[pacman-dev] [PATCH 0/4] addition of API methods and backend work
I've had the ensuing patches on my tree for a few days. A quick outline of what they accomplish: 1) Replace the old libfetch method of setting useragent (via an environment var) with proper get/set methods. 2) Refactor signature downloading to ensure that the sig file is downloaded from the same mirror as the file itself. 3) Add handling for VerifySig in the [options] section of pacman.conf. This should probably be split into two patches (front end/back end), as it adds another API interface. I'm not sold on the naming convention I've used either. Feedback (and dan's criticism) is welcome. d
Signed-off-by: Dave Reisner
On 2011/3/28 Dave Reisner
@@ -597,4 +598,18 @@ void SYMEXPORT alpm_option_set_checkspace(int checkspace) handle->checkspace = checkspace; }
+void SYMEXPORT alpm_option_set_useragent(char *useragent) +{ + if(handle == NULL) { + pm_errno = PM_ERR_HANDLE_NULL; + return; + } + handle->useragent = useragent; +} + +const char SYMEXPORT *alpm_option_get_useragent() +{ + return handle->useragent; +} + /* vim: set ts=2 sw=2 noet: */
I'd rather have alpm_option_set_useragent() return an int, just like alpm_option_set_root(), and make alpm_option_get_useragent() return NULL and set pm_errno if handle is NULL, just like alpm_option_set_root(). As a matter or personal taste (and a bit of consistency obsession). -- Rémy.
On Mon, Mar 28, 2011 at 2:15 PM, Dave Reisner
Signed-off-by: Dave Reisner
I'm not applying these, I think our current approach is reasonable enough.
The call for this needs to be done a little later now since it requires
that the handle be initialized.
Signed-off-by: Dave Reisner
There's a lot of related moving parts here:
* iteration through mirrors is moved back to the calling functions. this
allows removal of _alpm_download_single_file and _alpm_download_files
* rename download => _alpm_download. also modified to accept an extra
arg of type pgp_verify_t which is passed through to
curl_download_internal
* move the actual signature download to curl_download_internal. this
allows us to ensure that the signature and the file came from the
same mirror, and only to accept the file if signature verification
passes.
Signed-off-by: Dave Reisner
On Mon, Mar 28, 2011 at 2:15 PM, Dave Reisner
There's a lot of related moving parts here: * iteration through mirrors is moved back to the calling functions. this allows removal of _alpm_download_single_file and _alpm_download_files * rename download => _alpm_download. also modified to accept an extra arg of type pgp_verify_t which is passed through to curl_download_internal * move the actual signature download to curl_download_internal. this allows us to ensure that the signature and the file came from the same mirror, and only to accept the file if signature verification passes.
Signed-off-by: Dave Reisner
This one needs a little more testing...note the (now) non-existant core.db file, and the completely bogus community2. dmcgee@galway ~/projects/pacman (master) $ sudo rm /var/lib/pacman/sync/core.db dmcgee@galway ~/projects/pacman (master) $ sudo ./src/pacman/pacman -Sy :: Synchronizing package databases... testing is up to date core is up to date extra is up to date community-testing is up to date multilib is up to date community is up to date community2 is up to date -Dan
On Wed, Apr 20, 2011 at 07:03:49PM -0500, Dan McGee wrote:
On Mon, Mar 28, 2011 at 2:15 PM, Dave Reisner
wrote: There's a lot of related moving parts here: * iteration through mirrors is moved back to the calling functions. this allows removal of _alpm_download_single_file and _alpm_download_files * rename download => _alpm_download. also modified to accept an extra arg of type pgp_verify_t which is passed through to curl_download_internal * move the actual signature download to curl_download_internal. this allows us to ensure that the signature and the file came from the same mirror, and only to accept the file if signature verification passes.
Signed-off-by: Dave Reisner
This one needs a little more testing...note the (now) non-existant core.db file, and the completely bogus community2.
dmcgee@galway ~/projects/pacman (master) $ sudo rm /var/lib/pacman/sync/core.db
dmcgee@galway ~/projects/pacman (master) $ sudo ./src/pacman/pacman -Sy :: Synchronizing package databases... testing is up to date core is up to date extra is up to date community-testing is up to date multilib is up to date community is up to date community2 is up to date
-Dan
Good choice. I've noticed some other garbage in these patches as well. Hoping to tackle a lot of this next week when I'm off from work. d
* add _alpm_get_sigverify_level
* add alpm_option_{get,set}_default_sigverify
This requires moving around protos in alpm.h so that pgp_verify_t is
known to the get/set methods for default_sigverify.
Signed-off-by: Dave Reisner
On Mon 28 March 2011 at 15:15 -0400, Dave Reisner wrote:
+/* GPG signature verification option */ +typedef enum _pgp_verify_t { + PM_PGP_VERIFY_UNKNOWN, + PM_PGP_VERIFY_ALWAYS, + PM_PGP_VERIFY_OPTIONAL, + PM_PGP_VERIFY_NEVER +} pgp_verify_t; + +int alpm_db_set_pgp_verify(pmdb_t *db, pgp_verify_t verify);
Why is this enum name not prefixed by "pm" ? Why isn't alpm_db_set_pgp_verify with the other database functions (e.g. alpm_db_setserver()) ?
--- a/lib/libalpm/signing.c +++ b/lib/libalpm/signing.c @@ -249,6 +249,24 @@ int _alpm_load_signature(const char *sigfile, pmpgpsig_t *pgpsig) { }
/** + * Determines the necessity of checking for a valid pgp signature + * @param db the sync db to query + * + * @return signature verification level + */ +pgp_verify_t _alpm_get_sigverify_level(pmdb_t *db) +{ + ALPM_LOG_FUNC; + ASSERT(db != NULL, return PM_PGP_VERIFY_UNKNOWN); + + if(db->pgp_verify != PM_PGP_VERIFY_UNKNOWN) { + return db->pgp_verify; + } else { + return alpm_option_get_default_sigverify(); + } +} + +/** * Check the PGP package signature for the given package file. * @param pkg the package to check * @return a int value : 0 (valid), 1 (invalid), -1 (an error occured) @@ -270,11 +288,10 @@ int SYMEXPORT alpm_pkg_check_pgp_signature(pmpkg_t *pkg) int SYMEXPORT alpm_db_check_pgp_signature(pmdb_t *db) { ALPM_LOG_FUNC; - ASSERT(db != NULL, return(0)); + ASSERT(db != NULL, return 0);
return _alpm_gpgme_checksig(_alpm_db_path(db), _alpm_db_pgpsig(db)); }
- /* vim: set ts=2 sw=2 noet: */
I suggest using ASSERT(db != NULL, RET_ERR(PM_ERR_DB_NULL, ...)); to inform users of the error. And you should return -1 if db is NULL (in alpm_db_check_signature). Regards, -- Rémy.
On Mon, Mar 28, 2011 at 09:34:57PM +0200, Rémy Oudompheng wrote:
On Mon 28 March 2011 at 15:15 -0400, Dave Reisner wrote:
+/* GPG signature verification option */ +typedef enum _pgp_verify_t { + PM_PGP_VERIFY_UNKNOWN, + PM_PGP_VERIFY_ALWAYS, + PM_PGP_VERIFY_OPTIONAL, + PM_PGP_VERIFY_NEVER +} pgp_verify_t; + +int alpm_db_set_pgp_verify(pmdb_t *db, pgp_verify_t verify);
Why is this enum name not prefixed by "pm" ?
Why isn't alpm_db_set_pgp_verify with the other database functions (e.g. alpm_db_setserver()) ?
Dan's naming, not mine. Adding the pm prefix makes sense here. I added it with the signature related functions since it's related to signatures and not strictly databases (think of pacman -U).
--- a/lib/libalpm/signing.c +++ b/lib/libalpm/signing.c @@ -249,6 +249,24 @@ int _alpm_load_signature(const char *sigfile, pmpgpsig_t *pgpsig) { }
/** + * Determines the necessity of checking for a valid pgp signature + * @param db the sync db to query + * + * @return signature verification level + */ +pgp_verify_t _alpm_get_sigverify_level(pmdb_t *db) +{ + ALPM_LOG_FUNC; + ASSERT(db != NULL, return PM_PGP_VERIFY_UNKNOWN); + + if(db->pgp_verify != PM_PGP_VERIFY_UNKNOWN) { + return db->pgp_verify; + } else { + return alpm_option_get_default_sigverify(); + } +} + +/** * Check the PGP package signature for the given package file. * @param pkg the package to check * @return a int value : 0 (valid), 1 (invalid), -1 (an error occured) @@ -270,11 +288,10 @@ int SYMEXPORT alpm_pkg_check_pgp_signature(pmpkg_t *pkg) int SYMEXPORT alpm_db_check_pgp_signature(pmdb_t *db) { ALPM_LOG_FUNC; - ASSERT(db != NULL, return(0)); + ASSERT(db != NULL, return 0);
return _alpm_gpgme_checksig(_alpm_db_path(db), _alpm_db_pgpsig(db)); }
- /* vim: set ts=2 sw=2 noet: */
I suggest using ASSERT(db != NULL, RET_ERR(PM_ERR_DB_NULL, ...)); to inform users of the error. And you should return -1 if db is NULL (in alpm_db_check_signature).
Regards, -- Rémy.
On Mon, Mar 28, 2011 at 2:53 PM, Dave Reisner
On Mon, Mar 28, 2011 at 09:34:57PM +0200, Rémy Oudompheng wrote:
On Mon 28 March 2011 at 15:15 -0400, Dave Reisner wrote:
+/* GPG signature verification option */ +typedef enum _pgp_verify_t { + PM_PGP_VERIFY_UNKNOWN, + PM_PGP_VERIFY_ALWAYS, + PM_PGP_VERIFY_OPTIONAL, + PM_PGP_VERIFY_NEVER +} pgp_verify_t; + +int alpm_db_set_pgp_verify(pmdb_t *db, pgp_verify_t verify);
Why is this enum name not prefixed by "pm" ?
Why isn't alpm_db_set_pgp_verify with the other database functions (e.g. alpm_db_setserver()) ?
Dan's naming, not mine. Adding the pm prefix makes sense here. I added it with the signature related functions since it's related to signatures and not strictly databases (think of pacman -U).
I've started to call some of this out. As long as we don't release in this awesome condition, I'm fine with bringing some of this work in so we can at least keep the ball rollling, but feel free to add any other concerns here: https://wiki.archlinux.org/index.php/User:Allan/Package_Signing#Other_Issues -Dan
On Mon, Mar 28, 2011 at 2:15 PM, Dave Reisner
diff --git a/src/pacman/pacman.c b/src/pacman/pacman.c index 381d2bc..012043d 100644 --- a/src/pacman/pacman.c +++ b/src/pacman/pacman.c @@ -1038,22 +1038,34 @@ static int _parse_options(const char *key, char *value, config->rootdir = strdup(value); pm_printf(PM_LOG_DEBUG, "config: rootdir: %s\n", value); } - } else if (strcmp(key, "GPGDir") == 0) { + } else if(strcmp(key, "GPGDir") == 0) { if(!config->gpgdir) { config->gpgdir = strdup(value); pm_printf(PM_LOG_DEBUG, "config: gpgdir: %s\n", value); } - } else if (strcmp(key, "LogFile") == 0) { + } else if(strcmp(key, "LogFile") == 0) { if(!config->logfile) { config->logfile = strdup(value); pm_printf(PM_LOG_DEBUG, "config: logfile: %s\n", value); } - } else if (strcmp(key, "XferCommand") == 0) { + } else if(strcmp(key, "XferCommand") == 0) { config->xfercommand = strdup(value); alpm_option_set_fetchcb(download_with_xfercommand); pm_printf(PM_LOG_DEBUG, "config: xfercommand: %s\n", value); - } else if (strcmp(key, "CleanMethod") == 0) { + } else if(strcmp(key, "CleanMethod") == 0) { setrepeatingoption(value, "CleanMethod", option_add_cleanmethod); + } else if(strcmp(key, "VerifySig") == 0) { + if (strcmp(value, "Always") == 0) { + alpm_option_set_default_sigverify(PM_PGP_VERIFY_ALWAYS); + } else if(strcmp(value, "Optional") == 0) { + alpm_option_set_default_sigverify(PM_PGP_VERIFY_OPTIONAL); + } else if(strcmp(value, "Never") == 0) { + alpm_option_set_default_sigverify(PM_PGP_VERIFY_NEVER); + } else { + pm_printf(PM_LOG_ERROR, _("invalid value for 'VerifySig' : '%s'\n"), value); + return 1; + } + pm_printf(PM_LOG_DEBUG, "config: setting default VerifySig: %s\n", value); } else {
pm_printf(PM_LOG_WARNING,
Pro tip- please don't mix syntax/reformatting patches with actual work. I've cleaned this one up anyway since it doesn't apply cleanly without your other patch, but keep that in mind in the future... -Dan
participants (3)
-
Dan McGee
-
Dave Reisner
-
Rémy Oudompheng