Add LocalFileSigLevel and RemoteFileSigLevel to control the signature checking for "pacman -U <file>" and "pacman -U <url>" operations respectively. Both values take the default of "Optional TrustedOnly". Signed-off-by: Allan McRae <allan@archlinux.org> --- I would like to have the default level being what is set for SigLevel and the values in {Local,Remote}FileSigLevel override this, but I can not get that working without requiring these config options come after SigLevel. lib/libalpm/alpm.h | 6 +++++ lib/libalpm/handle.c | 52 ++++++++++++++++++++++++++++++++++++++++++++----- lib/libalpm/handle.h | 4 +++ src/pacman/conf.c | 20 +++++++++++++++++++ src/pacman/conf.h | 2 + src/pacman/upgrade.c | 21 +++++++++++++++++-- 6 files changed, 96 insertions(+), 9 deletions(-) diff --git a/lib/libalpm/alpm.h b/lib/libalpm/alpm.h index aeb1bb7..4afa429 100644 --- a/lib/libalpm/alpm.h +++ b/lib/libalpm/alpm.h @@ -540,6 +540,12 @@ int alpm_option_set_checkspace(alpm_handle_t *handle, int checkspace); alpm_siglevel_t alpm_option_get_default_siglevel(alpm_handle_t *handle); int alpm_option_set_default_siglevel(alpm_handle_t *handle, alpm_siglevel_t level); +alpm_siglevel_t alpm_option_get_local_file_siglevel(alpm_handle_t *handle); +int alpm_option_set_local_file_siglevel(alpm_handle_t *handle, alpm_siglevel_t level); + +alpm_siglevel_t alpm_option_get_remote_file_siglevel(alpm_handle_t *handle); +int alpm_option_set_remote_file_siglevel(alpm_handle_t *handle, alpm_siglevel_t level); + /** @} */ /** @addtogroup alpm_api_databases Database Functions diff --git a/lib/libalpm/handle.c b/lib/libalpm/handle.c index ec4cc56..534a4ed 100644 --- a/lib/libalpm/handle.c +++ b/lib/libalpm/handle.c @@ -596,6 +596,18 @@ int SYMEXPORT alpm_option_set_deltaratio(alpm_handle_t *handle, double ratio) return 0; } +alpm_db_t SYMEXPORT *alpm_get_localdb(alpm_handle_t *handle) +{ + CHECK_HANDLE(handle, return NULL); + return handle->db_local; +} + +alpm_list_t SYMEXPORT *alpm_get_syncdbs(alpm_handle_t *handle) +{ + CHECK_HANDLE(handle, return NULL); + return handle->dbs_sync; +} + int SYMEXPORT alpm_option_set_checkspace(alpm_handle_t *handle, int checkspace) { CHECK_HANDLE(handle, return -1); @@ -623,16 +635,44 @@ alpm_siglevel_t SYMEXPORT alpm_option_get_default_siglevel(alpm_handle_t *handle return handle->siglevel; } -alpm_db_t SYMEXPORT *alpm_get_localdb(alpm_handle_t *handle) +int SYMEXPORT alpm_option_set_local_file_siglevel(alpm_handle_t *handle, + alpm_siglevel_t level) { - CHECK_HANDLE(handle, return NULL); - return handle->db_local; + CHECK_HANDLE(handle, return -1); +#ifdef HAVE_LIBGPGME + handle->localfilesiglevel = level; +#else + if(level != 0 && level != ALPM_SIG_USE_DEFAULT) { + RET_ERR(handle, ALPM_ERR_WRONG_ARGS, -1); + } +#endif + return 0; } -alpm_list_t SYMEXPORT *alpm_get_syncdbs(alpm_handle_t *handle) +alpm_siglevel_t SYMEXPORT alpm_option_get_local_file_siglevel(alpm_handle_t *handle) { - CHECK_HANDLE(handle, return NULL); - return handle->dbs_sync; + CHECK_HANDLE(handle, return -1); + return handle->localfilesiglevel; +} + +int SYMEXPORT alpm_option_set_remote_file_siglevel(alpm_handle_t *handle, + alpm_siglevel_t level) +{ + CHECK_HANDLE(handle, return -1); +#ifdef HAVE_LIBGPGME + handle->remotefilesiglevel = level; +#else + if(level != 0 && level != ALPM_SIG_USE_DEFAULT) { + RET_ERR(handle, ALPM_ERR_WRONG_ARGS, -1); + } +#endif + return 0; +} + +alpm_siglevel_t SYMEXPORT alpm_option_get_remote_file_siglevel(alpm_handle_t *handle) +{ + CHECK_HANDLE(handle, return -1); + return handle->remotefilesiglevel; } /* vim: set ts=2 sw=2 noet: */ diff --git a/lib/libalpm/handle.h b/lib/libalpm/handle.h index a090ae4..4d92d11 100644 --- a/lib/libalpm/handle.h +++ b/lib/libalpm/handle.h @@ -92,6 +92,10 @@ struct __alpm_handle_t { int usesyslog; /* Use syslog instead of logfile? */ /* TODO move to frontend */ int checkspace; /* Check disk space before installing */ alpm_siglevel_t siglevel; /* Default signature verification level */ + alpm_siglevel_t localfilesiglevel; /* Signature verification level for local file + upgrade operations */ + alpm_siglevel_t remotefilesiglevel; /* Signature verification level for remote file + upgrade operations */ /* error code */ alpm_errno_t pm_errno; diff --git a/src/pacman/conf.c b/src/pacman/conf.c index bfa8cad..723ee50 100644 --- a/src/pacman/conf.c +++ b/src/pacman/conf.c @@ -56,6 +56,8 @@ config_t *config_new(void) if(alpm_capabilities() & ALPM_CAPABILITY_SIGNATURES) { newconfig->siglevel = ALPM_SIG_PACKAGE | ALPM_SIG_PACKAGE_OPTIONAL | ALPM_SIG_DATABASE | ALPM_SIG_DATABASE_OPTIONAL; + newconfig->localfilesiglevel = newconfig->siglevel; + newconfig->remotefilesiglevel = newconfig->siglevel; } return newconfig; @@ -483,6 +485,22 @@ static int _parse_options(const char *key, char *value, return 1; } FREELIST(values); + } else if(strcmp(key, "LocalFileSigLevel") == 0) { + alpm_list_t *values = NULL; + setrepeatingoption(value, "LocalFileSigLevel", &values); + if(process_siglevel(values, &config->localfilesiglevel, file, linenum)) { + FREELIST(values); + return 1; + } + FREELIST(values); + } else if(strcmp(key, "RemoteFileSigLevel") == 0) { + alpm_list_t *values = NULL; + setrepeatingoption(value, "RemoteFileSigLevel", &values); + if(process_siglevel(values, &config->remotefilesiglevel, file, linenum)) { + FREELIST(values); + return 1; + } + FREELIST(values); } else { pm_printf(ALPM_LOG_WARNING, _("config file %s, line %d: directive '%s' in section '%s' not recognized.\n"), @@ -604,6 +622,8 @@ static int setup_libalpm(void) } alpm_option_set_default_siglevel(handle, config->siglevel); + alpm_option_set_local_file_siglevel(handle, config->localfilesiglevel); + alpm_option_set_remote_file_siglevel(handle, config->remotefilesiglevel); if(config->xfercommand) { alpm_option_set_fetchcb(handle, download_with_xfercommand); diff --git a/src/pacman/conf.h b/src/pacman/conf.h index 481132f..7447e89 100644 --- a/src/pacman/conf.h +++ b/src/pacman/conf.h @@ -72,6 +72,8 @@ typedef struct __config_t { unsigned int ask; alpm_transflag_t flags; alpm_siglevel_t siglevel; + alpm_siglevel_t localfilesiglevel; + alpm_siglevel_t remotefilesiglevel; /* conf file options */ /* I Love Candy! */ diff --git a/src/pacman/upgrade.c b/src/pacman/upgrade.c index 87f7c39..c60649a 100644 --- a/src/pacman/upgrade.c +++ b/src/pacman/upgrade.c @@ -40,8 +40,7 @@ int pacman_upgrade(alpm_list_t *targets) { int retval = 0; - alpm_list_t *i; - alpm_siglevel_t level = alpm_option_get_default_siglevel(config->handle); + alpm_list_t *i, *remote = NULL; if(targets == NULL) { pm_printf(ALPM_LOG_ERROR, _("no targets specified (use -h for help)\n")); @@ -51,6 +50,8 @@ int pacman_upgrade(alpm_list_t *targets) /* Check for URL targets and process them */ for(i = targets; i; i = alpm_list_next(i)) { + int *r = malloc(sizeof(int)); + if(strstr(i->data, "://")) { char *str = alpm_fetch_pkgurl(config->handle, i->data); if(str == NULL) { @@ -60,8 +61,13 @@ int pacman_upgrade(alpm_list_t *targets) } else { free(i->data); i->data = str; + *r = 1; } + } else { + *r = 0; } + + remote = alpm_list_add(remote, r); } if(retval) { @@ -75,9 +81,16 @@ int pacman_upgrade(alpm_list_t *targets) printf(_("loading packages...\n")); /* add targets to the created transaction */ - for(i = targets; i; i = alpm_list_next(i)) { + for(i = targets; i; i = alpm_list_next(i), remote = alpm_list_next(remote)) { const char *targ = i->data; alpm_pkg_t *pkg; + alpm_siglevel_t level; + + if(*(int *)remote->data) { + level = alpm_option_get_remote_file_siglevel(config->handle); + } else { + level = alpm_option_get_local_file_siglevel(config->handle); + } if(alpm_pkg_load(config->handle, targ, 1, level, &pkg) != 0) { pm_printf(ALPM_LOG_ERROR, "'%s': %s\n", @@ -95,6 +108,8 @@ int pacman_upgrade(alpm_list_t *targets) config->explicit_adds = alpm_list_add(config->explicit_adds, pkg); } + FREELIST(remote); + if(retval) { trans_release(); return retval; -- 1.7.9.1