Send patches - preferably formatted by git format-patch - to patches at archlinux32 dot org.
summaryrefslogtreecommitdiff
path: root/lib/libalpm/sync.c
diff options
context:
space:
mode:
authorAnatol Pomozov <anatol.pomozov@gmail.com>2020-05-26 19:12:08 -0700
committerAllan McRae <allan@archlinux.org>2020-07-07 21:38:13 +1000
commitb01bcc7d3d680856bd60c4ae03e4ba3f6d889cb2 (patch)
tree847eebcbde07999814ee3137f6d2f4ec11a0a11c /lib/libalpm/sync.c
parentf3dfba73d22b7eca3810a8114f2aab63da488b4c (diff)
Fallback to detached signatures during keyring check
Pacman has a 'key in keyring' verification step that makes sure the signatures have a valid keyid. Currently pacman parses embedded package signatures only. Add a fallback to detached signatures. If embedded signature is missing then it tries to read corresponding *.sig file and get keyid from there. Verification: debug: found cached pkg: /var/cache/pacman/pkg/glib-networking-2.64.3-1-x86_64.pkg.tar.zst debug: found detached signature /var/cache/pacman/pkg/glib-networking-2.64.3-1-x86_64.pkg.tar.zst.sig with size 310 debug: found signature key: A5E9288C4FA415FA debug: looking up key A5E9288C4FA415FA locally debug: key lookup success, key exists Signed-off-by: Anatol Pomozov <anatol.pomozov@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
Diffstat (limited to 'lib/libalpm/sync.c')
-rw-r--r--lib/libalpm/sync.c18
1 files changed, 9 insertions, 9 deletions
diff --git a/lib/libalpm/sync.c b/lib/libalpm/sync.c
index 8c01ad95..9350793a 100644
--- a/lib/libalpm/sync.c
+++ b/lib/libalpm/sync.c
@@ -880,18 +880,18 @@ static int check_keyring(alpm_handle_t *handle)
}
level = alpm_db_get_siglevel(alpm_pkg_get_db(pkg));
- if((level & ALPM_SIG_PACKAGE) && pkg->base64_sig) {
- unsigned char *decoded_sigdata = NULL;
- size_t data_len;
- int decode_ret = alpm_decode_signature(pkg->base64_sig,
- &decoded_sigdata, &data_len);
- if(decode_ret == 0) {
+ if((level & ALPM_SIG_PACKAGE)) {
+ unsigned char *sig = NULL;
+ size_t sig_len;
+ int ret = alpm_pkg_get_sig(pkg, &sig, &sig_len);
+ if(ret == 0) {
alpm_list_t *keys = NULL;
- if(alpm_extract_keyid(handle, pkg->name, decoded_sigdata,
- data_len, &keys) == 0) {
+ if(alpm_extract_keyid(handle, pkg->name, sig,
+ sig_len, &keys) == 0) {
alpm_list_t *k;
for(k = keys; k; k = k->next) {
char *key = k->data;
+ _alpm_log(handle, ALPM_LOG_DEBUG, "found signature key: %s\n", key);
if(!alpm_list_find(errors, key, key_cmp) &&
_alpm_key_in_keychain(handle, key) == 0) {
keyinfo = malloc(sizeof(struct keyinfo_t));
@@ -905,8 +905,8 @@ static int check_keyring(alpm_handle_t *handle)
}
FREELIST(keys);
}
- free(decoded_sigdata);
}
+ free(sig);
}
}

Copyright © 2002-2022 Judd Vinet and Aaron Griffin. Copyright © 2022 Erich Eckner.
The Arch Linux name and logo are recognized trademarks. Some rights reserved. The registered trademark Linux® is used pursuant to a sublicense from LMI, the exclusive licensee of Linus Torvalds, owner of the mark on a world-wide basis.