[pacman-dev] [PATCH 0/4] Make gpgme optional
These patches (partially already submitted before) make linking with gpgme optional, and also implement a configuration option for pacman to use an external tool for signature checking. The given example is "gpg --verify - $filename", but "/bin/true" could be used to totally bypass checking. To apply on branch 'master', after the previously posted patch set. Rémy Oudompheng (4): handle: define a new callback for signature check signing: make gpgme optional and default to user callback pacman: add a configuration key for signature checking command pacman: implement signature check callback using an external command configure.ac | 19 ++++++++++- etc/pacman.conf.in | 1 + lib/libalpm/alpm.h | 12 +++++++ lib/libalpm/error.c | 2 + lib/libalpm/handle.c | 13 ++++++++ lib/libalpm/handle.h | 1 + lib/libalpm/signing.c | 33 +++++++++++++++++++-- lib/libalpm/signing.h | 2 +- lib/libalpm/sync.c | 6 ++- src/pacman/callback.c | 78 +++++++++++++++++++++++++++++++++++++++++++++++++ src/pacman/callback.h | 3 ++ src/pacman/conf.h | 1 + src/pacman/pacman.c | 4 ++ 13 files changed, 167 insertions(+), 8 deletions(-) -- 1.7.4.4
This callback will make possible the use of an external
tool to check signatures.
Signed-off-by: Rémy Oudompheng
On Sun, Apr 10, 2011 at 6:38 AM, Rémy Oudompheng
This callback will make possible the use of an external tool to check signatures.
Signed-off-by: Rémy Oudompheng
-1, rejected as noted in my prior email.
--- lib/libalpm/alpm.h | 12 ++++++++++++ lib/libalpm/error.c | 2 ++ lib/libalpm/handle.c | 13 +++++++++++++ lib/libalpm/handle.h | 1 + 4 files changed, 28 insertions(+), 0 deletions(-)
diff --git a/lib/libalpm/alpm.h b/lib/libalpm/alpm.h index 1777bf2..7979e9f 100644 --- a/lib/libalpm/alpm.h +++ b/lib/libalpm/alpm.h @@ -99,6 +99,13 @@ typedef void (*alpm_cb_totaldl)(off_t total); typedef int (*alpm_cb_fetch)(const char *url, const char *localpath, int force);
+/** A callback for checking signatures. + * @param path the path of the signed file + * @param sig the signature to check + * @return an int value : 0 (valid), 1 (invalid), -1 (an error occured) + */ +typedef int (*alpm_cb_checksig)(const char *path, const pmpgpsig_t *sig); + /** Fetch a remote pkg. * @param url URL of the package to download * @return the downloaded filepath on success, NULL on error @@ -128,6 +135,10 @@ void alpm_option_set_fetchcb(alpm_cb_fetch cb); alpm_cb_totaldl alpm_option_get_totaldlcb(void); void alpm_option_set_totaldlcb(alpm_cb_totaldl cb);
+/** Get/set the signature checking callback. */ +alpm_cb_checksig alpm_option_get_checksigcb(void); +int alpm_option_set_checksigcb(alpm_cb_checksig cb); + /** Get/set the root of the destination filesystem. */ const char *alpm_option_get_root(void); int alpm_option_set_root(const char *root); @@ -942,6 +953,7 @@ enum _pmerrno_t { PM_ERR_LIBARCHIVE, PM_ERR_LIBCURL, PM_ERR_EXTERNAL_DOWNLOAD, + PM_ERR_EXTERNAL_SIGCHECK, PM_ERR_GPGME };
diff --git a/lib/libalpm/error.c b/lib/libalpm/error.c index 4d4a065..839ecc3 100644 --- a/lib/libalpm/error.c +++ b/lib/libalpm/error.c @@ -158,6 +158,8 @@ const char SYMEXPORT *alpm_strerror(int err) return _("gpgme error"); case PM_ERR_EXTERNAL_DOWNLOAD: return _("error invoking external downloader"); + case PM_ERR_EXTERNAL_SIGCHECK: + return _("error invoking external signature check"); /* Unknown error! */ default: return _("unexpected error"); diff --git a/lib/libalpm/handle.c b/lib/libalpm/handle.c index fd40f19..da5309d 100644 --- a/lib/libalpm/handle.c +++ b/lib/libalpm/handle.c @@ -130,6 +130,12 @@ alpm_cb_totaldl SYMEXPORT alpm_option_get_totaldlcb() return handle->totaldlcb; }
+alpm_cb_checksig SYMEXPORT alpm_option_get_checksigcb() +{ + ASSERT(handle != NULL, RET_ERR(PM_ERR_HANDLE_NULL, NULL)); + return handle->checksigcb; +} + const char SYMEXPORT *alpm_option_get_root() { if (handle == NULL) { @@ -310,6 +316,13 @@ void SYMEXPORT alpm_option_set_totaldlcb(alpm_cb_totaldl cb) handle->totaldlcb = cb; }
+int SYMEXPORT alpm_option_set_checksigcb(alpm_cb_checksig cb) +{ + ASSERT(handle != NULL, RET_ERR(PM_ERR_HANDLE_NULL, -1)); + handle->checksigcb = cb; + return 0; +} + int SYMEXPORT alpm_option_set_root(const char *root) { struct stat st; diff --git a/lib/libalpm/handle.h b/lib/libalpm/handle.h index cf192bc..2f2e5d2 100644 --- a/lib/libalpm/handle.h +++ b/lib/libalpm/handle.h @@ -52,6 +52,7 @@ typedef struct _pmhandle_t { alpm_cb_download dlcb; /* Download callback function */ alpm_cb_totaldl totaldlcb; /* Total download callback function */ alpm_cb_fetch fetchcb; /* Download file callback function */ + alpm_cb_checksig checksigcb; /* Signature check callback function */
/* filesystem paths */ char *root; /* Root path, default '/' */ -- 1.7.4.4
This makes it possible to compile libalpm without the gpgme library.
This option is reflected in the configure script.
Signed-off-by: Rémy Oudompheng
Signed-off-by: Rémy Oudompheng
Signed-off-by: Rémy Oudompheng
On Sun, Apr 10, 2011 at 6:37 AM, Rémy Oudompheng
These patches (partially already submitted before) make linking with gpgme optional, and also implement a configuration option for pacman to use an external tool for signature checking. The given example is "gpg --verify - $filename", but "/bin/true" could be used to totally bypass checking.
You totally misread my TODO item, sorry, and I never intended someone else to do this one but put it on the list in trying to be open about things. :/ I meant nothing about letting an external tool validate signatures; as a matter of fact I am highly against this. I only wanted gpgme and signature checking to be an option that could be omitted when compiling, for instance if someone decided to use this to manage custom packages elsewhere with no intent of sharing publicly, or another OS where gpg is not so readily available. So I will take a look at the first half, but the second half will not be going anywhere. -Dan
On 2011/4/11 Dan McGee
On Sun, Apr 10, 2011 at 6:37 AM, Rémy Oudompheng
wrote: These patches (partially already submitted before) make linking with gpgme optional, and also implement a configuration option for pacman to use an external tool for signature checking. The given example is "gpg --verify - $filename", but "/bin/true" could be used to totally bypass checking.
You totally misread my TODO item, sorry, and I never intended someone else to do this one but put it on the list in trying to be open about things. :/
I meant nothing about letting an external tool validate signatures; as a matter of fact I am highly against this. I only wanted gpgme and signature checking to be an option that could be omitted when compiling, for instance if someone decided to use this to manage custom packages elsewhere with no intent of sharing publicly, or another OS where gpg is not so readily available.
Gah I read "like we do with our download code" which looked exactly like I thought. However, I may understand that you don't want to merge this, even if I found the idea interesting. -- Rémy.
participants (2)
-
Dan McGee
-
Rémy Oudompheng