[pacman-dev] [PATCH 2/4] signing: make gpgme optional and default to user callback

Rémy Oudompheng remyoudompheng at gmail.com
Sun Apr 10 07:38:52 EDT 2011


This makes it possible to compile libalpm without the gpgme library.
This option is reflected in the configure script.

Signed-off-by: Rémy Oudompheng <remy at archlinux.org>
---
 configure.ac          |   19 +++++++++++++++++--
 lib/libalpm/signing.c |   33 ++++++++++++++++++++++++++++++---
 lib/libalpm/signing.h |    2 +-
 lib/libalpm/sync.c    |    6 ++++--
 4 files changed, 52 insertions(+), 8 deletions(-)

diff --git a/configure.ac b/configure.ac
index 9fb9cb0..ef48f86 100644
--- a/configure.ac
+++ b/configure.ac
@@ -93,6 +93,11 @@ AC_ARG_WITH(openssl,
 	AS_HELP_STRING([--with-openssl], [use OpenSSL crypto implementations instead of internal routines]),
 	[], [with_openssl=check])
 
+# Help line for using GPGME
+AC_ARG_WITH(gpgme,
+	AS_HELP_STRING([--with-gpgme], [use GPGME for signature checking]),
+	[], [with_gpgme=check])
+
 # Check for useable libcurl
 LIBCURL_CHECK_CONFIG([yes], [7.19.4])
 
@@ -151,8 +156,17 @@ AS_IF([test "x$with_openssl" != "xno"],
 AM_CONDITIONAL([HAVE_LIBSSL], [test "x$ac_cv_lib_ssl_MD5_Final" = "xyes"])
 
 # Check for gpgme
-AC_CHECK_LIB([gpgme], [gpgme_check_version], ,
-	AC_MSG_ERROR([gpgme is needed to compile pacman!]))
+AC_MSG_CHECKING(whether to enable gpgme)
+AS_IF([test "x$with_gpgme" != "xno"],
+	[AC_MSG_RESULT(yes)
+	AC_CHECK_LIB([gpgme], [gpgme_check_version], ,
+	[if test "x$with_gpgme" != "xcheck"; then
+		AC_MSG_FAILURE([--with-gpgme was given, but -lgpgme was not found])
+	fi],
+	[-lgpgme])]
+	with_gpgme=$ac_cv_lib_gpgme_gpgme_check_version,
+	AC_MSG_RESULT(no))
+AM_CONDITIONAL([HAVE_LIBGPGME], [test "x$ac_cv_lib_gpgme_gpgme_check_version" = "xyes"])
 
 # Checks for header files.
 AC_CHECK_HEADERS([fcntl.h glob.h libintl.h locale.h mntent.h string.h \
@@ -406,6 +420,7 @@ ${PACKAGE_NAME}:
   Compilation options:
     Run make in doc/ dir   : ${wantdoc} ${asciidoc}
     Doxygen support        : ${usedoxygen}
+    GPGME support          : ${with_gpgme}
     debug support          : ${debug}
 "
 
diff --git a/lib/libalpm/signing.c b/lib/libalpm/signing.c
index cc4b89f..4f86177 100644
--- a/lib/libalpm/signing.c
+++ b/lib/libalpm/signing.c
@@ -23,19 +23,24 @@
 #include <stdio.h>
 #include <string.h>
 #include <locale.h> /* setlocale() */
+
+#ifdef HAVE_LIBGPGME
 #include <gpgme.h>
+#endif
 
 /* libalpm */
 #include "signing.h"
 #include "package.h"
 #include "util.h"
 #include "log.h"
+#include "handle.h"
 #include "alpm.h"
 
 #define CHECK_ERR(void) do { \
 		if(err != GPG_ERR_NO_ERROR) { goto error; } \
 	} while(0)
 
+#ifdef HAVE_LIBGPGME
 static int gpgme_init(void)
 {
 	static int init = 0;
@@ -97,7 +102,7 @@ error:
  * @param sig PGP signature data in raw form (already decoded)
  * @return a int value : 0 (valid), 1 (invalid), -1 (an error occured)
  */
-int _alpm_gpgme_checksig(const char *path, const pmpgpsig_t *sig)
+static int _alpm_gpgme_checksig(const char *path, const pmpgpsig_t *sig)
 {
 	int ret = 0;
 	gpgme_error_t err;
@@ -202,6 +207,7 @@ error:
 	}
 	return ret;
 }
+#endif
 
 /**
  * Load the signature from the given path into the provided struct.
@@ -248,6 +254,27 @@ int _alpm_load_signature(const char *sigfile, pmpgpsig_t *pgpsig) {
 	return 0;
 }
 
+/** Check the PGP signature for an arbitrary file.
+ * This function redirects to the standard gpgme checking
+ * function or a user-defined external callback.
+ */
+int _alpm_file_checksig(const char *path, const pmpgpsig_t *sig)
+{
+	if(handle->checksigcb == NULL) {
+#ifdef HAVE_LIBGPGME
+		return _alpm_gpgme_checksig(path, sig);
+#else
+		RET_ERR(PM_ERR_EXTERNAL_SIGCHECK, -1);
+#endif
+	} else {
+		int ret = handle->checksigcb(path, sig);
+		if(ret == -1) {
+			RET_ERR(PM_ERR_EXTERNAL_SIGCHECK, -1);
+		}
+		return ret;
+	}
+}
+
 /**
  * Check the PGP package signature for the given package file.
  * @param pkg the package to check
@@ -258,7 +285,7 @@ int SYMEXPORT alpm_pkg_check_pgp_signature(pmpkg_t *pkg)
 	ALPM_LOG_FUNC;
 	ASSERT(pkg != NULL, return 0);
 
-	return _alpm_gpgme_checksig(alpm_pkg_get_filename(pkg),
+	return _alpm_file_checksig(alpm_pkg_get_filename(pkg),
 			alpm_pkg_get_pgpsig(pkg));
 }
 
@@ -272,7 +299,7 @@ int SYMEXPORT alpm_db_check_pgp_signature(pmdb_t *db)
 	ALPM_LOG_FUNC;
 	ASSERT(db != NULL, return(0));
 
-	return _alpm_gpgme_checksig(_alpm_db_path(db),
+	return _alpm_file_checksig(_alpm_db_path(db),
 			_alpm_db_pgpsig(db));
 }
 
diff --git a/lib/libalpm/signing.h b/lib/libalpm/signing.h
index b37abf0..6781377 100644
--- a/lib/libalpm/signing.h
+++ b/lib/libalpm/signing.h
@@ -31,7 +31,7 @@ struct __pmpgpsig_t {
 	unsigned char *rawdata;
 };
 
-int _alpm_gpgme_checksig(const char *path, const pmpgpsig_t *sig);
+int _alpm_file_checksig(const char *path, const pmpgpsig_t *sig);
 int _alpm_load_signature(const char *sigfile, pmpgpsig_t *pgpsig);
 
 #endif /* _ALPM_SIGNING_H */
diff --git a/lib/libalpm/sync.c b/lib/libalpm/sync.c
index a97a67b..7c5759d 100644
--- a/lib/libalpm/sync.c
+++ b/lib/libalpm/sync.c
@@ -855,11 +855,12 @@ int _alpm_sync_commit(pmtrans_t *trans, pmdb_t *db_local, alpm_list_t **data)
 			FREE(filepath);
 			continue;
 		}
+
+
 		/* check PGP signature next */
 		pmdb_t *sdb = alpm_pkg_get_db(spkg);
-
 		if(sdb->pgp_verify != PM_PGP_VERIFY_NEVER) {
-			int ret = _alpm_gpgme_checksig(filepath, pgpsig);
+			int ret = _alpm_file_checksig(filepath, pgpsig);
 			if((sdb->pgp_verify == PM_PGP_VERIFY_ALWAYS && ret != 0) ||
 					(sdb->pgp_verify == PM_PGP_VERIFY_OPTIONAL && ret == 1)) {
 				errors++;
@@ -868,6 +869,7 @@ int _alpm_sync_commit(pmtrans_t *trans, pmdb_t *db_local, alpm_list_t **data)
 				continue;
 			}
 		}
+
 		/* load the package file and replace pkgcache entry with it in the target list */
 		/* TODO: alpm_pkg_get_db() will not work on this target anymore */
 		_alpm_log(PM_LOG_DEBUG, "replacing pkgcache entry with package file for target %s\n", spkg->name);
-- 
1.7.4.4



More information about the pacman-dev mailing list