[pacman-dev] [PATCH 1/3] Changed all references to signature verification level in libalpm symbols to 'verifysig'. Removed references to PGP in libalpm symbols. Signed-off-by: Kerrick Staley <mail@kerrickstaley.com>
--- lib/libalpm/alpm.h | 24 ++++++++++++------------ lib/libalpm/be_package.c | 10 +++++----- lib/libalpm/be_sync.c | 10 +++++----- lib/libalpm/db.c | 6 +++--- lib/libalpm/db.h | 2 +- lib/libalpm/dload.c | 6 +++--- lib/libalpm/handle.c | 14 +++++++------- lib/libalpm/handle.h | 2 +- lib/libalpm/package.h | 2 +- lib/libalpm/signing.c | 14 +++++++------- lib/libalpm/signing.h | 2 +- lib/libalpm/sync.c | 4 ++-- src/pacman/conf.c | 24 ++++++++++++------------ src/pacman/query.c | 2 +- src/pacman/sync.c | 2 +- src/pacman/upgrade.c | 2 +- src/util/testpkg.c | 2 +- 17 files changed, 64 insertions(+), 64 deletions(-) diff --git a/lib/libalpm/alpm.h b/lib/libalpm/alpm.h index 5af843c..c779a06 100644 --- a/lib/libalpm/alpm.h +++ b/lib/libalpm/alpm.h @@ -63,12 +63,12 @@ typedef enum _pmpkgreason_t { /** * GPG signature verification options */ -typedef enum _pgp_verify_t { - PM_PGP_VERIFY_UNKNOWN, - PM_PGP_VERIFY_NEVER, - PM_PGP_VERIFY_OPTIONAL, - PM_PGP_VERIFY_ALWAYS -} pgp_verify_t; +typedef enum pmverifysig_t { + PM_VERIFYSIG_UNKNOWN, + PM_VERIFYSIG_NEVER, + PM_VERIFYSIG_OPTIONAL, + PM_VERIFYSIG_ALWAYS +} pmverifysig_t; /* * Structures @@ -263,8 +263,8 @@ int alpm_option_set_usedelta(int usedelta); int alpm_option_get_checkspace(void); int alpm_option_set_checkspace(int checkspace); -pgp_verify_t alpm_option_get_default_sigverify(void); -int alpm_option_set_default_sigverify(pgp_verify_t level); +pmverifysig_t alpm_option_get_default_verifysig(void); +int alpm_option_set_default_verifysig(pmverifysig_t level); /** @} */ @@ -389,7 +389,7 @@ int alpm_db_set_pkgreason(pmdb_t *db, const char *name, pmpkgreason_t reason); * @param pkg address of the package pointer * @return 0 on success, -1 on error (pm_errno is set accordingly) */ -int alpm_pkg_load(const char *filename, int full, pgp_verify_t check_sig, +int alpm_pkg_load(const char *filename, int full, pmverifysig_t check_sig, pmpkg_t **pkg); /** Free a package. @@ -626,10 +626,10 @@ alpm_list_t *alpm_pkg_unused_deltas(pmpkg_t *pkg); * Signatures */ -int alpm_pkg_check_pgp_signature(pmpkg_t *pkg); +int alpm_pkg_check_signature(pmpkg_t *pkg); -int alpm_db_check_pgp_signature(pmdb_t *db); -int alpm_db_set_pgp_verify(pmdb_t *db, pgp_verify_t verify); +int alpm_db_check_signature(pmdb_t *db); +int alpm_db_set_verifysig(pmdb_t *db, pmverifysig_t verify); /* * Deltas diff --git a/lib/libalpm/be_package.c b/lib/libalpm/be_package.c index 9e59d69..173bd4b 100644 --- a/lib/libalpm/be_package.c +++ b/lib/libalpm/be_package.c @@ -227,7 +227,7 @@ static int parse_descfile(struct archive *a, pmpkg_t *newpkg) * @return An information filled pmpkg_t struct */ pmpkg_t *_alpm_pkg_load_internal(const char *pkgfile, int full, - const char *md5sum, const char *base64_sig, pgp_verify_t check_sig) + const char *md5sum, const char *base64_sig, pmverifysig_t check_sig) { int ret; int config = 0; @@ -266,11 +266,11 @@ pmpkg_t *_alpm_pkg_load_internal(const char *pkgfile, int full, } _alpm_log(PM_LOG_DEBUG, "base64_sig: %s\n", base64_sig); - if(check_sig != PM_PGP_VERIFY_NEVER) { + if(check_sig != PM_VERIFYSIG_NEVER) { _alpm_log(PM_LOG_DEBUG, "checking signature for %s\n", pkgfile); ret = _alpm_gpgme_checksig(pkgfile, base64_sig); - if((check_sig == PM_PGP_VERIFY_ALWAYS && ret != 0) || - (check_sig == PM_PGP_VERIFY_OPTIONAL && ret == 1)) { + if((check_sig == PM_VERIFYSIG_ALWAYS && ret != 0) || + (check_sig == PM_VERIFYSIG_OPTIONAL && ret == 1)) { RET_ERR(PM_ERR_SIG_INVALID, NULL); } } @@ -381,7 +381,7 @@ error: } int SYMEXPORT alpm_pkg_load(const char *filename, int full, - pgp_verify_t check_sig, pmpkg_t **pkg) + pmverifysig_t check_sig, pmpkg_t **pkg) { ALPM_LOG_FUNC; diff --git a/lib/libalpm/be_sync.c b/lib/libalpm/be_sync.c index 9d85a45..3294f45 100644 --- a/lib/libalpm/be_sync.c +++ b/lib/libalpm/be_sync.c @@ -85,7 +85,7 @@ int SYMEXPORT alpm_db_update(int force, pmdb_t *db) size_t len; int ret = -1; mode_t oldmask; - pgp_verify_t check_sig; + pmverifysig_t check_sig; ALPM_LOG_FUNC; @@ -117,7 +117,7 @@ int SYMEXPORT alpm_db_update(int force, pmdb_t *db) } } - check_sig = _alpm_db_get_sigverify_level(db); + check_sig = _alpm_db_get_verifysig(db); for(i = db->servers; i; i = i->next) { const char *server = i->data; @@ -132,9 +132,9 @@ int SYMEXPORT alpm_db_update(int force, pmdb_t *db) ret = _alpm_download(fileurl, syncpath, force, 0, 0); - if(ret == 0 && (check_sig == PM_PGP_VERIFY_ALWAYS || - check_sig == PM_PGP_VERIFY_OPTIONAL)) { - int errors_ok = (check_sig == PM_PGP_VERIFY_OPTIONAL); + if(ret == 0 && (check_sig == PM_VERIFYSIG_ALWAYS || + check_sig == PM_VERIFYSIG_OPTIONAL)) { + int errors_ok = (check_sig == PM_VERIFYSIG_OPTIONAL); /* if we downloaded a DB, we want the .sig from the same server */ snprintf(fileurl, len, "%s/%s.db.sig", server, db->treename); diff --git a/lib/libalpm/db.c b/lib/libalpm/db.c index 3133614..d062a92 100644 --- a/lib/libalpm/db.c +++ b/lib/libalpm/db.c @@ -225,17 +225,17 @@ int SYMEXPORT alpm_db_remove_server(pmdb_t *db, const char *url) } /** Set the verify gpg signature option for a database. * @param db database pointer - * @param verify enum pgp_verify_t + * @param verify enum pmverifysig_t * @return 0 on success, -1 on error (pm_errno is set accordingly) */ -int SYMEXPORT alpm_db_set_pgp_verify(pmdb_t *db, pgp_verify_t verify) +int SYMEXPORT alpm_db_set_verifysig(pmdb_t *db, pmverifysig_t verify) { ALPM_LOG_FUNC; /* Sanity checks */ ASSERT(db != NULL, RET_ERR(PM_ERR_DB_NULL, -1)); - db->pgp_verify = verify; + db->verifysig = verify; _alpm_log(PM_LOG_DEBUG, "adding VerifySig option to database '%s': %d\n", db->treename, verify); diff --git a/lib/libalpm/db.h b/lib/libalpm/db.h index 399e2d5..23dffb7 100644 --- a/lib/libalpm/db.h +++ b/lib/libalpm/db.h @@ -63,7 +63,7 @@ struct __pmdb_t { pmpkghash_t *pkgcache; alpm_list_t *grpcache; alpm_list_t *servers; - pgp_verify_t pgp_verify; + pmverifysig_t verifysig; struct db_operations *ops; }; diff --git a/lib/libalpm/dload.c b/lib/libalpm/dload.c index d024c73..9d44ce7 100644 --- a/lib/libalpm/dload.c +++ b/lib/libalpm/dload.c @@ -351,11 +351,11 @@ char SYMEXPORT *alpm_fetch_pkgurl(const char *url) _alpm_log(PM_LOG_DEBUG, "successfully downloaded %s\n", url); /* attempt to download the signature */ - if(ret == 0 && (handle->sigverify == PM_PGP_VERIFY_ALWAYS || - handle->sigverify == PM_PGP_VERIFY_OPTIONAL)) { + if(ret == 0 && (handle->verifysig == PM_VERIFYSIG_ALWAYS || + handle->verifysig == PM_VERIFYSIG_OPTIONAL)) { char *sig_url; size_t len; - int errors_ok = (handle->sigverify == PM_PGP_VERIFY_OPTIONAL); + int errors_ok = (handle->verifysig == PM_VERIFYSIG_OPTIONAL); len = strlen(url) + 5; CALLOC(sig_url, len, sizeof(char), RET_ERR(PM_ERR_MEMORY, NULL)); diff --git a/lib/libalpm/handle.c b/lib/libalpm/handle.c index 39b3b60..4999244 100644 --- a/lib/libalpm/handle.c +++ b/lib/libalpm/handle.c @@ -46,7 +46,7 @@ pmhandle_t *_alpm_handle_new() CALLOC(handle, 1, sizeof(pmhandle_t), RET_ERR(PM_ERR_MEMORY, NULL)); - handle->sigverify = PM_PGP_VERIFY_OPTIONAL; + handle->verifysig = PM_VERIFYSIG_OPTIONAL; return handle; } @@ -627,18 +627,18 @@ int SYMEXPORT alpm_option_set_checkspace(int checkspace) return 0; } -int SYMEXPORT alpm_option_set_default_sigverify(pgp_verify_t level) +int SYMEXPORT alpm_option_set_default_verifysig(pmverifysig_t level) { ASSERT(handle != NULL, RET_ERR(PM_ERR_HANDLE_NULL, -1)); - ASSERT(level != PM_PGP_VERIFY_UNKNOWN, RET_ERR(PM_ERR_WRONG_ARGS, -1)); - handle->sigverify = level; + ASSERT(level != PM_VERIFYSIG_UNKNOWN, RET_ERR(PM_ERR_WRONG_ARGS, -1)); + handle->verifysig = level; return 0; } -pgp_verify_t SYMEXPORT alpm_option_get_default_sigverify() +pmverifysig_t SYMEXPORT alpm_option_get_default_verifysig() { - ASSERT(handle != NULL, RET_ERR(PM_ERR_HANDLE_NULL, PM_PGP_VERIFY_UNKNOWN)); - return handle->sigverify; + ASSERT(handle != NULL, RET_ERR(PM_ERR_HANDLE_NULL, PM_VERIFYSIG_UNKNOWN)); + return handle->verifysig; } /* vim: set ts=2 sw=2 noet: */ diff --git a/lib/libalpm/handle.h b/lib/libalpm/handle.h index aa00b6f..5bd41f1 100644 --- a/lib/libalpm/handle.h +++ b/lib/libalpm/handle.h @@ -72,7 +72,7 @@ typedef struct _pmhandle_t { char *arch; /* Architecture of packages we should allow */ int usedelta; /* Download deltas if possible */ int checkspace; /* Check disk space before installing */ - pgp_verify_t sigverify; /* Default signature verification level */ + pmverifysig_t verifysig; /* Default signature verification level */ } pmhandle_t; /* global handle variable */ diff --git a/lib/libalpm/package.h b/lib/libalpm/package.h index debb239..f3b3d26 100644 --- a/lib/libalpm/package.h +++ b/lib/libalpm/package.h @@ -141,7 +141,7 @@ void _alpm_pkg_free(pmpkg_t *pkg); void _alpm_pkg_free_trans(pmpkg_t *pkg); pmpkg_t *_alpm_pkg_load_internal(const char *filename, int full, - const char *md5sum, const char *base64_sig, pgp_verify_t check_sig); + const char *md5sum, const char *base64_sig, pmverifysig_t check_sig); int _alpm_pkg_cmp(const void *p1, const void *p2); int _alpm_pkg_compare_versions(pmpkg_t *local_pkg, pmpkg_t *pkg); diff --git a/lib/libalpm/signing.c b/lib/libalpm/signing.c index 9bb9d0a..1a99c8f 100644 --- a/lib/libalpm/signing.c +++ b/lib/libalpm/signing.c @@ -369,15 +369,15 @@ int _alpm_gpgme_checksig(const char *path, const char *base64_sig) * * @return signature verification level */ -pgp_verify_t _alpm_db_get_sigverify_level(pmdb_t *db) +pmverifysig_t _alpm_db_get_verifysig(pmdb_t *db) { ALPM_LOG_FUNC; - ASSERT(db != NULL, RET_ERR(PM_ERR_DB_NULL, PM_PGP_VERIFY_UNKNOWN)); + ASSERT(db != NULL, RET_ERR(PM_ERR_DB_NULL, PM_VERIFYSIG_UNKNOWN)); - if(db->pgp_verify != PM_PGP_VERIFY_UNKNOWN) { - return db->pgp_verify; + if(db->verifysig != PM_VERIFYSIG_UNKNOWN) { + return db->verifysig; } else { - return alpm_option_get_default_sigverify(); + return alpm_option_get_default_verifysig(); } } @@ -386,7 +386,7 @@ pgp_verify_t _alpm_db_get_sigverify_level(pmdb_t *db) * @param pkg the package to check * @return a int value : 0 (valid), 1 (invalid), -1 (an error occurred) */ -int SYMEXPORT alpm_pkg_check_pgp_signature(pmpkg_t *pkg) +int SYMEXPORT alpm_pkg_check_signature(pmpkg_t *pkg) { ALPM_LOG_FUNC; ASSERT(pkg != NULL, return 0); @@ -399,7 +399,7 @@ int SYMEXPORT alpm_pkg_check_pgp_signature(pmpkg_t *pkg) * @param db the database to check * @return a int value : 0 (valid), 1 (invalid), -1 (an error occurred) */ -int SYMEXPORT alpm_db_check_pgp_signature(pmdb_t *db) +int SYMEXPORT alpm_db_check_signature(pmdb_t *db) { ALPM_LOG_FUNC; ASSERT(db != NULL, return 0); diff --git a/lib/libalpm/signing.h b/lib/libalpm/signing.h index 8d8c164..253a919 100644 --- a/lib/libalpm/signing.h +++ b/lib/libalpm/signing.h @@ -22,7 +22,7 @@ #include "alpm.h" int _alpm_gpgme_checksig(const char *path, const char *base64_sig); -pgp_verify_t _alpm_db_get_sigverify_level(pmdb_t *db); +pmverifysig_t _alpm_db_get_verifysig(pmdb_t *db); #endif /* _ALPM_SIGNING_H */ diff --git a/lib/libalpm/sync.c b/lib/libalpm/sync.c index 8dd51aa..6b99e08 100644 --- a/lib/libalpm/sync.c +++ b/lib/libalpm/sync.c @@ -866,7 +866,7 @@ int _alpm_sync_commit(pmtrans_t *trans, pmdb_t *db_local, alpm_list_t **data) int percent = (current * 100) / numtargs; const char *filename; char *filepath; - pgp_verify_t check_sig; + pmverifysig_t check_sig; PROGRESS(trans, PM_TRANS_PROGRESS_INTEGRITY_START, "", percent, numtargs, current); @@ -877,7 +877,7 @@ int _alpm_sync_commit(pmtrans_t *trans, pmdb_t *db_local, alpm_list_t **data) filename = alpm_pkg_get_filename(spkg); filepath = _alpm_filecache_find(filename); pmdb_t *sdb = alpm_pkg_get_db(spkg); - check_sig = _alpm_db_get_sigverify_level(sdb); + check_sig = _alpm_db_get_verifysig(sdb); /* load the package file and replace pkgcache entry with it in the target list */ /* TODO: alpm_pkg_get_db() will not work on this target anymore */ diff --git a/src/pacman/conf.c b/src/pacman/conf.c index 370ec51..a872d3f 100644 --- a/src/pacman/conf.c +++ b/src/pacman/conf.c @@ -214,17 +214,17 @@ int config_set_arch(const char *arch) } } -static pgp_verify_t option_verifysig(const char *value) +static pmverifysig_t option_verifysig(const char *value) { - pgp_verify_t level; + pmverifysig_t level; if(strcmp(value, "Always") == 0) { - level = PM_PGP_VERIFY_ALWAYS; + level = PM_VERIFYSIG_ALWAYS; } else if(strcmp(value, "Optional") == 0) { - level = PM_PGP_VERIFY_OPTIONAL; + level = PM_VERIFYSIG_OPTIONAL; } else if(strcmp(value, "Never") == 0) { - level = PM_PGP_VERIFY_NEVER; + level = PM_VERIFYSIG_NEVER; } else { - level = PM_PGP_VERIFY_UNKNOWN; + level = PM_VERIFYSIG_UNKNOWN; } pm_printf(PM_LOG_DEBUG, "config: VerifySig = %s (%d)\n", value, level); return level; @@ -359,9 +359,9 @@ static int _parse_options(const char *key, char *value, } else if(strcmp(key, "CleanMethod") == 0) { setrepeatingoption(value, "CleanMethod", option_add_cleanmethod); } else if(strcmp(key, "VerifySig") == 0) { - pgp_verify_t level = option_verifysig(value); - if(level != PM_PGP_VERIFY_UNKNOWN) { - alpm_option_set_default_sigverify(level); + pmverifysig_t level = option_verifysig(value); + if(level != PM_VERIFYSIG_UNKNOWN) { + alpm_option_set_default_verifysig(level); } else { pm_printf(PM_LOG_ERROR, _("config file %s, line %d: directive '%s' has invalid value '%s'\n"), @@ -634,9 +634,9 @@ static int _parseconfig(const char *file, int parse_options, goto cleanup; } } else if(strcmp(key, "VerifySig") == 0) { - pgp_verify_t level = option_verifysig(value); - if(level != PM_PGP_VERIFY_UNKNOWN) { - ret = alpm_db_set_pgp_verify(db, level); + pmverifysig_t level = option_verifysig(value); + if(level != PM_VERIFYSIG_UNKNOWN) { + ret = alpm_db_set_verifysig(db, level); if(ret != 0) { pm_printf(PM_LOG_ERROR, _("could not add set verify option for database '%s': %s (%s)\n"), alpm_db_get_name(db), value, alpm_strerrorlast()); diff --git a/src/pacman/query.c b/src/pacman/query.c index d1105b4..87f06c4 100644 --- a/src/pacman/query.c +++ b/src/pacman/query.c @@ -551,7 +551,7 @@ int pacman_query(alpm_list_t *targets) char *strname = alpm_list_getdata(i); if(config->op_q_isfile) { - alpm_pkg_load(strname, 1, PM_PGP_VERIFY_OPTIONAL, &pkg); + alpm_pkg_load(strname, 1, PM_VERIFYSIG_OPTIONAL, &pkg); } else { pkg = alpm_db_get_pkg(db_local, strname); } diff --git a/src/pacman/sync.c b/src/pacman/sync.c index 884504f..8e2c236 100644 --- a/src/pacman/sync.c +++ b/src/pacman/sync.c @@ -219,7 +219,7 @@ static int sync_cleancache(int level) /* attempt to load the package, prompt removal on failures as we may have * files here that aren't valid packages. we also don't need a full * load of the package, just the metadata. */ - if(alpm_pkg_load(path, 0, PM_PGP_VERIFY_NEVER, &localpkg) != 0 + if(alpm_pkg_load(path, 0, PM_VERIFYSIG_NEVER, &localpkg) != 0 || localpkg == NULL) { if(yesno(_("File %s does not seem to be a valid package, remove it?"), path)) { diff --git a/src/pacman/upgrade.c b/src/pacman/upgrade.c index 0ffc94c..7a955e2 100644 --- a/src/pacman/upgrade.c +++ b/src/pacman/upgrade.c @@ -42,7 +42,7 @@ int pacman_upgrade(alpm_list_t *targets) { alpm_list_t *i, *data = NULL; - pgp_verify_t check_sig = alpm_option_get_default_sigverify(); + pmverifysig_t check_sig = alpm_option_get_default_verifysig(); int retval = 0; if(targets == NULL) { diff --git a/src/util/testpkg.c b/src/util/testpkg.c index ad6ec30..4568262 100644 --- a/src/util/testpkg.c +++ b/src/util/testpkg.c @@ -55,7 +55,7 @@ int main(int argc, char *argv[]) /* let us get log messages from libalpm */ alpm_option_set_logcb(output_cb); - if(alpm_pkg_load(argv[1], 1, PM_PGP_VERIFY_OPTIONAL, &pkg) == -1 + if(alpm_pkg_load(argv[1], 1, PM_VERIFYSIG_OPTIONAL, &pkg) == -1 || pkg == NULL) { switch(pm_errno) { case PM_ERR_PKG_OPEN: -- 1.7.5.2
--- lib/libalpm/alpm.h | 4 ++-- lib/libalpm/handle.c | 18 +++++++++--------- lib/libalpm/handle.h | 2 +- lib/libalpm/signing.c | 4 ++-- src/pacman/conf.c | 2 +- src/pacman/pacman.c | 2 +- 6 files changed, 16 insertions(+), 16 deletions(-) diff --git a/lib/libalpm/alpm.h b/lib/libalpm/alpm.h index c779a06..62a8f09 100644 --- a/lib/libalpm/alpm.h +++ b/lib/libalpm/alpm.h @@ -198,9 +198,9 @@ int alpm_option_set_logfile(const char *logfile); const char *alpm_option_get_lockfile(void); /** Returns the signature directory path. */ -const char *alpm_option_get_signaturedir(void); +const char *alpm_option_get_gpgdir(void); /** Sets the signature directory path. */ -int alpm_option_set_signaturedir(const char *signaturedir); +int alpm_option_set_gpgdir(const char *gpgdir); /** Returns whether to use syslog (0 is FALSE, TRUE otherwise). */ int alpm_option_get_usesyslog(void); diff --git a/lib/libalpm/handle.c b/lib/libalpm/handle.c index 4999244..04656b4 100644 --- a/lib/libalpm/handle.c +++ b/lib/libalpm/handle.c @@ -82,7 +82,7 @@ void _alpm_handle_free(pmhandle_t *handle) FREE(handle->logfile); FREE(handle->lockfile); FREE(handle->arch); - FREE(handle->signaturedir); + FREE(handle->gpgdir); FREELIST(handle->dbs_sync); FREELIST(handle->noupgrade); FREELIST(handle->noextract); @@ -173,13 +173,13 @@ const char SYMEXPORT *alpm_option_get_lockfile() return handle->lockfile; } -const char SYMEXPORT *alpm_option_get_signaturedir() +const char SYMEXPORT *alpm_option_get_gpgdir() { if(handle == NULL) { pm_errno = PM_ERR_HANDLE_NULL; return NULL; } - return handle->signaturedir; + return handle->gpgdir; } int SYMEXPORT alpm_option_get_usesyslog() @@ -468,21 +468,21 @@ int SYMEXPORT alpm_option_set_logfile(const char *logfile) return 0; } -int SYMEXPORT alpm_option_set_signaturedir(const char *signaturedir) +int SYMEXPORT alpm_option_set_gpgdir(const char *gpgdir) { ALPM_LOG_FUNC; - if(!signaturedir) { + if(!gpgdir) { pm_errno = PM_ERR_WRONG_ARGS; return -1; } - if(handle->signaturedir) { - FREE(handle->signaturedir); + if(handle->gpgdir) { + FREE(handle->gpgdir); } - handle->signaturedir = strdup(signaturedir); + handle->gpgdir = strdup(gpgdir); - _alpm_log(PM_LOG_DEBUG, "option 'signaturedir' = %s\n", handle->signaturedir); + _alpm_log(PM_LOG_DEBUG, "option 'gpgdir' = %s\n", handle->gpgdir); return 0; } diff --git a/lib/libalpm/handle.h b/lib/libalpm/handle.h index 5bd41f1..616c9fd 100644 --- a/lib/libalpm/handle.h +++ b/lib/libalpm/handle.h @@ -58,7 +58,7 @@ typedef struct _pmhandle_t { char *dbpath; /* Base path to pacman's DBs */ char *logfile; /* Name of the log file */ char *lockfile; /* Name of the lock file */ - char *signaturedir; /* Directory where GnuPG files are stored */ + char *gpgdir; /* Directory where GnuPG files are stored */ alpm_list_t *cachedirs; /* Paths to pacman cache directories */ /* package lists */ diff --git a/lib/libalpm/signing.c b/lib/libalpm/signing.c index 1a99c8f..fd13549 100644 --- a/lib/libalpm/signing.c +++ b/lib/libalpm/signing.c @@ -118,7 +118,7 @@ static int gpgme_init(void) return 0; } - if(!alpm_option_get_signaturedir()) { + if(!alpm_option_get_gpgdir()) { RET_ERR(PM_ERR_SIG_MISSINGDIR, 1); } @@ -144,7 +144,7 @@ static int gpgme_init(void) /* set and check engine information */ err = gpgme_set_engine_info(GPGME_PROTOCOL_OpenPGP, NULL, - alpm_option_get_signaturedir()); + alpm_option_get_gpgdir()); CHECK_ERR(); err = gpgme_get_engine_info(&enginfo); CHECK_ERR(); diff --git a/src/pacman/conf.c b/src/pacman/conf.c index a872d3f..0dbbfea 100644 --- a/src/pacman/conf.c +++ b/src/pacman/conf.c @@ -466,7 +466,7 @@ static int setlibpaths(void) /* Set GnuPG's home directory. This is not relative to rootdir, even if * rootdir is defined. Reasoning: gpgdir contains configuration data. */ if(config->gpgdir) { - ret = alpm_option_set_signaturedir(config->gpgdir); + ret = alpm_option_set_gpgdir(config->gpgdir); if(ret != 0) { pm_printf(PM_LOG_ERROR, _("problem setting gpgdir '%s' (%s)\n"), config->gpgdir, alpm_strerrorlast()); diff --git a/src/pacman/pacman.c b/src/pacman/pacman.c index 8458c97..810f335 100644 --- a/src/pacman/pacman.c +++ b/src/pacman/pacman.c @@ -813,7 +813,7 @@ int main(int argc, char *argv[]) /* define paths to reasonable defaults */ alpm_option_set_root(ROOTDIR); alpm_option_set_dbpath(DBPATH); - alpm_option_set_signaturedir(GPGDIR); + alpm_option_set_gpgdir(GPGDIR); alpm_option_set_logfile(LOGFILE); /* Priority of options: -- 1.7.5.2
^^^ You deleted the blank line between the patch subject and the
summary text, which makes it do what it did. You'll want to put that
back.
On Wed, Jun 1, 2011 at 3:03 PM, Kerrick Staley
--- lib/libalpm/alpm.h | 4 ++-- lib/libalpm/handle.c | 18 +++++++++--------- lib/libalpm/handle.h | 2 +- lib/libalpm/signing.c | 4 ++-- src/pacman/conf.c | 2 +- src/pacman/pacman.c | 2 +- 6 files changed, 16 insertions(+), 16 deletions(-)
diff --git a/lib/libalpm/alpm.h b/lib/libalpm/alpm.h index c779a06..62a8f09 100644 --- a/lib/libalpm/alpm.h +++ b/lib/libalpm/alpm.h @@ -198,9 +198,9 @@ int alpm_option_set_logfile(const char *logfile); const char *alpm_option_get_lockfile(void);
/** Returns the signature directory path. */ -const char *alpm_option_get_signaturedir(void); +const char *alpm_option_get_gpgdir(void); /** Sets the signature directory path. */ These two docstrings should probably be made more in line with the new name; e.g. "Sets the path to the GPG home directory."
-int alpm_option_set_signaturedir(const char *signaturedir); +int alpm_option_set_gpgdir(const char *gpgdir);
/** Returns whether to use syslog (0 is FALSE, TRUE otherwise). */ int alpm_option_get_usesyslog(void); diff --git a/lib/libalpm/handle.c b/lib/libalpm/handle.c index 4999244..04656b4 100644 --- a/lib/libalpm/handle.c +++ b/lib/libalpm/handle.c @@ -82,7 +82,7 @@ void _alpm_handle_free(pmhandle_t *handle) FREE(handle->logfile); FREE(handle->lockfile); FREE(handle->arch); - FREE(handle->signaturedir); + FREE(handle->gpgdir); FREELIST(handle->dbs_sync); FREELIST(handle->noupgrade); FREELIST(handle->noextract); @@ -173,13 +173,13 @@ const char SYMEXPORT *alpm_option_get_lockfile() return handle->lockfile; }
-const char SYMEXPORT *alpm_option_get_signaturedir() +const char SYMEXPORT *alpm_option_get_gpgdir() { if(handle == NULL) { pm_errno = PM_ERR_HANDLE_NULL; return NULL; } - return handle->signaturedir; + return handle->gpgdir; }
int SYMEXPORT alpm_option_get_usesyslog() @@ -468,21 +468,21 @@ int SYMEXPORT alpm_option_set_logfile(const char *logfile) return 0; }
-int SYMEXPORT alpm_option_set_signaturedir(const char *signaturedir) +int SYMEXPORT alpm_option_set_gpgdir(const char *gpgdir) { ALPM_LOG_FUNC;
- if(!signaturedir) { + if(!gpgdir) { pm_errno = PM_ERR_WRONG_ARGS; return -1; }
- if(handle->signaturedir) { - FREE(handle->signaturedir); + if(handle->gpgdir) { + FREE(handle->gpgdir); } - handle->signaturedir = strdup(signaturedir); + handle->gpgdir = strdup(gpgdir);
- _alpm_log(PM_LOG_DEBUG, "option 'signaturedir' = %s\n", handle->signaturedir); + _alpm_log(PM_LOG_DEBUG, "option 'gpgdir' = %s\n", handle->gpgdir); return 0; }
diff --git a/lib/libalpm/handle.h b/lib/libalpm/handle.h index 5bd41f1..616c9fd 100644 --- a/lib/libalpm/handle.h +++ b/lib/libalpm/handle.h @@ -58,7 +58,7 @@ typedef struct _pmhandle_t { char *dbpath; /* Base path to pacman's DBs */ char *logfile; /* Name of the log file */ char *lockfile; /* Name of the lock file */ - char *signaturedir; /* Directory where GnuPG files are stored */ + char *gpgdir; /* Directory where GnuPG files are stored */ alpm_list_t *cachedirs; /* Paths to pacman cache directories */
/* package lists */ diff --git a/lib/libalpm/signing.c b/lib/libalpm/signing.c index 1a99c8f..fd13549 100644 --- a/lib/libalpm/signing.c +++ b/lib/libalpm/signing.c @@ -118,7 +118,7 @@ static int gpgme_init(void) return 0; }
- if(!alpm_option_get_signaturedir()) { + if(!alpm_option_get_gpgdir()) { RET_ERR(PM_ERR_SIG_MISSINGDIR, 1); }
@@ -144,7 +144,7 @@ static int gpgme_init(void)
/* set and check engine information */ err = gpgme_set_engine_info(GPGME_PROTOCOL_OpenPGP, NULL, - alpm_option_get_signaturedir()); + alpm_option_get_gpgdir()); CHECK_ERR(); err = gpgme_get_engine_info(&enginfo); CHECK_ERR(); diff --git a/src/pacman/conf.c b/src/pacman/conf.c index a872d3f..0dbbfea 100644 --- a/src/pacman/conf.c +++ b/src/pacman/conf.c @@ -466,7 +466,7 @@ static int setlibpaths(void) /* Set GnuPG's home directory. This is not relative to rootdir, even if * rootdir is defined. Reasoning: gpgdir contains configuration data. */ if(config->gpgdir) { - ret = alpm_option_set_signaturedir(config->gpgdir); + ret = alpm_option_set_gpgdir(config->gpgdir); if(ret != 0) { pm_printf(PM_LOG_ERROR, _("problem setting gpgdir '%s' (%s)\n"), config->gpgdir, alpm_strerrorlast()); diff --git a/src/pacman/pacman.c b/src/pacman/pacman.c index 8458c97..810f335 100644 --- a/src/pacman/pacman.c +++ b/src/pacman/pacman.c @@ -813,7 +813,7 @@ int main(int argc, char *argv[]) /* define paths to reasonable defaults */ alpm_option_set_root(ROOTDIR); alpm_option_set_dbpath(DBPATH); - alpm_option_set_signaturedir(GPGDIR); + alpm_option_set_gpgdir(GPGDIR); alpm_option_set_logfile(LOGFILE);
/* Priority of options: -- 1.7.5.2
Otherwise this looks fine to me; I'll let other people weigh in on API naming stuff as well though. -Dan
'gpgdir' is clearer than 'signaturedir'. Since this directory and the
API based on it are specific to GPGME, 'gpg' is used in the name to
separate it from library-independent functions.
Signed-off-by: Kerrick Staley
This is identical to the patch I submitted a while ago, except the
docstrings are changed per Dan's request. I just realized that I
referred to pacman in the libalpm source, though, so I'll fix that and
resend.
-Kerrick Staley
On Sun, Jun 12, 2011 at 5:36 AM, Kerrick Staley
'gpgdir' is clearer than 'signaturedir'. Since this directory and the API based on it are specific to GPGME, 'gpg' is used in the name to separate it from library-independent functions.
Signed-off-by: Kerrick Staley
--- lib/libalpm/alpm.h | 8 ++++---- lib/libalpm/handle.c | 18 +++++++++--------- lib/libalpm/handle.h | 2 +- lib/libalpm/signing.c | 4 ++-- src/pacman/conf.c | 2 +- src/pacman/pacman.c | 2 +- 6 files changed, 18 insertions(+), 18 deletions(-) diff --git a/lib/libalpm/alpm.h b/lib/libalpm/alpm.h index 5fdeac2..6a9f25e 100644 --- a/lib/libalpm/alpm.h +++ b/lib/libalpm/alpm.h @@ -197,10 +197,10 @@ int alpm_option_set_logfile(const char *logfile); */ const char *alpm_option_get_lockfile(void);
-/** Returns the signature directory path. */ -const char *alpm_option_get_signaturedir(void); -/** Sets the signature directory path. */ -int alpm_option_set_signaturedir(const char *signaturedir); +/** Returns the path to pacman's GPG home directory. */ +const char *alpm_option_get_gpgdir(void); +/** Sets the path to pacman's GPG home directory. */ +int alpm_option_set_gpgdir(const char *gpgdir);
/** Returns whether to use syslog (0 is FALSE, TRUE otherwise). */ int alpm_option_get_usesyslog(void); diff --git a/lib/libalpm/handle.c b/lib/libalpm/handle.c index 8d33caa..5942911 100644 --- a/lib/libalpm/handle.c +++ b/lib/libalpm/handle.c @@ -82,7 +82,7 @@ void _alpm_handle_free(pmhandle_t *handle) FREE(handle->logfile); FREE(handle->lockfile); FREE(handle->arch); - FREE(handle->signaturedir); + FREE(handle->gpgdir); FREELIST(handle->dbs_sync); FREELIST(handle->noupgrade); FREELIST(handle->noextract); @@ -173,13 +173,13 @@ const char SYMEXPORT *alpm_option_get_lockfile() return handle->lockfile; }
-const char SYMEXPORT *alpm_option_get_signaturedir() +const char SYMEXPORT *alpm_option_get_gpgdir() { if(handle == NULL) { pm_errno = PM_ERR_HANDLE_NULL; return NULL; } - return handle->signaturedir; + return handle->gpgdir; }
int SYMEXPORT alpm_option_get_usesyslog() @@ -468,21 +468,21 @@ int SYMEXPORT alpm_option_set_logfile(const char *logfile) return 0; }
-int SYMEXPORT alpm_option_set_signaturedir(const char *signaturedir) +int SYMEXPORT alpm_option_set_gpgdir(const char *gpgdir) { ALPM_LOG_FUNC;
- if(!signaturedir) { + if(!gpgdir) { pm_errno = PM_ERR_WRONG_ARGS; return -1; }
- if(handle->signaturedir) { - FREE(handle->signaturedir); + if(handle->gpgdir) { + FREE(handle->gpgdir); } - handle->signaturedir = strdup(signaturedir); + handle->gpgdir = strdup(gpgdir);
- _alpm_log(PM_LOG_DEBUG, "option 'signaturedir' = %s\n", handle->signaturedir); + _alpm_log(PM_LOG_DEBUG, "option 'gpgdir' = %s\n", handle->gpgdir); return 0; }
diff --git a/lib/libalpm/handle.h b/lib/libalpm/handle.h index 672cab4..59375fd 100644 --- a/lib/libalpm/handle.h +++ b/lib/libalpm/handle.h @@ -58,7 +58,7 @@ typedef struct _pmhandle_t { char *dbpath; /* Base path to pacman's DBs */ char *logfile; /* Name of the log file */ char *lockfile; /* Name of the lock file */ - char *signaturedir; /* Directory where GnuPG files are stored */ + char *gpgdir; /* Directory where GnuPG files are stored */ alpm_list_t *cachedirs; /* Paths to pacman cache directories */
/* package lists */ diff --git a/lib/libalpm/signing.c b/lib/libalpm/signing.c index a57d86a..0142058 100644 --- a/lib/libalpm/signing.c +++ b/lib/libalpm/signing.c @@ -118,7 +118,7 @@ static int gpgme_init(void) return 0; }
- if(!alpm_option_get_signaturedir()) { + if(!alpm_option_get_gpgdir()) { RET_ERR(PM_ERR_SIG_MISSINGDIR, 1); }
@@ -144,7 +144,7 @@ static int gpgme_init(void)
/* set and check engine information */ err = gpgme_set_engine_info(GPGME_PROTOCOL_OpenPGP, NULL, - alpm_option_get_signaturedir()); + alpm_option_get_gpgdir()); CHECK_ERR(); err = gpgme_get_engine_info(&enginfo); CHECK_ERR(); diff --git a/src/pacman/conf.c b/src/pacman/conf.c index d8f2ac3..ccb1291 100644 --- a/src/pacman/conf.c +++ b/src/pacman/conf.c @@ -466,7 +466,7 @@ static int setlibpaths(void) /* Set GnuPG's home directory. This is not relative to rootdir, even if * rootdir is defined. Reasoning: gpgdir contains configuration data. */ if(config->gpgdir) { - ret = alpm_option_set_signaturedir(config->gpgdir); + ret = alpm_option_set_gpgdir(config->gpgdir); if(ret != 0) { pm_printf(PM_LOG_ERROR, _("problem setting gpgdir '%s' (%s)\n"), config->gpgdir, alpm_strerrorlast()); diff --git a/src/pacman/pacman.c b/src/pacman/pacman.c index 8458c97..810f335 100644 --- a/src/pacman/pacman.c +++ b/src/pacman/pacman.c @@ -813,7 +813,7 @@ int main(int argc, char *argv[]) /* define paths to reasonable defaults */ alpm_option_set_root(ROOTDIR); alpm_option_set_dbpath(DBPATH); - alpm_option_set_signaturedir(GPGDIR); + alpm_option_set_gpgdir(GPGDIR); alpm_option_set_logfile(LOGFILE);
/* Priority of options: -- 1.7.5.2
'gpgdir' is clearer than 'signaturedir'. Since this directory and the
API based on it are specific to GPGME, 'gpg' is used in the name to
separate it from library-independent functions.
Signed-off-by: Kerrick Staley
And, this doesn't compile because I didn't change an instance of
signaturedir that was introduced after this patch was originally
written. Fixing and resending...
-Kerrick Staley
On Sun, Jun 12, 2011 at 5:44 AM, Kerrick Staley
'gpgdir' is clearer than 'signaturedir'. Since this directory and the API based on it are specific to GPGME, 'gpg' is used in the name to separate it from library-independent functions.
Signed-off-by: Kerrick Staley
--- lib/libalpm/alpm.h | 8 ++++---- lib/libalpm/handle.c | 18 +++++++++--------- lib/libalpm/handle.h | 2 +- lib/libalpm/signing.c | 4 ++-- src/pacman/conf.c | 6 +++--- src/pacman/pacman.c | 2 +- 6 files changed, 20 insertions(+), 20 deletions(-) diff --git a/lib/libalpm/alpm.h b/lib/libalpm/alpm.h index 5fdeac2..f4ba9eb 100644 --- a/lib/libalpm/alpm.h +++ b/lib/libalpm/alpm.h @@ -197,10 +197,10 @@ int alpm_option_set_logfile(const char *logfile); */ const char *alpm_option_get_lockfile(void);
-/** Returns the signature directory path. */ -const char *alpm_option_get_signaturedir(void); -/** Sets the signature directory path. */ -int alpm_option_set_signaturedir(const char *signaturedir); +/** Returns the path to libalpm's GnuPG home directory. */ +const char *alpm_option_get_gpgdir(void); +/** Sets the path to libalpm's GnuPG home directory. */ +int alpm_option_set_gpgdir(const char *gpgdir);
/** Returns whether to use syslog (0 is FALSE, TRUE otherwise). */ int alpm_option_get_usesyslog(void); diff --git a/lib/libalpm/handle.c b/lib/libalpm/handle.c index 8d33caa..5942911 100644 --- a/lib/libalpm/handle.c +++ b/lib/libalpm/handle.c @@ -82,7 +82,7 @@ void _alpm_handle_free(pmhandle_t *handle) FREE(handle->logfile); FREE(handle->lockfile); FREE(handle->arch); - FREE(handle->signaturedir); + FREE(handle->gpgdir); FREELIST(handle->dbs_sync); FREELIST(handle->noupgrade); FREELIST(handle->noextract); @@ -173,13 +173,13 @@ const char SYMEXPORT *alpm_option_get_lockfile() return handle->lockfile; }
-const char SYMEXPORT *alpm_option_get_signaturedir() +const char SYMEXPORT *alpm_option_get_gpgdir() { if(handle == NULL) { pm_errno = PM_ERR_HANDLE_NULL; return NULL; } - return handle->signaturedir; + return handle->gpgdir; }
int SYMEXPORT alpm_option_get_usesyslog() @@ -468,21 +468,21 @@ int SYMEXPORT alpm_option_set_logfile(const char *logfile) return 0; }
-int SYMEXPORT alpm_option_set_signaturedir(const char *signaturedir) +int SYMEXPORT alpm_option_set_gpgdir(const char *gpgdir) { ALPM_LOG_FUNC;
- if(!signaturedir) { + if(!gpgdir) { pm_errno = PM_ERR_WRONG_ARGS; return -1; }
- if(handle->signaturedir) { - FREE(handle->signaturedir); + if(handle->gpgdir) { + FREE(handle->gpgdir); } - handle->signaturedir = strdup(signaturedir); + handle->gpgdir = strdup(gpgdir);
- _alpm_log(PM_LOG_DEBUG, "option 'signaturedir' = %s\n", handle->signaturedir); + _alpm_log(PM_LOG_DEBUG, "option 'gpgdir' = %s\n", handle->gpgdir); return 0; }
diff --git a/lib/libalpm/handle.h b/lib/libalpm/handle.h index 672cab4..59375fd 100644 --- a/lib/libalpm/handle.h +++ b/lib/libalpm/handle.h @@ -58,7 +58,7 @@ typedef struct _pmhandle_t { char *dbpath; /* Base path to pacman's DBs */ char *logfile; /* Name of the log file */ char *lockfile; /* Name of the lock file */ - char *signaturedir; /* Directory where GnuPG files are stored */ + char *gpgdir; /* Directory where GnuPG files are stored */ alpm_list_t *cachedirs; /* Paths to pacman cache directories */
/* package lists */ diff --git a/lib/libalpm/signing.c b/lib/libalpm/signing.c index a57d86a..0142058 100644 --- a/lib/libalpm/signing.c +++ b/lib/libalpm/signing.c @@ -118,7 +118,7 @@ static int gpgme_init(void) return 0; }
- if(!alpm_option_get_signaturedir()) { + if(!alpm_option_get_gpgdir()) { RET_ERR(PM_ERR_SIG_MISSINGDIR, 1); }
@@ -144,7 +144,7 @@ static int gpgme_init(void)
/* set and check engine information */ err = gpgme_set_engine_info(GPGME_PROTOCOL_OpenPGP, NULL, - alpm_option_get_signaturedir()); + alpm_option_get_gpgdir()); CHECK_ERR(); err = gpgme_get_engine_info(&enginfo); CHECK_ERR(); diff --git a/src/pacman/conf.c b/src/pacman/conf.c index d8f2ac3..fd8d833 100644 --- a/src/pacman/conf.c +++ b/src/pacman/conf.c @@ -463,10 +463,10 @@ static int setlibpaths(void) } }
- /* Set GnuPG's home directory. This is not relative to rootdir, even if - * rootdir is defined. Reasoning: gpgdir contains configuration data. */ + /* Set pacman's GnuPG home directory. This is not relative to rootdir, even + * if rootdir is defined. Reasoning: gpgdir contains configuration data. */ if(config->gpgdir) { - ret = alpm_option_set_signaturedir(config->gpgdir); + ret = alpm_option_set_gpgdir(config->gpgdir); if(ret != 0) { pm_printf(PM_LOG_ERROR, _("problem setting gpgdir '%s' (%s)\n"), config->gpgdir, alpm_strerrorlast()); diff --git a/src/pacman/pacman.c b/src/pacman/pacman.c index 8458c97..810f335 100644 --- a/src/pacman/pacman.c +++ b/src/pacman/pacman.c @@ -813,7 +813,7 @@ int main(int argc, char *argv[]) /* define paths to reasonable defaults */ alpm_option_set_root(ROOTDIR); alpm_option_set_dbpath(DBPATH); - alpm_option_set_signaturedir(GPGDIR); + alpm_option_set_gpgdir(GPGDIR); alpm_option_set_logfile(LOGFILE);
/* Priority of options: -- 1.7.5.2
'gpgdir' is clearer than 'signaturedir'. Since this directory and the
API based on it are specific to GPGME, 'gpg' is used in the name to
separate it from library-independent functions.
Signed-off-by: Kerrick Staley
On Sun, Jun 12, 2011 at 6:12 AM, Kerrick Staley
'gpgdir' is clearer than 'signaturedir'. Since this directory and the API based on it are specific to GPGME, 'gpg' is used in the name to separate it from library-independent functions.
Thanks- I took this but reconstituted the patch for current master by doing a sed and then updating the comments as you did. -Dan
Signed-off-by: Kerrick Staley
--- lib/libalpm/alpm.h | 8 ++++---- lib/libalpm/handle.c | 18 +++++++++--------- lib/libalpm/handle.h | 2 +- lib/libalpm/signing.c | 4 ++-- src/pacman/conf.c | 6 +++--- src/pacman/pacman.c | 4 ++-- 6 files changed, 21 insertions(+), 21 deletions(-) diff --git a/lib/libalpm/alpm.h b/lib/libalpm/alpm.h index 5fdeac2..f4ba9eb 100644 --- a/lib/libalpm/alpm.h +++ b/lib/libalpm/alpm.h @@ -197,10 +197,10 @@ int alpm_option_set_logfile(const char *logfile); */ const char *alpm_option_get_lockfile(void);
-/** Returns the signature directory path. */ -const char *alpm_option_get_signaturedir(void); -/** Sets the signature directory path. */ -int alpm_option_set_signaturedir(const char *signaturedir); +/** Returns the path to libalpm's GnuPG home directory. */ +const char *alpm_option_get_gpgdir(void); +/** Sets the path to libalpm's GnuPG home directory. */ +int alpm_option_set_gpgdir(const char *gpgdir);
/** Returns whether to use syslog (0 is FALSE, TRUE otherwise). */ int alpm_option_get_usesyslog(void); diff --git a/lib/libalpm/handle.c b/lib/libalpm/handle.c index 8d33caa..5942911 100644 --- a/lib/libalpm/handle.c +++ b/lib/libalpm/handle.c @@ -82,7 +82,7 @@ void _alpm_handle_free(pmhandle_t *handle) FREE(handle->logfile); FREE(handle->lockfile); FREE(handle->arch); - FREE(handle->signaturedir); + FREE(handle->gpgdir); FREELIST(handle->dbs_sync); FREELIST(handle->noupgrade); FREELIST(handle->noextract); @@ -173,13 +173,13 @@ const char SYMEXPORT *alpm_option_get_lockfile() return handle->lockfile; }
-const char SYMEXPORT *alpm_option_get_signaturedir() +const char SYMEXPORT *alpm_option_get_gpgdir() { if(handle == NULL) { pm_errno = PM_ERR_HANDLE_NULL; return NULL; } - return handle->signaturedir; + return handle->gpgdir; }
int SYMEXPORT alpm_option_get_usesyslog() @@ -468,21 +468,21 @@ int SYMEXPORT alpm_option_set_logfile(const char *logfile) return 0; }
-int SYMEXPORT alpm_option_set_signaturedir(const char *signaturedir) +int SYMEXPORT alpm_option_set_gpgdir(const char *gpgdir) { ALPM_LOG_FUNC;
- if(!signaturedir) { + if(!gpgdir) { pm_errno = PM_ERR_WRONG_ARGS; return -1; }
- if(handle->signaturedir) { - FREE(handle->signaturedir); + if(handle->gpgdir) { + FREE(handle->gpgdir); } - handle->signaturedir = strdup(signaturedir); + handle->gpgdir = strdup(gpgdir);
- _alpm_log(PM_LOG_DEBUG, "option 'signaturedir' = %s\n", handle->signaturedir); + _alpm_log(PM_LOG_DEBUG, "option 'gpgdir' = %s\n", handle->gpgdir); return 0; }
diff --git a/lib/libalpm/handle.h b/lib/libalpm/handle.h index 672cab4..59375fd 100644 --- a/lib/libalpm/handle.h +++ b/lib/libalpm/handle.h @@ -58,7 +58,7 @@ typedef struct _pmhandle_t { char *dbpath; /* Base path to pacman's DBs */ char *logfile; /* Name of the log file */ char *lockfile; /* Name of the lock file */ - char *signaturedir; /* Directory where GnuPG files are stored */ + char *gpgdir; /* Directory where GnuPG files are stored */ alpm_list_t *cachedirs; /* Paths to pacman cache directories */
/* package lists */ diff --git a/lib/libalpm/signing.c b/lib/libalpm/signing.c index a57d86a..0142058 100644 --- a/lib/libalpm/signing.c +++ b/lib/libalpm/signing.c @@ -118,7 +118,7 @@ static int gpgme_init(void) return 0; }
- if(!alpm_option_get_signaturedir()) { + if(!alpm_option_get_gpgdir()) { RET_ERR(PM_ERR_SIG_MISSINGDIR, 1); }
@@ -144,7 +144,7 @@ static int gpgme_init(void)
/* set and check engine information */ err = gpgme_set_engine_info(GPGME_PROTOCOL_OpenPGP, NULL, - alpm_option_get_signaturedir()); + alpm_option_get_gpgdir()); CHECK_ERR(); err = gpgme_get_engine_info(&enginfo); CHECK_ERR(); diff --git a/src/pacman/conf.c b/src/pacman/conf.c index d8f2ac3..fd8d833 100644 --- a/src/pacman/conf.c +++ b/src/pacman/conf.c @@ -463,10 +463,10 @@ static int setlibpaths(void) } }
- /* Set GnuPG's home directory. This is not relative to rootdir, even if - * rootdir is defined. Reasoning: gpgdir contains configuration data. */ + /* Set pacman's GnuPG home directory. This is not relative to rootdir, even + * if rootdir is defined. Reasoning: gpgdir contains configuration data. */ if(config->gpgdir) { - ret = alpm_option_set_signaturedir(config->gpgdir); + ret = alpm_option_set_gpgdir(config->gpgdir); if(ret != 0) { pm_printf(PM_LOG_ERROR, _("problem setting gpgdir '%s' (%s)\n"), config->gpgdir, alpm_strerrorlast()); diff --git a/src/pacman/pacman.c b/src/pacman/pacman.c index 8458c97..9dd27b5 100644 --- a/src/pacman/pacman.c +++ b/src/pacman/pacman.c @@ -813,7 +813,7 @@ int main(int argc, char *argv[]) /* define paths to reasonable defaults */ alpm_option_set_root(ROOTDIR); alpm_option_set_dbpath(DBPATH); - alpm_option_set_signaturedir(GPGDIR); + alpm_option_set_gpgdir(GPGDIR); alpm_option_set_logfile(LOGFILE);
/* Priority of options: @@ -913,7 +913,7 @@ int main(int argc, char *argv[]) printf("\n"); printf("Lock File : %s\n", alpm_option_get_lockfile()); printf("Log File : %s\n", alpm_option_get_logfile()); - printf("GPG Dir : %s\n", alpm_option_get_signaturedir()); + printf("GPG Dir : %s\n", alpm_option_get_gpgdir()); list_display("Targets :", pm_targets); }
-- 1.7.5.2
OK, thanks. -Kerrick Staley
--- scripts/makepkg.sh.in | 6 +++--- scripts/repo-add.sh.in | 23 ++++++++++++++++++++--- 2 files changed, 23 insertions(+), 6 deletions(-) diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in index b0d0c23..95f541f 100644 --- a/scripts/makepkg.sh.in +++ b/scripts/makepkg.sh.in @@ -1625,7 +1625,7 @@ usage() { printf "$(gettext " --nocheck Do not run the check() function in the %s")\n" "$BUILDSCRIPT" echo "$(gettext " --nosign Do not create a signature for the package")" echo "$(gettext " --pkg <list> Only build listed packages from a split package")" - echo "$(gettext " --sign Sign the resulting package with gpg")" + echo "$(gettext " -S, --sign Sign the resulting package with gpg")" echo "$(gettext " --skipinteg Do not fail when integrity checks are missing")" echo "$(gettext " --source Generate a source-only tarball without downloaded sources")" echo @@ -1659,7 +1659,7 @@ fi ARGLIST=("$@") # Parse Command Line Options. -OPT_SHORT="AcCdefFghiLmop:rRsV" +OPT_SHORT="AcCdefFghiLmop:rRsSV" OPT_LONG="allsource,asroot,ignorearch,check,clean,cleancache,nodeps" OPT_LONG+=",noextract,force,forcever:,geninteg,help,holdver" OPT_LONG+=",install,key:,log,nocolor,nobuild,nocheck,nosign,pkg:,rmdeps" @@ -1708,7 +1708,7 @@ while true; do -r|--rmdeps) RMDEPS=1 ;; -R|--repackage) REPKG=1 ;; --skipinteg) SKIPINTEG=1 ;; - --sign) SIGNPKG='y' ;; + -S|--sign) SIGNPKG='y' ;; --source) SOURCEONLY=1 ;; -s|--syncdeps) DEP_BIN=1 ;; diff --git a/scripts/repo-add.sh.in b/scripts/repo-add.sh.in index 820db36..f00b519 100644 --- a/scripts/repo-add.sh.in +++ b/scripts/repo-add.sh.in @@ -26,6 +26,8 @@ export TEXTDOMAINDIR='@localedir@' myver='@PACKAGE_VERSION@' confdir='@sysconfdir@' +GPGDIR='@sysconfdir@/pacman.d/gnupg' + QUIET=0 DELTA=0 WITHFILES=0 @@ -80,8 +82,9 @@ specified on the command line from the given repo database. Multiple\n\ packages to remove can be specified on the command line.\n\n")" printf "$(gettext "Options:\n")" fi + printf "$(gettext " --gpgdir <dir> use the specified GnuPG home directory\n")" printf "$(gettext " -q, --quiet minimize output\n")" - printf "$(gettext " -s, --sign sign database with GnuPG after update\n")" + printf "$(gettext " -S, --sign sign database with GnuPG after update\n")" printf "$(gettext " -k, --key <key> use the specified key to sign the database\n")" printf "$(gettext " -v, --verify verify database's signature before update\n")" printf "$(gettext "\n\ @@ -231,7 +234,12 @@ verify_signature() { warning "$(gettext "No existing signature found, skipping verification.")" return fi - gpg --verify "$dbfile.sig" || ret=$? + # unlike signing, verification of old database is done with pacman's keyring + if ! gpg --homedir "$GPGDIR" --list-keys &>/dev/null; then + error "$(gettext "${GPGDIR} is not a properly initialized GnuPG home directory.")" + exit 1 + fi + gpg --homedir "$GPGDIR" --verify "$dbfile.sig" || ret=$? if (( ! ret )); then msg2 "$(gettext "Database signature file verified.")" else @@ -552,7 +560,16 @@ while [[ $# > 0 ]]; do -q|--quiet) QUIET=1;; -d|--delta) DELTA=1;; -f|--files) WITHFILES=1;; - -s|--sign) + --gpgdir) + check_gpg + shift + GPGDIR="$1" + if ! gpg --homedir "$GPGDIR" --list-keys &>/dev/null; then + error "$(gettext "${GPGDIR} is not a properly initialized GnuPG home directory.")" + exit 1 + fi + ;; + -S|--sign) check_gpg SIGN=1 if ! gpg --list-key ${GPGKEY} &>/dev/null; then -- 1.7.5.2
^^^ You deleted the blank line between the patch subject and the
summary text, which makes it do what it did. You'll want to put that
back.
On Wed, Jun 1, 2011 at 3:03 PM, Kerrick Staley
--- scripts/makepkg.sh.in | 6 +++--- scripts/repo-add.sh.in | 23 ++++++++++++++++++++--- 2 files changed, 23 insertions(+), 6 deletions(-)
diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in index b0d0c23..95f541f 100644 --- a/scripts/makepkg.sh.in +++ b/scripts/makepkg.sh.in @@ -1625,7 +1625,7 @@ usage() { printf "$(gettext " --nocheck Do not run the check() function in the %s")\n" "$BUILDSCRIPT" echo "$(gettext " --nosign Do not create a signature for the package")" echo "$(gettext " --pkg <list> Only build listed packages from a split package")" - echo "$(gettext " --sign Sign the resulting package with gpg")" + echo "$(gettext " -S, --sign Sign the resulting package with gpg")" echo "$(gettext " --skipinteg Do not fail when integrity checks are missing")" echo "$(gettext " --source Generate a source-only tarball without downloaded sources")" echo @@ -1659,7 +1659,7 @@ fi ARGLIST=("$@")
# Parse Command Line Options. -OPT_SHORT="AcCdefFghiLmop:rRsV" +OPT_SHORT="AcCdefFghiLmop:rRsSV" OPT_LONG="allsource,asroot,ignorearch,check,clean,cleancache,nodeps" OPT_LONG+=",noextract,force,forcever:,geninteg,help,holdver" OPT_LONG+=",install,key:,log,nocolor,nobuild,nocheck,nosign,pkg:,rmdeps" @@ -1708,7 +1708,7 @@ while true; do -r|--rmdeps) RMDEPS=1 ;; -R|--repackage) REPKG=1 ;; --skipinteg) SKIPINTEG=1 ;; - --sign) SIGNPKG='y' ;; + -S|--sign) SIGNPKG='y' ;; --source) SOURCEONLY=1 ;; -s|--syncdeps) DEP_BIN=1 ;;
diff --git a/scripts/repo-add.sh.in b/scripts/repo-add.sh.in index 820db36..f00b519 100644 --- a/scripts/repo-add.sh.in +++ b/scripts/repo-add.sh.in @@ -26,6 +26,8 @@ export TEXTDOMAINDIR='@localedir@' myver='@PACKAGE_VERSION@' confdir='@sysconfdir@'
+GPGDIR='@sysconfdir@/pacman.d/gnupg' + QUIET=0 DELTA=0 WITHFILES=0 @@ -80,8 +82,9 @@ specified on the command line from the given repo database. Multiple\n\ packages to remove can be specified on the command line.\n\n")" printf "$(gettext "Options:\n")" fi + printf "$(gettext " --gpgdir <dir> use the specified GnuPG home directory\n")" printf "$(gettext " -q, --quiet minimize output\n")" - printf "$(gettext " -s, --sign sign database with GnuPG after update\n")" + printf "$(gettext " -S, --sign sign database with GnuPG after update\n")" printf "$(gettext " -k, --key <key> use the specified key to sign the database\n")" printf "$(gettext " -v, --verify verify database's signature before update\n")" printf "$(gettext "\n\ @@ -231,7 +234,12 @@ verify_signature() { warning "$(gettext "No existing signature found, skipping verification.")" return fi - gpg --verify "$dbfile.sig" || ret=$? + # unlike signing, verification of old database is done with pacman's keyring + if ! gpg --homedir "$GPGDIR" --list-keys &>/dev/null; then + error "$(gettext "${GPGDIR} is not a properly initialized GnuPG home directory.")" + exit 1 + fi + gpg --homedir "$GPGDIR" --verify "$dbfile.sig" || ret=$? if (( ! ret )); then msg2 "$(gettext "Database signature file verified.")" else @@ -552,7 +560,16 @@ while [[ $# > 0 ]]; do -q|--quiet) QUIET=1;; -d|--delta) DELTA=1;; -f|--files) WITHFILES=1;; - -s|--sign) + --gpgdir) + check_gpg + shift + GPGDIR="$1" + if ! gpg --homedir "$GPGDIR" --list-keys &>/dev/null; then + error "$(gettext "${GPGDIR} is not a properly initialized GnuPG home directory.")" + exit 1 + fi + ;; + -S|--sign) check_gpg SIGN=1 if ! gpg --list-key ${GPGKEY} &>/dev/null; then -- 1.7.5.2
On 02/06/11 06:21, Dan McGee wrote:
^^^ You deleted the blank line between the patch subject and the summary text, which makes it do what it did. You'll want to put that back.
On Wed, Jun 1, 2011 at 3:03 PM, Kerrick Staley
wrote: I'm not against either of these two things, but it probably should be two patches. The first should add -S to both repo-add and makepkg (and update the documentation appropriately).
Just as an FYI, I originally went for having no short options to sign a package with makepkg because I thought actually using --sign would be a rare case given the control of this in makepkg.conf. However, I'm also not against adding one and making it consistent with repo-add... Allan
^^^ You deleted the blank line between the patch subject and the
summary text, which makes it do what it did. You'll want to put that
back.
On Wed, Jun 1, 2011 at 3:03 PM, Kerrick Staley
On Wed, Jun 1, 2011 at 3:46 PM, Dan McGee
^^^ You deleted the blank line between the patch subject and the summary text, which makes it do what it did. You'll want to put that back.
On Wed, Jun 1, 2011 at 3:03 PM, Kerrick Staley
wrote: So I don't find VerifySig any more appitizing, other than matching the option name we came up with. I was leaning in my head when I wrote up this TODO toward something like GPGLevel, SigLevel, etc. I also think we may need to be a bit more granular than our current Always/Optional/Never trifecta. We have a multitude of possibilities when checking a signature:
* Valid signature, fully trusted (or ultimate, (GPGME_VALIDITY_{ULTIMATE, FULL}).
* Valid signature, unknown trust/unknown key (GPGME_VALIDITY_UNKNOWN, GPGME_SIGSUM_KEY_MISSING). * Valid signature, trust somewhere in between (marginal, GPGME_VALIDITY_MARGINAL).
* Valid signature, user is never valid (GPGME_VALIDITY_NEVER) * Valid signature, signature is however expired (GPGME_SIGSUM_SIG_EXPIRED) * Valid signature, key is however expired (GPGME_SIGSUM_KEY_EXPIRED) * Bad signature, trust level is irrelevant (GPGME_VALIDITY_RED)
Thoughts from anyone else on the naming, as well as what to do as far as expanded options? I've divided it above into roughly 3 categories, of which the top would always be acceptable, the bottom would never, and the middle could be a switchable option. I'm envisioning something like:
SigLevel = Always AllowUnknown
[core] SigLevel = Always
[otherrepo] SigLevel = Optional AllowUnknown
I should also add that the ability to have a signed database without signed packages could be done this same way; e.g. "SigLevel = NoPackages" or something (maybe even a corresponding "NoDatabase").
On 02/06/11 06:50, Dan McGee wrote:
On Wed, Jun 1, 2011 at 3:46 PM, Dan McGee
wrote: ^^^ You deleted the blank line between the patch subject and the summary text, which makes it do what it did. You'll want to put that back.
On Wed, Jun 1, 2011 at 3:03 PM, Kerrick Staley
wrote: So I don't find VerifySig any more appitizing, other than matching the option name we came up with. I was leaning in my head when I wrote up this TODO toward something like GPGLevel, SigLevel, etc. I also think we may need to be a bit more granular than our current Always/Optional/Never trifecta. We have a multitude of possibilities when checking a signature:
* Valid signature, fully trusted (or ultimate, (GPGME_VALIDITY_{ULTIMATE, FULL}).
* Valid signature, unknown trust/unknown key (GPGME_VALIDITY_UNKNOWN, GPGME_SIGSUM_KEY_MISSING). * Valid signature, trust somewhere in between (marginal, GPGME_VALIDITY_MARGINAL).
* Valid signature, user is never valid (GPGME_VALIDITY_NEVER) * Valid signature, signature is however expired (GPGME_SIGSUM_SIG_EXPIRED) * Valid signature, key is however expired (GPGME_SIGSUM_KEY_EXPIRED) * Bad signature, trust level is irrelevant (GPGME_VALIDITY_RED)
Thoughts from anyone else on the naming, as well as what to do as far as expanded options? I've divided it above into roughly 3 categories, of which the top would always be acceptable, the bottom would never, and the middle could be a switchable option. I'm envisioning something like:
SigLevel = Always AllowUnknown
[core] SigLevel = Always
[otherrepo] SigLevel = Optional AllowUnknown
I should also add that the ability to have a signed database without signed packages could be done this same way; e.g. "SigLevel = NoPackages" or something (maybe even a corresponding "NoDatabase").
That sort of naming scheme sounds fine to me. How about CheckLevel rather than SigLevel as it is the level of the checking that is being done once you add options like "NoPackages"? Anyway, we can bikeshed the name later! But this might actually be a case where setting up a wiki page to hash out the configuration format and options could be useful. At least I think it would be helpful to have this written down somewhere so I can get it all straight in my head and it could be used as the basis of the man page later. Allan
On Sat, Jun 4, 2011 at 9:30 AM, Allan McRae
On 02/06/11 06:50, Dan McGee wrote:
On Wed, Jun 1, 2011 at 3:46 PM, Dan McGee
wrote: ^^^ You deleted the blank line between the patch subject and the summary text, which makes it do what it did. You'll want to put that back.
On Wed, Jun 1, 2011 at 3:03 PM, Kerrick Staley
wrote: So I don't find VerifySig any more appitizing, other than matching the option name we came up with. I was leaning in my head when I wrote up this TODO toward something like GPGLevel, SigLevel, etc. I also think we may need to be a bit more granular than our current Always/Optional/Never trifecta. We have a multitude of possibilities when checking a signature:
* Valid signature, fully trusted (or ultimate, (GPGME_VALIDITY_{ULTIMATE, FULL}).
* Valid signature, unknown trust/unknown key (GPGME_VALIDITY_UNKNOWN, GPGME_SIGSUM_KEY_MISSING). * Valid signature, trust somewhere in between (marginal, GPGME_VALIDITY_MARGINAL).
* Valid signature, user is never valid (GPGME_VALIDITY_NEVER) * Valid signature, signature is however expired (GPGME_SIGSUM_SIG_EXPIRED) * Valid signature, key is however expired (GPGME_SIGSUM_KEY_EXPIRED) * Bad signature, trust level is irrelevant (GPGME_VALIDITY_RED)
Thoughts from anyone else on the naming, as well as what to do as far as expanded options? I've divided it above into roughly 3 categories, of which the top would always be acceptable, the bottom would never, and the middle could be a switchable option. I'm envisioning something like:
SigLevel = Always AllowUnknown
[core] SigLevel = Always
[otherrepo] SigLevel = Optional AllowUnknown
I should also add that the ability to have a signed database without signed packages could be done this same way; e.g. "SigLevel = NoPackages" or something (maybe even a corresponding "NoDatabase").
That sort of naming scheme sounds fine to me.
How about CheckLevel rather than SigLevel as it is the level of the checking that is being done once you add options like "NoPackages"? Sounds good to me.
Anyway, we can bikeshed the name later! But this might actually be a case where setting up a wiki page to hash out the configuration format and options could be useful. At least I think it would be helpful to have this written down somewhere so I can get it all straight in my head and it could be used as the basis of the man page later. Agreed. Although as far as setting up a wiki page we should probably first winnow down the multiple ones into one master page so it is a bit more clear where we are and where we are going as a team (and not thoughts from two years ago). I'll see if I can tackle this task in the next day or two as my current round of patches bake a bit on the ML.
-Dan
This is the updated version of the patch that fixes all older symbols. There are several small changes that I didn't think merited seperate commits: * I added a few comments about what certain files and functions did * I added code to initialize the db->siglevel member, since it isn't initialized elsewhere as far as I can tell * I changed one instance of return(0); to return 0; I think SigLevel is more appropriate than CheckLevel because the latter doesn't make any reference to signatures and so is ambiguous: the level of checking of what?
Symbols related to signature verification were changed to SigLevel and
similar names, instead of the various names used previously. Also, I
added some documentation in areas that confused me, and added code to
explictly initialize the siglevel member of the db structure.
Signed-off-by: Kerrick Staley
On 2011/6/12 Kerrick Staley
Symbols related to signature verification were changed to SigLevel and similar names, instead of the various names used previously. Also, I added some documentation in areas that confused me, and added code to explictly initialize the siglevel member of the db structure.
Signed-off-by: Kerrick Staley
Hello, Please try to not send patches that say "and other small fixes": I'd personnally, better see three patches even if they only change a line or seem stupid. * add some documentation * explictly initialize the siglevel member of the db structure * rename symbols to *siglevel* Regards, -- Rémy.
Per rule 5 in the "Pacman - Contributing" document, return should not be
written as a function call.
Signed-off-by: Kerrick Staley
Signed-off-by: Kerrick Staley
Hmm- I think we have different versions of helpful. If a function gets
half documented and only one parameter gets called out, it isn't so
useful to me or others as now we have to wonder just how stale that
documentation is. It also isn't even proper Doxygen syntax (you need
to use /**, not /*).
I will apply something like this, but please use a full template and
fill it all out:
/** Summary goes here.
* Followed by more description.
* @param url
* @param localpath
* @param force
* @param allow_resume
* @param errors_ok
* @return
*/
On Sun, Jun 12, 2011 at 5:20 AM, Kerrick Staley
Signed-off-by: Kerrick Staley
--- lib/libalpm/be_sync.c | 2 +- lib/libalpm/dload.c | 3 +++ 2 files changed, 4 insertions(+), 1 deletions(-) diff --git a/lib/libalpm/be_sync.c b/lib/libalpm/be_sync.c index 9d85a45..758e5f9 100644 --- a/lib/libalpm/be_sync.c +++ b/lib/libalpm/be_sync.c @@ -1,5 +1,5 @@ /* - * be_sync.c + * be_sync.c : backend for sync databases * * Copyright (c) 2006-2011 Pacman Development Team
* Copyright (c) 2002-2006 by Judd Vinet diff --git a/lib/libalpm/dload.c b/lib/libalpm/dload.c index 1825eed..6d9b007 100644 --- a/lib/libalpm/dload.c +++ b/lib/libalpm/dload.c @@ -310,6 +310,9 @@ cleanup: } #endif +/* download file; do not destroy existing destination file upon download failure + * @param force force the file to be downloaded again, even if destination file is up-to-date + */ int _alpm_download(const char *url, const char *localpath, int force, int allow_resume, int errors_ok) { -- 1.7.5.2
OK, understood, sorry. Will resend the patch.
-Kerrick Staley
On Mon, Jun 13, 2011 at 5:26 PM, Dan McGee
Hmm- I think we have different versions of helpful. If a function gets half documented and only one parameter gets called out, it isn't so useful to me or others as now we have to wonder just how stale that documentation is. It also isn't even proper Doxygen syntax (you need to use /**, not /*).
I will apply something like this, but please use a full template and fill it all out:
/** Summary goes here. * Followed by more description. * @param url * @param localpath * @param force * @param allow_resume * @param errors_ok * @return */
Signed-off-by: Kerrick Staley
--- lib/libalpm/be_sync.c | 2 +- lib/libalpm/dload.c | 3 +++ 2 files changed, 4 insertions(+), 1 deletions(-) diff --git a/lib/libalpm/be_sync.c b/lib/libalpm/be_sync.c index 9d85a45..758e5f9 100644 --- a/lib/libalpm/be_sync.c +++ b/lib/libalpm/be_sync.c @@ -1,5 +1,5 @@ /* - * be_sync.c + * be_sync.c : backend for sync databases * * Copyright (c) 2006-2011 Pacman Development Team <
On Sun, Jun 12, 2011 at 5:20 AM, Kerrick Staley
wrote: pacman-dev@archlinux.org> * Copyright (c) 2002-2006 by Judd Vinet
diff --git a/lib/libalpm/dload.c b/lib/libalpm/dload.c index 1825eed..6d9b007 100644 --- a/lib/libalpm/dload.c +++ b/lib/libalpm/dload.c @@ -310,6 +310,9 @@ cleanup: } #endif +/* download file; do not destroy existing destination file upon download failure + * @param force force the file to be downloaded again, even if destination file is up-to-date + */ int _alpm_download(const char *url, const char *localpath, int force, int allow_resume, int errors_ok) { -- 1.7.5.2
Documented the _alpm_download() function in dload.c
Signed-off-by: Kerrick Staley
Added a line to the top of each of be_local.c, be_package.c, and
be_sync.c indicating their purposes.
Signed-off-by: Kerrick Staley
The varied naming scheme that was previously used for signature
verification levels was unified. All relevant symbols are now named
SigLevel or something similar.
Signed-off-by: Kerrick Staley
The siglevel field of a newly created pmdb_t struct is now
initialized when it is created in _alpm_db_new().
Signed-off-by: Kerrick Staley
A few of these snuck in as of late, some from the table display patches
that were using the previous format before we changed it after the 3.5.X
major release.
Noticed-by: Kerrick Staley
I inadvertently broke my email account when I configured git-send-mail, and I only just realized it. Everything I've sent to the list since then didn't go through, so I'm resending this message, originally sent June 5 (I edited/updated it). Whatever we call the variable doesn't really matter; I like SigLevel. I'm working on a patch that will implement the below behavior. It's just taking a while because it's somewhat complicated. ======== Config: # Action to take (warn or abort) when packages and databases are unsigned but were previously signed SigPreviouslySigned = warn # Action to take (accept, warn, or abort) when neither the package nor the database have a signature SigNoSignature = warn # Action to take (accept, warn, or abort) when a package is signed but the database is unsigned # SigDatabaseUnsigned = accept # Action to take (accept, warn, or abort) when a package is unsigned but has a SHA256 hash in a signed database # SigHashed = accept ======== A) When handling a given situation, there are three actions that can be taken: 1. The situation is accepted silently. 2. The situation is accepted with a warning. 3. Installation/update is aborted, unless an override flag is passed, in which case a warning will be given. B) For a database, consider whether it should have a signature: 1. If SigDatabaseUnsigned = abort, but the .sig file cannot be downloaded, then keep checking servers until a .sig can be gotten, and give a warning each time a .sig download returns a 404. 2. If not (1) but, based on the various config settings, having an unsigned database would result in more warnings or aborts than a signed one, then check servers for a .sig until you get a .sig or you get 3 404's; if you get 3 404's, rescan through the list from the beginning, not checking for .sig's this time. Again, give a warning whenever a 404 happens. 3. If not (1)/(2), don't check for .sig's. C) For a package, consider whether it should have a signature: 1. If the package was previously signed but now isn't, act based on SigPreviouslySigned. 2. For local packages, if the package indicates it should have a signature (mechanism to be implemented) but it doesn't, abort. D) Outcomes for package/database signature validity ("signed" means GPGME_SIGSUM_VALID w/ GPGME_VALIDITY_{FULL,ULTIMATE}; "unsigned" means GPGME_SIGSUM_KEY_MISSING or no signature present, "bad" means anything else): 1. The package or database or both have bad signatures. Abort (could happen during database unpacking; the rest only happen on package check). 2. The package and database are signed. Accept. 3. The package is unsigned but the database is signed and the database uses SHA256. Act based on SigHashed. 4. The package is signed but the database is unsigned. Act based on SigDatabaseUnsigned. 5. The package is unsigned and the database is unsigned. Act based on SigNoSignature. ======== Notes: I invented the config names more or less randomly; if you have strong objections, we'll change them, otherwise let's go with these. I won't implement the SigPreviouslySigned functionality in the initial patch, because it can be cleanly separated from the rest, and I'm unsure if it's desirable. I've made pmsiglevel_t into a struct with 4 enum members; I'm currently passing it around by value (not with pointers); please give me a heads-up if you don't think I should do it this way. No marginal signatures should come up, because I don't think we should use such signatures during the interim when not all developers have fully validated keys; a developer's key can just be excluded from pacman-keyring until it is fully validated. A more sophisticated scheme that makes accommodations for marginally trusted signatures in external repositories (and probably also on PKGBUILDS for makepkg) would probably not be useful [1]. Regardless, I'd prefer we finalize/ship this feature in the future (while possibly adding basic support for it in the git now). Expiring signatures/keys and are not really necessary and will just complicate things. -Kerrick Staley [1] A distinction should be made between key validity and trust of the UID. In most contexts, it is assumed that you fully trust the person identified by the UID: if you know someone's name and email address, then you can exact some sort of revenge on them (or at least publicly scorn them) if they do you harm. However, in this case, you may not want to trust a random person maintaining a small Arch repository halfway across the globe with the same access to your system that the Arch developers have, even if you do know their name and email. GnuPG has no mechanism for implementing this sort of distinction; GnuPG only tracks how likely it is that the key-UID relationship hasn't been falsified. GnuPG simply displays the UID when verifying a signature, and the user can then make a judgement based off the UID, but pacman will not display the UID by default, and it is cumbersome to check the UID for each upgrade. A mechanism built into pacman for UID trust would be nice, but it seems like it would be complicated to implement "properly". Managing marginally-trusted keys is not really needed in pacman, because users can just manage the key in their personal keyring during the brief period when it's not fully trusted, manually checking and upgrading packages if necessary (using --gpgdir "$GNUPGHOME"), and then import it into pacman's keyring once it's trusted. So, for now, we should assume keys in the keyring are trusted and their UID's identify a trusted person. We can implement something more complicated in the future if we want; I might take a stab at this after basic signing's up and running. Until such time, users should only import a key into pacman's keyring if they trust packages created by the person identified in the UID and they trust the key itself.
I inadvertently broke my email account when I configured
git-send-mail, and I only just realized it. Everything I've sent to
the list since then didn't go through, so I'm resending this message,
originally sent June 5.
On Wed, Jun 1, 2011 at 3:50 PM, Dan McGee
I should also add that the ability to have a signed database without signed packages could be done this same way; e.g. "SigLevel = NoPackages" or something (maybe even a corresponding "NoDatabase").
If you indicate that the database is to be signed and it is in fact signed, then it doesn't matter: the database itself dictates whether a package should be signed (based on whether it includes a signature in desc). I'll also make all the config directives both global and customizable on a per-database basis. -Kerrick Staley
participants (5)
-
Allan McRae
-
Dan McGee
-
Dan McGee
-
Kerrick Staley
-
Rémy Oudompheng