Fallback to detached signatures during keyring check

Pacman has a 'key in keyring' verification step that makes sure the signatures
have a valid keyid. Currently pacman parses embedded package signatures only.

Add a fallback to detached signatures. If embedded signature is missing then it
tries to read corresponding *.sig file and get keyid from there.

Verification:
  debug: found cached pkg: /var/cache/pacman/pkg/glib-networking-2.64.3-1-x86_64.pkg.tar.zst
  debug: found detached signature /var/cache/pacman/pkg/glib-networking-2.64.3-1-x86_64.pkg.tar.zst.sig with size 310
  debug: found signature key: A5E9288C4FA415FA
  debug: looking up key A5E9288C4FA415FA locally
  debug: key lookup success, key exists

Signed-off-by: Anatol Pomozov <anatol.pomozov@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>

1 files changed, 37 insertions, 0 deletions

diff --git a/lib/libalpm/util.c b/lib/libalpm/util.c
index 76728eb4..b70a8192 100644
--- a/lib/libalpm/util.c
+++ b/lib/libalpm/util.c
@@ -1489,3 +1489,40 @@ void _alpm_alloc_fail(size_t size)
 {
 	fprintf(stderr, "alloc failure: could not allocate %zu bytes\n", size);
 }
+
+/** This functions reads file content.
+ *
+ * Memory buffer is allocated by the callee function. It is responsibility
+ * of the caller to free the buffer.
+ *
+ * @param filepath filepath to read
+ * @param data pointer to output buffer
+ * @param data_len size of the output buffer
+ * @return error code for the operation
+ */
+alpm_errno_t _alpm_read_file(const char *filepath, unsigned char **data, size_t *data_len)
+{
+	struct stat st;
+	FILE *fp;
+
+	if((fp = fopen(filepath, "rb")) == NULL) {
+		return ALPM_ERR_NOT_A_FILE;
+	}
+
+	if(fstat(fileno(fp), &st) != 0) {
+		fclose(fp);
+		return ALPM_ERR_NOT_A_FILE;
+	}
+	*data_len = st.st_size;
+
+	MALLOC(*data, *data_len, fclose(fp); return ALPM_ERR_MEMORY);
+
+	if(fread(*data, *data_len, 1, fp) != 1) {
+		FREE(*data);
+		fclose(fp);
+		return ALPM_ERR_SYSTEM;
+	}
+
+	fclose(fp);
+	return ALPM_ERR_OK;
+}