[pacman-dev] [PATCH 4/6] Add --verify option for signature level

Dan McGee dpmcgee at gmail.com
Wed Jun 1 13:26:14 EDT 2011


On Sun, May 29, 2011 at 4:04 AM, Pang Yan Han <pangyanhan at gmail.com> wrote:
> The --verify option allows the user to change pacman's default signature
> verification level. It can take in one of "Always", "Optional" or "Verify".
>
> Signed-off-by: Pang Yan Han <pangyanhan at gmail.com>
> ---
> This is a reroll after Remy suggested that it's better to set the signature
> verification level supplied from the command line in setlibpaths().
Would you mind re-rolling again with docs? Both a usage string and
doc/ updates will be needed.

> A new field is introduced in struct config which stores what the user passes
> to the --verify option at the command line.
>
> Is it possible for us to change option_verifysig to compare to non-caps
> versions of "Always", "Optional" and "Never"?
As long as you don't break the requirements made in this commit way back when:
http://projects.archlinux.org/pacman.git/commit/?id=b3e6cf652c9e989badaf5499abb1d64c1a110927

Basically case insensitive compares don't always work as expected
across locales, so if you do this, it is probably best to explicitly
compare to "Always" and "always", "Optional" and "optional", etc.
Especially since "optional" contains the infamous "i" character.

>
>  src/pacman/conf.c   |   14 ++++++++++++++
>  src/pacman/conf.h   |    4 +++-
>  src/pacman/pacman.c |    4 ++++
>  3 files changed, 21 insertions(+), 1 deletions(-)
>
> diff --git a/src/pacman/conf.c b/src/pacman/conf.c
> index 370ec51..869c005 100644
> --- a/src/pacman/conf.c
> +++ b/src/pacman/conf.c
> @@ -68,6 +68,7 @@ int config_free(config_t *oldconfig)
>        free(oldconfig->rootdir);
>        free(oldconfig->dbpath);
>        free(oldconfig->logfile);
> +       free(oldconfig->sigverify);
>        free(oldconfig->xfercommand);
>        free(oldconfig->print_format);
>        free(oldconfig);
> @@ -474,6 +475,19 @@ static int setlibpaths(void)
>                }
>        }
>
> +       /* Set the signature verification level to what the user requested */
> +       if(config->sigverify) {
> +               pgp_verify_t verify = option_verifysig(config->sigverify);
> +               if (verify != PM_PGP_VERIFY_UNKNOWN) {
> +                       ret = alpm_option_set_default_sigverify(verify);
> +                       if(ret != 0) {
> +                               pm_printf(PM_LOG_ERROR, _("problem setting sigverify '%s' (%s)\n"),
> +                                               config->sigverify, alpm_strerrorlast());
> +                               return ret;
> +                       }
> +               }
> +       }
> +
>        /* add a default cachedir if one wasn't specified */
>        if(alpm_option_get_cachedirs() == NULL) {
>                alpm_option_add_cachedir(CACHEDIR);
> diff --git a/src/pacman/conf.h b/src/pacman/conf.h
> index 76c76cf..d08f83c 100644
> --- a/src/pacman/conf.h
> +++ b/src/pacman/conf.h
> @@ -41,6 +41,7 @@ typedef struct __config_t {
>        char *dbpath;
>        char *logfile;
>        char *gpgdir;
> +       char *sigverify;
>        /* TODO how to handle cachedirs? */
>
>        unsigned short op_q_isfile;
> @@ -111,7 +112,8 @@ enum {
>        OP_ASEXPLICIT,
>        OP_ARCH,
>        OP_PRINTFORMAT,
> -       OP_GPGDIR
> +       OP_GPGDIR,
> +       OP_VERIFY
>  };
>
>  /* clean method */
> diff --git a/src/pacman/pacman.c b/src/pacman/pacman.c
> index 8458c97..1e58890 100644
> --- a/src/pacman/pacman.c
> +++ b/src/pacman/pacman.c
> @@ -438,6 +438,9 @@ static int parsearg_global(int opt)
>                        config->logfile = strndup(optarg, PATH_MAX);
>                        break;
>                case OP_NOCONFIRM: config->noconfirm = 1; break;
> +               case OP_VERIFY:
> +                       config->sigverify = strdup(optarg);
> +                       break;
>                case 'b':
>                        check_optarg();
>                        config->dbpath = strdup(optarg);
> @@ -635,6 +638,7 @@ static int parseargs(int argc, char *argv[])
>                {"arch",       required_argument, 0, OP_ARCH},
>                {"print-format", required_argument, 0, OP_PRINTFORMAT},
>                {"gpgdir",     required_argument, 0, OP_GPGDIR},
> +               {"verify",     required_argument, 0, OP_VERIFY},
>                {0, 0, 0, 0}
>        };
>
> --
> 1.7.5.rc0.101.g3d23c
>
>
>


More information about the pacman-dev mailing list