[pacman-dev] [PATCH 4/6] Add --verify option for signature level
The --verify option allows the user to change pacman's default signature verification level. It can take in one of "Always", "Optional" or "Verify". Signed-off-by: Pang Yan Han <pangyanhan@gmail.com> --- This is a reroll after Remy suggested that it's better to set the signature verification level supplied from the command line in setlibpaths(). A new field is introduced in struct config which stores what the user passes to the --verify option at the command line. Is it possible for us to change option_verifysig to compare to non-caps versions of "Always", "Optional" and "Never"? src/pacman/conf.c | 14 ++++++++++++++ src/pacman/conf.h | 4 +++- src/pacman/pacman.c | 4 ++++ 3 files changed, 21 insertions(+), 1 deletions(-) diff --git a/src/pacman/conf.c b/src/pacman/conf.c index 370ec51..869c005 100644 --- a/src/pacman/conf.c +++ b/src/pacman/conf.c @@ -68,6 +68,7 @@ int config_free(config_t *oldconfig) free(oldconfig->rootdir); free(oldconfig->dbpath); free(oldconfig->logfile); + free(oldconfig->sigverify); free(oldconfig->xfercommand); free(oldconfig->print_format); free(oldconfig); @@ -474,6 +475,19 @@ static int setlibpaths(void) } } + /* Set the signature verification level to what the user requested */ + if(config->sigverify) { + pgp_verify_t verify = option_verifysig(config->sigverify); + if (verify != PM_PGP_VERIFY_UNKNOWN) { + ret = alpm_option_set_default_sigverify(verify); + if(ret != 0) { + pm_printf(PM_LOG_ERROR, _("problem setting sigverify '%s' (%s)\n"), + config->sigverify, alpm_strerrorlast()); + return ret; + } + } + } + /* add a default cachedir if one wasn't specified */ if(alpm_option_get_cachedirs() == NULL) { alpm_option_add_cachedir(CACHEDIR); diff --git a/src/pacman/conf.h b/src/pacman/conf.h index 76c76cf..d08f83c 100644 --- a/src/pacman/conf.h +++ b/src/pacman/conf.h @@ -41,6 +41,7 @@ typedef struct __config_t { char *dbpath; char *logfile; char *gpgdir; + char *sigverify; /* TODO how to handle cachedirs? */ unsigned short op_q_isfile; @@ -111,7 +112,8 @@ enum { OP_ASEXPLICIT, OP_ARCH, OP_PRINTFORMAT, - OP_GPGDIR + OP_GPGDIR, + OP_VERIFY }; /* clean method */ diff --git a/src/pacman/pacman.c b/src/pacman/pacman.c index 8458c97..1e58890 100644 --- a/src/pacman/pacman.c +++ b/src/pacman/pacman.c @@ -438,6 +438,9 @@ static int parsearg_global(int opt) config->logfile = strndup(optarg, PATH_MAX); break; case OP_NOCONFIRM: config->noconfirm = 1; break; + case OP_VERIFY: + config->sigverify = strdup(optarg); + break; case 'b': check_optarg(); config->dbpath = strdup(optarg); @@ -635,6 +638,7 @@ static int parseargs(int argc, char *argv[]) {"arch", required_argument, 0, OP_ARCH}, {"print-format", required_argument, 0, OP_PRINTFORMAT}, {"gpgdir", required_argument, 0, OP_GPGDIR}, + {"verify", required_argument, 0, OP_VERIFY}, {0, 0, 0, 0} }; -- 1.7.5.rc0.101.g3d23c
On Sun, May 29, 2011 at 4:04 AM, Pang Yan Han <pangyanhan@gmail.com> wrote:
The --verify option allows the user to change pacman's default signature verification level. It can take in one of "Always", "Optional" or "Verify".
Signed-off-by: Pang Yan Han <pangyanhan@gmail.com> --- This is a reroll after Remy suggested that it's better to set the signature verification level supplied from the command line in setlibpaths(). Would you mind re-rolling again with docs? Both a usage string and doc/ updates will be needed.
A new field is introduced in struct config which stores what the user passes to the --verify option at the command line.
Is it possible for us to change option_verifysig to compare to non-caps versions of "Always", "Optional" and "Never"? As long as you don't break the requirements made in this commit way back when: http://projects.archlinux.org/pacman.git/commit/?id=b3e6cf652c9e989badaf5499...
Basically case insensitive compares don't always work as expected across locales, so if you do this, it is probably best to explicitly compare to "Always" and "always", "Optional" and "optional", etc. Especially since "optional" contains the infamous "i" character.
src/pacman/conf.c | 14 ++++++++++++++ src/pacman/conf.h | 4 +++- src/pacman/pacman.c | 4 ++++ 3 files changed, 21 insertions(+), 1 deletions(-)
diff --git a/src/pacman/conf.c b/src/pacman/conf.c index 370ec51..869c005 100644 --- a/src/pacman/conf.c +++ b/src/pacman/conf.c @@ -68,6 +68,7 @@ int config_free(config_t *oldconfig) free(oldconfig->rootdir); free(oldconfig->dbpath); free(oldconfig->logfile); + free(oldconfig->sigverify); free(oldconfig->xfercommand); free(oldconfig->print_format); free(oldconfig); @@ -474,6 +475,19 @@ static int setlibpaths(void) } }
+ /* Set the signature verification level to what the user requested */ + if(config->sigverify) { + pgp_verify_t verify = option_verifysig(config->sigverify); + if (verify != PM_PGP_VERIFY_UNKNOWN) { + ret = alpm_option_set_default_sigverify(verify); + if(ret != 0) { + pm_printf(PM_LOG_ERROR, _("problem setting sigverify '%s' (%s)\n"), + config->sigverify, alpm_strerrorlast()); + return ret; + } + } + } + /* add a default cachedir if one wasn't specified */ if(alpm_option_get_cachedirs() == NULL) { alpm_option_add_cachedir(CACHEDIR); diff --git a/src/pacman/conf.h b/src/pacman/conf.h index 76c76cf..d08f83c 100644 --- a/src/pacman/conf.h +++ b/src/pacman/conf.h @@ -41,6 +41,7 @@ typedef struct __config_t { char *dbpath; char *logfile; char *gpgdir; + char *sigverify; /* TODO how to handle cachedirs? */
unsigned short op_q_isfile; @@ -111,7 +112,8 @@ enum { OP_ASEXPLICIT, OP_ARCH, OP_PRINTFORMAT, - OP_GPGDIR + OP_GPGDIR, + OP_VERIFY };
/* clean method */ diff --git a/src/pacman/pacman.c b/src/pacman/pacman.c index 8458c97..1e58890 100644 --- a/src/pacman/pacman.c +++ b/src/pacman/pacman.c @@ -438,6 +438,9 @@ static int parsearg_global(int opt) config->logfile = strndup(optarg, PATH_MAX); break; case OP_NOCONFIRM: config->noconfirm = 1; break; + case OP_VERIFY: + config->sigverify = strdup(optarg); + break; case 'b': check_optarg(); config->dbpath = strdup(optarg); @@ -635,6 +638,7 @@ static int parseargs(int argc, char *argv[]) {"arch", required_argument, 0, OP_ARCH}, {"print-format", required_argument, 0, OP_PRINTFORMAT}, {"gpgdir", required_argument, 0, OP_GPGDIR}, + {"verify", required_argument, 0, OP_VERIFY}, {0, 0, 0, 0} };
-- 1.7.5.rc0.101.g3d23c
participants (2)
-
Dan McGee
-
Pang Yan Han