[pacman-dev] [PATCH 4/4] sync.c: also check signatures for packages loaded from files

Thu Apr 21 02:39:58 EDT 2011

The chosen level is the global signature check level
defined by alpm_option_set_default_sigverify().

Signed-off-by: Rémy Oudompheng <remy at archlinux.org>
---
There is some code moving around here.

 lib/libalpm/sync.c |   34 ++++++++++++++++++++++------------
 1 files changed, 22 insertions(+), 12 deletions(-)

diff --git a/lib/libalpm/sync.c b/lib/libalpm/sync.c
index 7958c66..0a864c9 100644
--- a/lib/libalpm/sync.c
+++ b/lib/libalpm/sync.c
@@ -830,27 +830,30 @@ int _alpm_sync_commit(pmtrans_t *trans, pmdb_t *db_local, alpm_list_t **data)
 	for(i = trans->add; i; i = i->next, current++) {
 		pmpkg_t *spkg = i->data;
 		int percent = (current * 100) / numtargs;
-		if(spkg->origin == PKG_FROM_FILE) {
-			continue; /* pkg_load() has been already called, this package is valid */
-		}
 		PROGRESS(trans, PM_TRANS_PROGRESS_INTEGRITY_START, "", percent,
 				numtargs, current);
 
 		const char *filename = alpm_pkg_get_filename(spkg);
-		char *filepath = _alpm_filecache_find(filename);
-		const char *md5sum = alpm_pkg_get_md5sum(spkg);
+		char *filepath;
 		const pmpgpsig_t *pgpsig = alpm_pkg_get_pgpsig(spkg);
 		pgp_verify_t check_sig;
 
-		/* check md5sum first */
-		if(test_md5sum(trans, filepath, md5sum) != 0) {
-			goto integrity_check_fail;
-		}
-		/* check PGP signature next */
-		pmdb_t *sdb = alpm_pkg_get_db(spkg);
+		if(spkg->origin == PKG_FROM_FILE) {
+			check_sig = alpm_option_get_default_sigverify();
+			filepath = strdup(filename);
+		} else {
+			pmdb_t *sdb = alpm_pkg_get_db(spkg);
+			check_sig = _alpm_db_get_sigverify_level(sdb);
+			filepath = _alpm_filecache_find(filename);
 
-		check_sig = _alpm_db_get_sigverify_level(sdb);
+			/* check md5sum if package comes from a database */
+			const char *md5sum = alpm_pkg_get_md5sum(spkg);
+			if(test_md5sum(trans, filepath, md5sum) != 0) {
+				goto integrity_check_fail;
+			}
+		}
 
+		/* check PGP signature next */
 		if(check_sig != PM_PGP_VERIFY_NEVER) {
 			int ret = _alpm_gpgme_checksig(filepath, pgpsig);
 			if((check_sig == PM_PGP_VERIFY_ALWAYS && ret != 0) ||
@@ -858,6 +861,13 @@ int _alpm_sync_commit(pmtrans_t *trans, pmdb_t *db_local, alpm_list_t **data)
 				goto integrity_check_fail;
 			}
 		}
+
+		/* don't replace spkg if it already comes from a file */
+		if (spkg->origin == PKG_FROM_FILE) {
+			FREE(filepath);
+			continue;
+		}
+
 		/* load the package file and replace pkgcache entry with it in the target list */
 		/* TODO: alpm_pkg_get_db() will not work on this target anymore */
 		_alpm_log(PM_LOG_DEBUG, "replacing pkgcache entry with package file for target %s\n", spkg->name);
-- 
1.7.4.4

