Search for PGP subkeys in a keyserver-acceptable way

PGP keyservers are pieces of sh** when it comes to searching for subkeys, and only allow it if you submit an 8-character fingerprint rather than the recommended and less chance of collision 16-character fingerprint. Add a second remote lookup for the 8-character version of a key ID if we don't find anything the first time we look up the key. This fixes FS#27612 and the deficiency has been sent upstream to the GnuPG users mailing list as well. Signed-off-by: Dan McGee <dan@archlinux.org>
author: Dan McGee <dan@archlinux.org> 2012-01-05 16:34:51 -0600
committer: Dan McGee <dan@archlinux.org> 2012-01-05 16:34:51 -0600
commit: def9e45affaf5212cd10b71a55f0b668f2e73ee4 (patch)
tree: 2655de030e8d6159efd1c6c30bc112cd20e51320 /lib/libalpm/signing.c
parent: f1d9b0a74a9e38dc9e6153eac76f4c2482fd24aa (diff)
1 files changed, 21 insertions, 5 deletions
diff --git a/lib/libalpm/signing.c b/lib/libalpm/signing.c
index 92f34b56..1a53deaa 100644
--- a/lib/libalpm/signing.c
+++ b/lib/libalpm/signing.c
@@ -251,10 +251,24 @@ static int key_search(alpm_handle_t *handle, const char *fpr,
 	err = gpgme_get_key(ctx, fpr, &key, 0);
 	if(gpg_err_code(err) == GPG_ERR_EOF) {
 		_alpm_log(handle, ALPM_LOG_DEBUG, "key lookup failed, unknown key\n");
-		ret = 0;
-		goto error;
-	} else if(gpg_err_code(err) != GPG_ERR_NO_ERROR) {
-		_alpm_log(handle, ALPM_LOG_DEBUG, "gpg error: %s\n", gpgme_strerror(err));
+		/* Try an alternate lookup using the 8 character fingerprint value, since
+		 * busted-ass keyservers can't support lookups using subkeys with the full
+		 * value as of now. This is why 2012 is not the year of PGP encryption. */
+		if(strlen(fpr) > 8) {
+			const char *short_fpr = fpr + strlen(fpr) - 8;
+			_alpm_log(handle, ALPM_LOG_DEBUG,
+					"looking up key %s remotely\n", short_fpr);
+			err = gpgme_get_key(ctx, short_fpr, &key, 0);
+			if(gpg_err_code(err) == GPG_ERR_EOF) {
+				_alpm_log(handle, ALPM_LOG_DEBUG, "key lookup failed, unknown key\n");
+				ret = 0;
+			}
+		} else {
+			ret = 0;
+		}
+	}
+
+	if(gpg_err_code(err) != GPG_ERR_NO_ERROR) {
 		goto error;
 	}
 
@@ -270,9 +284,11 @@ static int key_search(alpm_handle_t *handle, const char *fpr,
 	pgpkey->email = key->uids->email;
 	pgpkey->created = key->subkeys->timestamp;
 	pgpkey->expires = key->subkeys->expires;
-	ret = 1;
+	gpgme_release(ctx);
+	return 1;
 
 error:
+	_alpm_log(handle, ALPM_LOG_DEBUG, "gpg error: %s\n", gpgme_strerror(err));
 	gpgme_release(ctx);
 	return ret;
 }
author	Dan McGee <dan@archlinux.org>	2012-01-05 16:34:51 -0600
committer	Dan McGee <dan@archlinux.org>	2012-01-05 16:34:51 -0600
commit	def9e45affaf5212cd10b71a55f0b668f2e73ee4 (patch)
tree	2655de030e8d6159efd1c6c30bc112cd20e51320 /lib/libalpm/signing.c
parent	f1d9b0a74a9e38dc9e6153eac76f4c2482fd24aa (diff)