[pacman-dev] [PATCH 2/4] signing: make gpgme optional and default to user callback
Rémy Oudompheng
remyoudompheng at gmail.com
Sun Apr 10 07:38:52 EDT 2011
This makes it possible to compile libalpm without the gpgme library.
This option is reflected in the configure script.
Signed-off-by: Rémy Oudompheng <remy at archlinux.org>
---
configure.ac | 19 +++++++++++++++++--
lib/libalpm/signing.c | 33 ++++++++++++++++++++++++++++++---
lib/libalpm/signing.h | 2 +-
lib/libalpm/sync.c | 6 ++++--
4 files changed, 52 insertions(+), 8 deletions(-)
diff --git a/configure.ac b/configure.ac
index 9fb9cb0..ef48f86 100644
--- a/configure.ac
+++ b/configure.ac
@@ -93,6 +93,11 @@ AC_ARG_WITH(openssl,
AS_HELP_STRING([--with-openssl], [use OpenSSL crypto implementations instead of internal routines]),
[], [with_openssl=check])
+# Help line for using GPGME
+AC_ARG_WITH(gpgme,
+ AS_HELP_STRING([--with-gpgme], [use GPGME for signature checking]),
+ [], [with_gpgme=check])
+
# Check for useable libcurl
LIBCURL_CHECK_CONFIG([yes], [7.19.4])
@@ -151,8 +156,17 @@ AS_IF([test "x$with_openssl" != "xno"],
AM_CONDITIONAL([HAVE_LIBSSL], [test "x$ac_cv_lib_ssl_MD5_Final" = "xyes"])
# Check for gpgme
-AC_CHECK_LIB([gpgme], [gpgme_check_version], ,
- AC_MSG_ERROR([gpgme is needed to compile pacman!]))
+AC_MSG_CHECKING(whether to enable gpgme)
+AS_IF([test "x$with_gpgme" != "xno"],
+ [AC_MSG_RESULT(yes)
+ AC_CHECK_LIB([gpgme], [gpgme_check_version], ,
+ [if test "x$with_gpgme" != "xcheck"; then
+ AC_MSG_FAILURE([--with-gpgme was given, but -lgpgme was not found])
+ fi],
+ [-lgpgme])]
+ with_gpgme=$ac_cv_lib_gpgme_gpgme_check_version,
+ AC_MSG_RESULT(no))
+AM_CONDITIONAL([HAVE_LIBGPGME], [test "x$ac_cv_lib_gpgme_gpgme_check_version" = "xyes"])
# Checks for header files.
AC_CHECK_HEADERS([fcntl.h glob.h libintl.h locale.h mntent.h string.h \
@@ -406,6 +420,7 @@ ${PACKAGE_NAME}:
Compilation options:
Run make in doc/ dir : ${wantdoc} ${asciidoc}
Doxygen support : ${usedoxygen}
+ GPGME support : ${with_gpgme}
debug support : ${debug}
"
diff --git a/lib/libalpm/signing.c b/lib/libalpm/signing.c
index cc4b89f..4f86177 100644
--- a/lib/libalpm/signing.c
+++ b/lib/libalpm/signing.c
@@ -23,19 +23,24 @@
#include <stdio.h>
#include <string.h>
#include <locale.h> /* setlocale() */
+
+#ifdef HAVE_LIBGPGME
#include <gpgme.h>
+#endif
/* libalpm */
#include "signing.h"
#include "package.h"
#include "util.h"
#include "log.h"
+#include "handle.h"
#include "alpm.h"
#define CHECK_ERR(void) do { \
if(err != GPG_ERR_NO_ERROR) { goto error; } \
} while(0)
+#ifdef HAVE_LIBGPGME
static int gpgme_init(void)
{
static int init = 0;
@@ -97,7 +102,7 @@ error:
* @param sig PGP signature data in raw form (already decoded)
* @return a int value : 0 (valid), 1 (invalid), -1 (an error occured)
*/
-int _alpm_gpgme_checksig(const char *path, const pmpgpsig_t *sig)
+static int _alpm_gpgme_checksig(const char *path, const pmpgpsig_t *sig)
{
int ret = 0;
gpgme_error_t err;
@@ -202,6 +207,7 @@ error:
}
return ret;
}
+#endif
/**
* Load the signature from the given path into the provided struct.
@@ -248,6 +254,27 @@ int _alpm_load_signature(const char *sigfile, pmpgpsig_t *pgpsig) {
return 0;
}
+/** Check the PGP signature for an arbitrary file.
+ * This function redirects to the standard gpgme checking
+ * function or a user-defined external callback.
+ */
+int _alpm_file_checksig(const char *path, const pmpgpsig_t *sig)
+{
+ if(handle->checksigcb == NULL) {
+#ifdef HAVE_LIBGPGME
+ return _alpm_gpgme_checksig(path, sig);
+#else
+ RET_ERR(PM_ERR_EXTERNAL_SIGCHECK, -1);
+#endif
+ } else {
+ int ret = handle->checksigcb(path, sig);
+ if(ret == -1) {
+ RET_ERR(PM_ERR_EXTERNAL_SIGCHECK, -1);
+ }
+ return ret;
+ }
+}
+
/**
* Check the PGP package signature for the given package file.
* @param pkg the package to check
@@ -258,7 +285,7 @@ int SYMEXPORT alpm_pkg_check_pgp_signature(pmpkg_t *pkg)
ALPM_LOG_FUNC;
ASSERT(pkg != NULL, return 0);
- return _alpm_gpgme_checksig(alpm_pkg_get_filename(pkg),
+ return _alpm_file_checksig(alpm_pkg_get_filename(pkg),
alpm_pkg_get_pgpsig(pkg));
}
@@ -272,7 +299,7 @@ int SYMEXPORT alpm_db_check_pgp_signature(pmdb_t *db)
ALPM_LOG_FUNC;
ASSERT(db != NULL, return(0));
- return _alpm_gpgme_checksig(_alpm_db_path(db),
+ return _alpm_file_checksig(_alpm_db_path(db),
_alpm_db_pgpsig(db));
}
diff --git a/lib/libalpm/signing.h b/lib/libalpm/signing.h
index b37abf0..6781377 100644
--- a/lib/libalpm/signing.h
+++ b/lib/libalpm/signing.h
@@ -31,7 +31,7 @@ struct __pmpgpsig_t {
unsigned char *rawdata;
};
-int _alpm_gpgme_checksig(const char *path, const pmpgpsig_t *sig);
+int _alpm_file_checksig(const char *path, const pmpgpsig_t *sig);
int _alpm_load_signature(const char *sigfile, pmpgpsig_t *pgpsig);
#endif /* _ALPM_SIGNING_H */
diff --git a/lib/libalpm/sync.c b/lib/libalpm/sync.c
index a97a67b..7c5759d 100644
--- a/lib/libalpm/sync.c
+++ b/lib/libalpm/sync.c
@@ -855,11 +855,12 @@ int _alpm_sync_commit(pmtrans_t *trans, pmdb_t *db_local, alpm_list_t **data)
FREE(filepath);
continue;
}
+
+
/* check PGP signature next */
pmdb_t *sdb = alpm_pkg_get_db(spkg);
-
if(sdb->pgp_verify != PM_PGP_VERIFY_NEVER) {
- int ret = _alpm_gpgme_checksig(filepath, pgpsig);
+ int ret = _alpm_file_checksig(filepath, pgpsig);
if((sdb->pgp_verify == PM_PGP_VERIFY_ALWAYS && ret != 0) ||
(sdb->pgp_verify == PM_PGP_VERIFY_OPTIONAL && ret == 1)) {
errors++;
@@ -868,6 +869,7 @@ int _alpm_sync_commit(pmtrans_t *trans, pmdb_t *db_local, alpm_list_t **data)
continue;
}
}
+
/* load the package file and replace pkgcache entry with it in the target list */
/* TODO: alpm_pkg_get_db() will not work on this target anymore */
_alpm_log(PM_LOG_DEBUG, "replacing pkgcache entry with package file for target %s\n", spkg->name);
--
1.7.4.4
More information about the pacman-dev
mailing list