid. For optional, we would verify the signature if it was there and we had it in our keychain; spit a warning otherwise but continue on. Never seems self explanatory
My thoughts were to make a option to each repo section in pacman.conf. With this option: Keyring = /foo/bar we have an indicator that pacman should check for correct signatures and users could have their unsigned or self-signed repos additionally.
Ha! We think alike. I actually typed the above before I read this.
-Dan _______________________________________________ pacman-dev mailing list pacman-dev@archlinux.org http://archlinux.org/mailman/listinfo/pacman-dev