A quick question......
I saw this in be_package.c pkg_load()
/* look around for a PGP signature file; load if available */
MALLOC(pgpfile, strlen(pkgfile) + 5, RET_ERR(PM_ERR_MEMORY, NULL));
sprintf(pgpfile, "%s.sig", pkgfile);
if(access(pgpfile, R_OK) == 0) {
FILE *f;
long bytes;
f = fopen(pgpfile, "rb");
fseek(f, 0L, SEEK_END);
bytes = ftell(f);
fseek(f, 0L, SEEK_SET);
/* don't read the file in if it is obviously not the size of a sig */
if(bytes == 72) {
CALLOC(newpkg->pgpsig.rawdata, bytes, sizeof(char),
RET_ERR(PM_ERR_MEMORY, NULL));
fread(newpkg->pgpsig.rawdata, sizeof(char), bytes, f);
newpkg->pgpsig.rawlen = bytes;
_alpm_log(PM_LOG_DEBUG,
"loaded package .sig file, location %s\n", pgpfile);
} else {
_alpm_log(PM_LOG_WARNING, _("PGP signature file for %s was abnormal"
" (had length %ld), skipping\n"), pkgfile, bytes);
}
fclose(f);
} else {
_alpm_log(PM_LOG_DEBUG, "no package signature file found\n");
}
FREE(pgpfile);
So do we download the signature file along with the package? Or use %PGPSIG% in the db?
On Tue, Dec 16, 2008 at 3:49 AM, Dan McGee <dpmcgee@gmail.com> wrote:
> On Mon, Dec 15, 2008 at 2:11 PM, Gerhard Brauer <gerbra@archlinux.de> wrote:
>> Am Mon, 15 Dec 2008 13:50:49 -0600
>> schrieb Chris Brannon <cmbrannon@cox.net>:
>>> I think pacman should at least complain if the signing key is not
>>> found in the public keyring. Thoughts?
>>
>> IMHO pacman should refuse to install anything from core and extra if
>> the signature is not found or corrupted.
>> I don't know what to to with community (maybe a second keyring with
>> TU signatures?)
>
> Pacman knows nothing about [core], [extra], and [community], so this
> will not be possible. However, I had considered a few possibilities
> for this type of stuff and this was the best I could think of:
> One shared keyring for all repos. Under each repository section, we
> would have a VerifySignatures option or something similar, which would
> take values of "Always", "Optional", or "Never", with one of these as
> a sane default. We would fail when set to "Always" if packages had no
> signature, we didn't have the signature on the package, or if the
> signature was invalid. For optional, we would verify the signature if
> it was there and we had it in our keychain; spit a warning otherwise
> but continue on. Never seems self explanatory
>
>> My thoughts were to make a option to each repo section in pacman.conf.
>> With this option: Keyring = /foo/bar we have an indicator that pacman
>> should check for correct signatures and users could have their
>> unsigned or self-signed repos additionally.
>
> Ha! We think alike. I actually typed the above before I read this.
>
> -Dan
> _______________________________________________
> pacman-dev mailing list
> pacman-dev@archlinux.org
> http://archlinux.org/mailman/listinfo/pacman-dev
>