[pacman-dev] [PATCH 0/2] --verify option for sig levels
This is a 2nd reroll of a series to introduce the --verify option for the user to change pacman's default signature verification level on the command line. Patch 1/2 changes option_verifysig to accept non-capitalized versions of "Always", "Optional" and "Never". Patch 2/2 introduces the --verify option itself Pang Yan Han (2): option_verifysig: Accept non-caps sig levels Add --verify option for signature level doc/pacman.8.txt | 5 +++++ src/pacman/conf.c | 20 +++++++++++++++++--- src/pacman/conf.h | 4 +++- src/pacman/pacman.c | 5 +++++ 4 files changed, 30 insertions(+), 4 deletions(-) -- 1.7.5.rc0.101.g3d23c
Signed-off-by: Pang Yan Han <pangyanhan@gmail.com> --- src/pacman/conf.c | 6 +++--- 1 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/pacman/conf.c b/src/pacman/conf.c index 370ec51..06c6eca 100644 --- a/src/pacman/conf.c +++ b/src/pacman/conf.c @@ -217,11 +217,11 @@ int config_set_arch(const char *arch) static pgp_verify_t option_verifysig(const char *value) { pgp_verify_t level; - if(strcmp(value, "Always") == 0) { + if(strcmp(value, "Always") == 0 || strcmp(value, "always") == 0) { level = PM_PGP_VERIFY_ALWAYS; - } else if(strcmp(value, "Optional") == 0) { + } else if(strcmp(value, "Optional") == 0 || strcmp(value, "optional") == 0) { level = PM_PGP_VERIFY_OPTIONAL; - } else if(strcmp(value, "Never") == 0) { + } else if(strcmp(value, "Never") == 0 || strcmp(value, "never") == 0) { level = PM_PGP_VERIFY_NEVER; } else { level = PM_PGP_VERIFY_UNKNOWN; -- 1.7.5.rc0.101.g3d23c
On Wed, Jun 1, 2011 at 7:26 PM, Pang Yan Han <pangyanhan@gmail.com> wrote:
Signed-off-by: Pang Yan Han <pangyanhan@gmail.com> Signoff from me as the code stands; the other email I wrote earlier today though may change some of this in the not so distant future.
--- src/pacman/conf.c | 6 +++--- 1 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/pacman/conf.c b/src/pacman/conf.c index 370ec51..06c6eca 100644 --- a/src/pacman/conf.c +++ b/src/pacman/conf.c @@ -217,11 +217,11 @@ int config_set_arch(const char *arch) static pgp_verify_t option_verifysig(const char *value) { pgp_verify_t level; - if(strcmp(value, "Always") == 0) { + if(strcmp(value, "Always") == 0 || strcmp(value, "always") == 0) { level = PM_PGP_VERIFY_ALWAYS; - } else if(strcmp(value, "Optional") == 0) { + } else if(strcmp(value, "Optional") == 0 || strcmp(value, "optional") == 0) { level = PM_PGP_VERIFY_OPTIONAL; - } else if(strcmp(value, "Never") == 0) { + } else if(strcmp(value, "Never") == 0 || strcmp(value, "never") == 0) { level = PM_PGP_VERIFY_NEVER; } else { level = PM_PGP_VERIFY_UNKNOWN; -- 1.7.5.rc0.101.g3d23c
The --verify option allows the user to change pacman's default signature verification level. It can take in one of "always", "optional" or "never". Signed-off-by: Pang Yan Han <pangyanhan@gmail.com> --- doc/pacman.8.txt | 5 +++++ src/pacman/conf.c | 14 ++++++++++++++ src/pacman/conf.h | 4 +++- src/pacman/pacman.c | 5 +++++ 4 files changed, 27 insertions(+), 1 deletions(-) diff --git a/doc/pacman.8.txt b/doc/pacman.8.txt index 531c992..8e048ba 100644 --- a/doc/pacman.8.txt +++ b/doc/pacman.8.txt @@ -165,6 +165,11 @@ Options Bypass any and all ``Are you sure?'' messages. It's not a good idea to do this unless you want to run pacman from a script. +*\--verify* <level>:: + Sets the default signature verification level to <level>. Valid values for level + are "always", "optional" and "never". This can be used to override the "VerifySig" + option in linkman:pacman.conf[5]. + Transaction Options (apply to '-S', '-R' and '-U') -------------------------------------------------- *-d, \--nodeps*:: diff --git a/src/pacman/conf.c b/src/pacman/conf.c index 06c6eca..6ed4d82 100644 --- a/src/pacman/conf.c +++ b/src/pacman/conf.c @@ -68,6 +68,7 @@ int config_free(config_t *oldconfig) free(oldconfig->rootdir); free(oldconfig->dbpath); free(oldconfig->logfile); + free(oldconfig->sigverify); free(oldconfig->xfercommand); free(oldconfig->print_format); free(oldconfig); @@ -474,6 +475,19 @@ static int setlibpaths(void) } } + /* Set the signature verification level to what the user requested */ + if(config->sigverify) { + pgp_verify_t verify = option_verifysig(config->sigverify); + if (verify != PM_PGP_VERIFY_UNKNOWN) { + ret = alpm_option_set_default_sigverify(verify); + if(ret != 0) { + pm_printf(PM_LOG_ERROR, _("problem setting sigverify '%s' (%s)\n"), + config->sigverify, alpm_strerrorlast()); + return ret; + } + } + } + /* add a default cachedir if one wasn't specified */ if(alpm_option_get_cachedirs() == NULL) { alpm_option_add_cachedir(CACHEDIR); diff --git a/src/pacman/conf.h b/src/pacman/conf.h index 76c76cf..d08f83c 100644 --- a/src/pacman/conf.h +++ b/src/pacman/conf.h @@ -41,6 +41,7 @@ typedef struct __config_t { char *dbpath; char *logfile; char *gpgdir; + char *sigverify; /* TODO how to handle cachedirs? */ unsigned short op_q_isfile; @@ -111,7 +112,8 @@ enum { OP_ASEXPLICIT, OP_ARCH, OP_PRINTFORMAT, - OP_GPGDIR + OP_GPGDIR, + OP_VERIFY }; /* clean method */ diff --git a/src/pacman/pacman.c b/src/pacman/pacman.c index 8458c97..eaecc3c 100644 --- a/src/pacman/pacman.c +++ b/src/pacman/pacman.c @@ -206,6 +206,7 @@ static void usage(int op, const char * const myname) addlist(_(" --gpgdir <path> set an alternate home directory for GnuPG\n")); addlist(_(" --logfile <path> set an alternate log file\n")); addlist(_(" --noconfirm do not ask for any confirmation\n")); + addlist(_(" --verify set an alternate signature verification level\n")); } list = alpm_list_msort(list, alpm_list_count(list), options_cmp); for (i = list; i; i = alpm_list_next(i)) { @@ -438,6 +439,9 @@ static int parsearg_global(int opt) config->logfile = strndup(optarg, PATH_MAX); break; case OP_NOCONFIRM: config->noconfirm = 1; break; + case OP_VERIFY: + config->sigverify = strdup(optarg); + break; case 'b': check_optarg(); config->dbpath = strdup(optarg); @@ -635,6 +639,7 @@ static int parseargs(int argc, char *argv[]) {"arch", required_argument, 0, OP_ARCH}, {"print-format", required_argument, 0, OP_PRINTFORMAT}, {"gpgdir", required_argument, 0, OP_GPGDIR}, + {"verify", required_argument, 0, OP_VERIFY}, {0, 0, 0, 0} }; -- 1.7.5.rc0.101.g3d23c
participants (2)
-
Dan McGee
-
Pang Yan Han