A quick question......

I saw this in  be_package.c  pkg_load()

    /* look around for a PGP signature file; load if available */
        MALLOC(pgpfile, strlen(pkgfile) + 5, RET_ERR(PM_ERR_MEMORY, NULL));
        sprintf(pgpfile, "%s.sig", pkgfile);
        if(access(pgpfile, R_OK) == 0) {
            FILE *f;
            long bytes;
            f = fopen(pgpfile, "rb");
            fseek(f, 0L, SEEK_END);
            bytes = ftell(f);
            fseek(f, 0L, SEEK_SET);
            /* don't read the file in if it is obviously not the size of a sig */
            if(bytes == 72) {
                CALLOC(newpkg->pgpsig.rawdata, bytes, sizeof(char),
                        RET_ERR(PM_ERR_MEMORY, NULL));
                fread(newpkg->pgpsig.rawdata, sizeof(char), bytes, f);
                newpkg->pgpsig.rawlen = bytes;
                _alpm_log(PM_LOG_DEBUG,
                        "loaded package .sig file, location %s\n", pgpfile);
            } else {
                _alpm_log(PM_LOG_WARNING, _("PGP signature file for %s was abnormal"
                            " (had length %ld), skipping\n"), pkgfile, bytes);
            }
            fclose(f);
        } else {
            _alpm_log(PM_LOG_DEBUG, "no package signature file found\n");
        }
        FREE(pgpfile);


So do we download the signature file along with the package? Or use  %PGPSIG% in the db?



On Tue, Dec 16, 2008 at 3:49 AM, Dan McGee <dpmcgee@gmail.com> wrote:
> On Mon, Dec 15, 2008 at 2:11 PM, Gerhard Brauer <gerbra@archlinux.de> wrote:
>> Am Mon, 15 Dec 2008 13:50:49 -0600
>> schrieb Chris Brannon <cmbrannon@cox.net>:
>>> I think pacman should at least complain if the signing key is not
>>> found in the public keyring.  Thoughts?
>>
>> IMHO pacman should refuse to install anything from core and extra if
>> the signature is not found or corrupted.
>> I don't know what to to with community (maybe a second keyring with
>> TU signatures?)
>
> Pacman knows nothing about [core], [extra], and [community], so this
> will not be possible. However, I had considered a few possibilities
> for this type of stuff and this was the best I could think of:
> One shared keyring for all repos. Under each repository section, we
> would have a VerifySignatures option or something similar, which would
> take values of "Always", "Optional", or "Never", with one of these as
> a sane default. We would fail when set to "Always" if packages had no
> signature, we didn't have the signature on the package, or if the
> signature was invalid. For optional, we would verify the signature if
> it was there and we had it in our keychain; spit a warning otherwise
> but continue on. Never seems self explanatory
>
>> My thoughts were to make a option to each repo section in pacman.conf.
>> With this option: Keyring = /foo/bar we have an indicator that pacman
>> should check for correct signatures and users could have their
>> unsigned or self-signed repos additionally.
>
> Ha! We think alike. I actually typed the above before I read this.
>
> -Dan
> _______________________________________________
> pacman-dev mailing list
> pacman-dev@archlinux.org
> http://archlinux.org/mailman/listinfo/pacman-dev
>