[pacman-dev] [PATCH 4/6] Add --verify option for signature level

Sun May 29 05:04:07 EDT 2011

The --verify option allows the user to change pacman's default signature
verification level. It can take in one of "Always", "Optional" or "Verify".

Signed-off-by: Pang Yan Han <pangyanhan at gmail.com>
---
This is a reroll after Remy suggested that it's better to set the signature
verification level supplied from the command line in setlibpaths().

A new field is introduced in struct config which stores what the user passes
to the --verify option at the command line.

Is it possible for us to change option_verifysig to compare to non-caps
versions of "Always", "Optional" and "Never"?

 src/pacman/conf.c   |   14 ++++++++++++++
 src/pacman/conf.h   |    4 +++-
 src/pacman/pacman.c |    4 ++++
 3 files changed, 21 insertions(+), 1 deletions(-)

diff --git a/src/pacman/conf.c b/src/pacman/conf.c
index 370ec51..869c005 100644
--- a/src/pacman/conf.c
+++ b/src/pacman/conf.c
@@ -68,6 +68,7 @@ int config_free(config_t *oldconfig)
 	free(oldconfig->rootdir);
 	free(oldconfig->dbpath);
 	free(oldconfig->logfile);
+	free(oldconfig->sigverify);
 	free(oldconfig->xfercommand);
 	free(oldconfig->print_format);
 	free(oldconfig);
@@ -474,6 +475,19 @@ static int setlibpaths(void)
 		}
 	}
 
+	/* Set the signature verification level to what the user requested */
+	if(config->sigverify) {
+		pgp_verify_t verify = option_verifysig(config->sigverify);
+		if (verify != PM_PGP_VERIFY_UNKNOWN) {
+			ret = alpm_option_set_default_sigverify(verify);
+			if(ret != 0) {
+				pm_printf(PM_LOG_ERROR, _("problem setting sigverify '%s' (%s)\n"),
+						config->sigverify, alpm_strerrorlast());
+				return ret;
+			}
+		}
+	}
+
 	/* add a default cachedir if one wasn't specified */
 	if(alpm_option_get_cachedirs() == NULL) {
 		alpm_option_add_cachedir(CACHEDIR);
diff --git a/src/pacman/conf.h b/src/pacman/conf.h
index 76c76cf..d08f83c 100644
--- a/src/pacman/conf.h
+++ b/src/pacman/conf.h
@@ -41,6 +41,7 @@ typedef struct __config_t {
 	char *dbpath;
 	char *logfile;
 	char *gpgdir;
+	char *sigverify;
 	/* TODO how to handle cachedirs? */
 
 	unsigned short op_q_isfile;
@@ -111,7 +112,8 @@ enum {
 	OP_ASEXPLICIT,
 	OP_ARCH,
 	OP_PRINTFORMAT,
-	OP_GPGDIR
+	OP_GPGDIR,
+	OP_VERIFY
 };
 
 /* clean method */
diff --git a/src/pacman/pacman.c b/src/pacman/pacman.c
index 8458c97..1e58890 100644
--- a/src/pacman/pacman.c
+++ b/src/pacman/pacman.c
@@ -438,6 +438,9 @@ static int parsearg_global(int opt)
 			config->logfile = strndup(optarg, PATH_MAX);
 			break;
 		case OP_NOCONFIRM: config->noconfirm = 1; break;
+		case OP_VERIFY:
+			config->sigverify = strdup(optarg);
+			break;
 		case 'b':
 			check_optarg();
 			config->dbpath = strdup(optarg);
@@ -635,6 +638,7 @@ static int parseargs(int argc, char *argv[])
 		{"arch",       required_argument, 0, OP_ARCH},
 		{"print-format", required_argument, 0, OP_PRINTFORMAT},
 		{"gpgdir",     required_argument, 0, OP_GPGDIR},
+		{"verify",     required_argument, 0, OP_VERIFY},
 		{0, 0, 0, 0}
 	};
 
-- 
1.7.5.rc0.101.g3d23c

