[pacman-dev] [PATCH 8/8 v2] Import key if needed when installing package from file

[Allan McRae]

When installing a package with "pacman -U" that has a detached
signature, check if the needed key is in the keyring and download
if necessary.

Signed-off-by: Allan McRae <allan at archlinux.org>
---
 lib/libalpm/be_package.c | 66 ++++++++++++++++++++++++++++++++++++++++++++++++
 lib/libalpm/signing.c    |  5 ++++
 2 files changed, 71 insertions(+)

diff --git a/lib/libalpm/be_package.c b/lib/libalpm/be_package.c
index 8c5b2d1..d088820 100644
--- a/lib/libalpm/be_package.c
+++ b/lib/libalpm/be_package.c
@@ -511,6 +511,34 @@ error:
 	return NULL;
 }
 
+static int read_sigfile(const char *sigpath, unsigned char **sig)
+{
+	struct stat st;
+	FILE *fp;
+
+	if(stat(sigpath, &st) != 0) {
+		return -1;
+	}
+
+	*sig = malloc(st.st_size);
+	if(!(*sig)) {
+		return -1;
+	}
+
+	if((fp = fopen(sigpath, "rb")) == NULL) {
+		free(*sig);
+		return -1;
+	}
+
+	if(fread(*sig, st.st_size, 1, fp) != 1) {
+		free(*sig);
+		fclose(fp);
+		return -1;
+	}
+
+	return st.st_size;
+}
+
 int SYMEXPORT alpm_pkg_load(alpm_handle_t *handle, const char *filename, int full,
 		alpm_siglevel_t level, alpm_pkg_t **pkg)
 {
@@ -519,6 +547,44 @@ int SYMEXPORT alpm_pkg_load(alpm_handle_t *handle, const char *filename, int ful
 	CHECK_HANDLE(handle, return -1);
 	ASSERT(pkg != NULL, RET_ERR(handle, ALPM_ERR_WRONG_ARGS, -1));
 
+	char *sigpath = _alpm_sigpath(handle, filename);
+	if(sigpath && !_alpm_access(handle, NULL, sigpath, R_OK)) {
+		if(level & ALPM_SIG_PACKAGE) {
+			alpm_list_t *keys = NULL;
+			int fail = 0;
+			unsigned char *sig = NULL;
+
+			int len = read_sigfile(sigpath, &sig);
+			if(len == -1) {
+				_alpm_log(handle, ALPM_LOG_ERROR,
+					_("failed to read signature file: %s\n"), sigpath);
+				free(sigpath);
+				return -1;
+			}
+
+			if(_alpm_extract_keyid(handle, filename, sig, len, &keys) == 0) {
+				alpm_list_t *k;
+				for(k = keys; k; k = k->next) {
+					char *key = k->data;
+					if(_alpm_key_in_keychain(handle, key) == 0) {
+						if(_alpm_key_import(handle, key) == -1) {
+							fail = 1;
+						}
+					}
+				}
+				FREELIST(keys);
+			}
+
+			free(sig);
+
+			if(fail) {
+				_alpm_log(handle, ALPM_LOG_ERROR, _("required key missing from keyring\n"));
+				return -1;
+			}
+		}
+	}
+	free(sigpath);
+
 	if(_alpm_pkg_validate_internal(handle, filename, NULL, level, NULL,
 				&validation) == -1) {
 		/* pm_errno is set by pkg_validate */
diff --git a/lib/libalpm/signing.c b/lib/libalpm/signing.c
index 4e59e0a..8d70b61 100644
--- a/lib/libalpm/signing.c
+++ b/lib/libalpm/signing.c
@@ -192,6 +192,11 @@ int _alpm_key_in_keychain(alpm_handle_t *handle, const char *fpr)
 	gpgme_key_t key;
 	int ret = -1;
 
+	if(init_gpgme(handle)) {
+		/* pm_errno was set in gpgme_init() */
+		goto error;
+	}
+
 	memset(&ctx, 0, sizeof(ctx));
 	err = gpgme_new(&ctx);
 	CHECK_ERR();
-- 
1.8.0