This will be useful for checking the availablity of all keys before perfoming validation in sync operations and for downloading a needed key in upgrade operations. Signed-off-by: Allan McRae <allan@archlinux.org> --- lib/libalpm/signing.c | 81 +++++++++++++++++++++++++++++++-------------------- lib/libalpm/signing.h | 1 + 2 files changed, 50 insertions(+), 32 deletions(-) diff --git a/lib/libalpm/signing.c b/lib/libalpm/signing.c index 09463ff..9d56aba 100644 --- a/lib/libalpm/signing.c +++ b/lib/libalpm/signing.c @@ -372,6 +372,46 @@ error: } /** + * Import a key defined by a fingerprint into the local keyring. + * @param handle the context handle + * @param fpr the fingerprint key ID to import + * @return 0 on success, -1 on error + */ +int _alpm_key_import(alpm_handle_t *handle, const char *fpr) { + int answer = 0, ret = -1; + alpm_pgpkey_t fetch_key; + memset(&fetch_key, 0, sizeof(fetch_key)); + + if(key_search(handle, fpr, &fetch_key) == 1) { + _alpm_log(handle, ALPM_LOG_DEBUG, + "unknown key, found %s on keyserver\n", fetch_key.uid); + if(!_alpm_access(handle, handle->gpgdir, "pubring.gpg", W_OK)) { + QUESTION(handle, ALPM_QUESTION_IMPORT_KEY, + &fetch_key, NULL, NULL, &answer); + if(answer) { + if(key_import(handle, &fetch_key) == 0) { + ret = 0; + } else { + _alpm_log(handle, ALPM_LOG_ERROR, + _("key \"%s\" could not be imported\n"), fetch_key.uid); + } + } + } else { + /* keyring directory was not writable, so we don't even try */ + _alpm_log(handle, ALPM_LOG_WARNING, + _("key %s, \"%s\" found on keyserver, keyring is not writable\n"), + fetch_key.fingerprint, fetch_key.uid); + } + } else { + _alpm_log(handle, ALPM_LOG_ERROR, + _("key \"%s\" could not be looked up remotely\n"), fpr); + } + gpgme_key_unref(fetch_key.data); + + return ret; +} + +/** * Decode a loaded signature in base64 form. * @param base64_data the signature to attempt to decode * @param data the decoded data; must be freed by the caller @@ -636,6 +676,11 @@ int _alpm_key_in_keychain(alpm_handle_t UNUSED *handle, const char UNUSED *fpr) return -1; } +int _alpm_key_import(alpm_handle_t UNUSED *handle, const char UNUSED *fpr) +{ + return -1; +} + int _alpm_gpgme_checksig(alpm_handle_t UNUSED *handle, const char UNUSED *path, const char UNUSED *base64_sig, alpm_siglist_t UNUSED *siglist) { @@ -816,39 +861,11 @@ int _alpm_process_siglist(alpm_handle_t *handle, const char *identifier, } _alpm_log(handle, ALPM_LOG_ERROR, _("%s: key \"%s\" is unknown\n"), identifier, name); -#ifdef HAVE_LIBGPGME - { - int answer = 0; - alpm_pgpkey_t fetch_key; - memset(&fetch_key, 0, sizeof(fetch_key)); - - if(key_search(handle, result->key.fingerprint, &fetch_key) == 1) { - _alpm_log(handle, ALPM_LOG_DEBUG, - "unknown key, found %s on keyserver\n", fetch_key.uid); - if(!_alpm_access(handle, handle->gpgdir, "pubring.gpg", W_OK)) { - QUESTION(handle, ALPM_QUESTION_IMPORT_KEY, - &fetch_key, NULL, NULL, &answer); - if(answer) { - if(key_import(handle, &fetch_key) == 0) { - retry = 1; - } else { - _alpm_log(handle, ALPM_LOG_ERROR, - _("key \"%s\" could not be imported\n"), fetch_key.uid); - } - } - } else { - /* keyring directory was not writable, so we don't even try */ - _alpm_log(handle, ALPM_LOG_WARNING, - _("key %s, \"%s\" found on keyserver, keyring is not writable\n"), - fetch_key.fingerprint, fetch_key.uid); - } - } else { - _alpm_log(handle, ALPM_LOG_ERROR, - _("key \"%s\" could not be looked up remotely\n"), name); - } - gpgme_key_unref(fetch_key.data); + + if(_alpm_key_import(handle, result->key.fingerprint) == 0) { + retry = 1; } -#endif + break; case ALPM_SIGSTATUS_KEY_DISABLED: _alpm_log(handle, ALPM_LOG_ERROR, diff --git a/lib/libalpm/signing.h b/lib/libalpm/signing.h index cc3e979..a78e4b7 100644 --- a/lib/libalpm/signing.h +++ b/lib/libalpm/signing.h @@ -32,6 +32,7 @@ int _alpm_process_siglist(alpm_handle_t *handle, const char *identifier, alpm_siglist_t *siglist, int optional, int marginal, int unknown); int _alpm_key_in_keychain(alpm_handle_t *handle, const char *fpr); +int _alpm_key_import(alpm_handle_t *handle, const char *fpr); #endif /* _ALPM_SIGNING_H */ -- 1.8.0