[pacman-dev] [PATCH 2/2] Download and verify package database signatures

Mon Nov 22 12:31:00 CET 2010

If signature verification is needed, attempt to download a signature
file for a repo when it is updated. Return an error if unable to
download signature only when checking is mandatory, or if signature is
invalid.

TODO: At the moment the database signature is only checked on download.
Should we do anything with a database if it fails to be verified to prevent
its future usage?

Signed-off-by: Allan McRae <allan at archlinux.org>
---
 lib/libalpm/be_sync.c |   41 ++++++++++++++++++++++++++++++++++++-----
 1 files changed, 36 insertions(+), 5 deletions(-)

diff --git a/lib/libalpm/be_sync.c b/lib/libalpm/be_sync.c
index d3399b2..1cf6727 100644
--- a/lib/libalpm/be_sync.c
+++ b/lib/libalpm/be_sync.c
@@ -104,23 +104,54 @@ int SYMEXPORT alpm_db_update(int force, pmdb_t *db)
 	sprintf(syncpath, "%s%s", dbpath, "sync/");
 
 	ret = _alpm_download_single_file(dbfile, db->servers, syncpath, force);
-	free(dbfile);
-	free(syncpath);
 
 	if(ret == 1) {
 		/* files match, do nothing */
 		pm_errno = 0;
-		return(1);
+		goto cleanup;
 	} else if(ret == -1) {
 		/* pm_errno was set by the download code */
 		_alpm_log(PM_LOG_DEBUG, "failed to sync db: %s\n", alpm_strerrorlast());
-		return(-1);
+		goto cleanup;
+	}
+
+	/* Download and check the signature of the database if needed */
+	if(db->pgp_verify != PM_PGP_VERIFY_NEVER) {
+		char *sigfile;
+		int sigret;
+
+		len = strlen(dbfile) + 5;
+		MALLOC(sigfile, len, RET_ERR(PM_ERR_MEMORY, -1));
+		sprintf(sigfile, "%s.sig", dbfile);
+
+		sigret = _alpm_download_single_file(sigfile, db->servers, syncpath, 1);
+		free(sigfile);
+
+		if(sigret == -1 && db->pgp_verify == PM_PGP_VERIFY_ALWAYS) {
+			_alpm_log(PM_LOG_ERROR, _("Failed to download signature for db: %s\n"),
+					alpm_strerrorlast());
+			pm_errno = PM_ERR_SIG_INVALID;
+			ret = -1;
+			goto cleanup;
+		}
+
+		sigret = alpm_db_check_pgp_signature(db);
+		if((db->pgp_verify == PM_PGP_VERIFY_ALWAYS && sigret != 0) ||
+				(db->pgp_verify == PM_PGP_VERIFY_OPTIONAL && sigret == 1)) {
+			/* pm_errno was set by the checking code */
+			/* TODO: should we just leave the unverified database */
+			ret = -1;
+			goto cleanup;
+		}
 	}
 
 	/* Cache needs to be rebuilt */
 	_alpm_db_free_pkgcache(db);
 
-	return(0);
+cleanup:
+	free(dbfile);
+	free(syncpath);
+	return(ret);
 }
 
 int _alpm_sync_db_populate(pmdb_t *db)
-- 
1.7.3.2

