Send patches - preferably formatted by git format-patch - to patches at archlinux32 dot org.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDan McGee <dan@archlinux.org>2011-07-01 16:50:32 -0500
committerDan McGee <dan@archlinux.org>2011-07-05 10:13:20 -0500
commit07502f2d82393854f36f5c3ff608458e74fcb747 (patch)
tree24ec485afd9feceeebf326566b323a974a939cd1
parente8443b1685cc99cf3a46461e7a12c9b616fac44e (diff)
Allow frontend access to signature verification information
Show output in -Qip for each package signature, which includes the UID string from the key ("Joe User <joe@example.com>") and the validity of said key. Example output: Signatures : Valid signature from "Dan McGee <dpmcgee@gmail.com>" Unknown signature from "<Key Unknown>" Invalid signature from "Dan McGee <dpmcgee@gmail.com>" Also add a backend alpm_sigresult_cleanup() function since memory allocation took place on this object, and we need some way of freeing it. Signed-off-by: Dan McGee <dan@archlinux.org>
-rw-r--r--lib/libalpm/alpm.h2
-rw-r--r--lib/libalpm/signing.c22
-rw-r--r--src/pacman/package.c11
-rw-r--r--src/pacman/util.c48
-rw-r--r--src/pacman/util.h1
5 files changed, 81 insertions, 3 deletions
diff --git a/lib/libalpm/alpm.h b/lib/libalpm/alpm.h
index 049eae2f..c7cab043 100644
--- a/lib/libalpm/alpm.h
+++ b/lib/libalpm/alpm.h
@@ -745,6 +745,8 @@ int alpm_pkg_check_pgp_signature(alpm_pkg_t *pkg, alpm_sigresult_t *result);
int alpm_db_check_pgp_signature(alpm_db_t *db, alpm_sigresult_t *result);
+int alpm_sigresult_cleanup(alpm_sigresult_t *result);
+
/*
* Groups
*/
diff --git a/lib/libalpm/signing.c b/lib/libalpm/signing.c
index 49d075ef..cfa9a02c 100644
--- a/lib/libalpm/signing.c
+++ b/lib/libalpm/signing.c
@@ -310,6 +310,7 @@ int _alpm_gpgme_checksig(alpm_handle_t *handle, const char *path,
gpgsig = gpgsig->next, sigcount++) {
alpm_list_t *summary_list, *summary;
alpm_sigstatus_t status;
+ gpgme_key_t key;
_alpm_log(handle, ALPM_LOG_DEBUG, "fingerprint: %s\n", gpgsig->fpr);
summary_list = list_sigsum(gpgsig->summary);
@@ -449,8 +450,7 @@ int _alpm_check_pgp_helper(alpm_handle_t *handle, const char *path,
}
}
- free(result.status);
- free(result.uid);
+ alpm_sigresult_cleanup(&result);
return ret;
}
@@ -485,4 +485,22 @@ int SYMEXPORT alpm_db_check_pgp_signature(alpm_db_t *db,
return _alpm_gpgme_checksig(db->handle, _alpm_db_path(db), NULL, result);
}
+int SYMEXPORT alpm_sigresult_cleanup(alpm_sigresult_t *result)
+{
+ ASSERT(result != NULL, return -1);
+ /* Because it is likely result is on the stack, uid and status may have bogus
+ * values in the struct. Only look at them if count is greater than 0. */
+ if(result->count > 0) {
+ free(result->status);
+ if(result->uid) {
+ int i;
+ for(i = 0; i < result->count; i++) {
+ free(result->uid[i]);
+ }
+ free(result->uid);
+ }
+ }
+ return 0;
+}
+
/* vim: set ts=2 sw=2 noet: */
diff --git a/src/pacman/package.c b/src/pacman/package.c
index 5514f001..afbac6b7 100644
--- a/src/pacman/package.c
+++ b/src/pacman/package.c
@@ -136,6 +136,17 @@ void dump_pkg_full(alpm_pkg_t *pkg, enum pkg_from from, int extra)
if(from == PKG_FROM_SYNCDB) {
string_display(_("MD5 Sum :"), alpm_pkg_get_md5sum(pkg));
}
+ if(from == PKG_FROM_FILE) {
+ alpm_sigresult_t result;
+ int err = alpm_pkg_check_pgp_signature(pkg, &result);
+ if(err) {
+ string_display(_("Signatures :"),
+ alpm_strerror(alpm_errno(config->handle)));
+ } else {
+ signature_display(_("Signatures :"), &result);
+ }
+ alpm_sigresult_cleanup(&result);
+ }
string_display(_("Description :"), alpm_pkg_get_desc(pkg));
/* Print additional package info if info flag passed more than once */
diff --git a/src/pacman/util.c b/src/pacman/util.c
index 9ced7aad..28beaca3 100644
--- a/src/pacman/util.c
+++ b/src/pacman/util.c
@@ -613,7 +613,6 @@ void list_display(const char *title, const alpm_list_t *list)
void list_display_linebreak(const char *title, const alpm_list_t *list)
{
- const alpm_list_t *i;
int len = 0;
if(title) {
@@ -624,6 +623,7 @@ void list_display_linebreak(const char *title, const alpm_list_t *list)
if(!list) {
printf("%s\n", _("None"));
} else {
+ const alpm_list_t *i;
/* Print the first element */
indentprint((const char *) alpm_list_getdata(list), len);
printf("\n");
@@ -639,6 +639,52 @@ void list_display_linebreak(const char *title, const alpm_list_t *list)
}
}
+void signature_display(const char *title, alpm_sigresult_t *result)
+{
+ int len = 0;
+
+ if(title) {
+ len = string_length(title) + 1;
+ printf("%s ", title);
+ }
+ if(result->count == 0) {
+ printf(_("None"));
+ } else {
+ int i;
+ for(i = 0; i < result->count; i++) {
+ char sigline[PATH_MAX];
+ const char *validity, *name;
+ /* Don't re-indent the first result */
+ if(i != 0) {
+ int j;
+ for(j = 1; j <= len; j++) {
+ printf(" ");
+ }
+ }
+ switch(result->status[i]) {
+ case ALPM_SIGSTATUS_VALID:
+ validity = _("Valid signature");
+ break;
+ case ALPM_SIGSTATUS_MARGINAL:
+ validity = _("Marginal signature");
+ break;
+ case ALPM_SIGSTATUS_UNKNOWN:
+ validity = _("Unknown signature");
+ break;
+ case ALPM_SIGSTATUS_BAD:
+ validity = _("Invalid signature");
+ break;
+ default:
+ validity = _("Signature error");
+ }
+ name = result->uid[i] ? result->uid[i] : _("<Key Unknown>");
+ snprintf(sigline, PATH_MAX, _("%s from \"%s\""), validity, name);
+ indentprint(sigline, len);
+ printf("\n");
+ }
+ }
+}
+
/* creates a header row for use with table_display */
static alpm_list_t *create_verbose_header(int install)
{
diff --git a/src/pacman/util.h b/src/pacman/util.h
index 5d86dfda..a914d0c6 100644
--- a/src/pacman/util.h
+++ b/src/pacman/util.h
@@ -56,6 +56,7 @@ double humanize_size(off_t bytes, const char target_unit, int long_labels, const
int table_display(const char *title, const alpm_list_t *header, const alpm_list_t *rows);
void list_display(const char *title, const alpm_list_t *list);
void list_display_linebreak(const char *title, const alpm_list_t *list);
+void signature_display(const char *title, alpm_sigresult_t *result);
void display_targets(const alpm_list_t *pkgs, int install);
int str_cmp(const void *s1, const void *s2);
void display_new_optdepends(alpm_pkg_t *oldpkg, alpm_pkg_t *newpkg);