Functions to check signatures More...

Collaboration diagram for Signature checking:

Data Structures
struct	alpm_pgpkey_t
	A PGP key. More...

struct	alpm_sigresult_t
	Signature result. More...

struct	alpm_siglist_t
	Signature list. More...

Enumerations
enum	alpm_siglevel_t { ALPM_SIG_PACKAGE = (1 << 0) , ALPM_SIG_PACKAGE_OPTIONAL = (1 << 1) , ALPM_SIG_PACKAGE_MARGINAL_OK = (1 << 2) , ALPM_SIG_PACKAGE_UNKNOWN_OK = (1 << 3) , ALPM_SIG_DATABASE = (1 << 10) , ALPM_SIG_DATABASE_OPTIONAL = (1 << 11) , ALPM_SIG_DATABASE_MARGINAL_OK = (1 << 12) , ALPM_SIG_DATABASE_UNKNOWN_OK = (1 << 13) , ALPM_SIG_USE_DEFAULT = (1 << 30) }
	PGP signature verification options. More...

enum	alpm_sigstatus_t { ALPM_SIGSTATUS_VALID , ALPM_SIGSTATUS_KEY_EXPIRED , ALPM_SIGSTATUS_SIG_EXPIRED , ALPM_SIGSTATUS_KEY_UNKNOWN , ALPM_SIGSTATUS_KEY_DISABLED , ALPM_SIGSTATUS_INVALID }
	PGP signature verification status return codes. More...

enum	alpm_sigvalidity_t { ALPM_SIGVALIDITY_FULL , ALPM_SIGVALIDITY_MARGINAL , ALPM_SIGVALIDITY_NEVER , ALPM_SIGVALIDITY_UNKNOWN }
	The trust level of a PGP key. More...

Functions
int	alpm_pkg_check_pgp_signature (alpm_pkg_t pkg, alpm_siglist_t siglist)
	Check the PGP signature for the given package file.

int	alpm_db_check_pgp_signature (alpm_db_t db, alpm_siglist_t siglist)
	Check the PGP signature for the given database.

int	alpm_siglist_cleanup (alpm_siglist_t *siglist)
	Clean up and free a signature result list.

int	alpm_decode_signature (const char base64_data, unsigned char data, size_t data_len)
	Decode a loaded signature in base64 form.

int	alpm_extract_keyid (alpm_handle_t handle, const char identifier, const unsigned char sig, const size_t len, alpm_list_t *keys)
	Extract the Issuer Key ID from a signature.

Detailed Description

Functions to check signatures

Data Structure Documentation

◆ alpm_pgpkey_t

struct alpm_pgpkey_t

A PGP key.

Data Fields
alpm_time_t	created	When the key was created.
void *	data	The actual key data.
char *	email	Email of the key's owner.
alpm_time_t	expires	When the key expires.
char *	fingerprint	The key's fingerprint.
unsigned int	length	The length of the key.
char *	name	Name of the key's owner.
char	pubkey_algo	A character representing the encryption algorithm used by the public key. ? = unknown R = RSA D = DSA E = EDDSA
unsigned int	revoked	has the key been revoked
char *	uid	UID of the key.

◆ alpm_sigresult_t

struct alpm_sigresult_t

Signature result.

Contains the key, status, and validity of a given signature.

Collaboration diagram for alpm_sigresult_t:

[legend]

Data Fields
alpm_pgpkey_t	key	The key of the signature.
alpm_sigstatus_t	status	The status of the signature.
alpm_sigvalidity_t	validity	The validity of the signature.

◆ alpm_siglist_t

struct alpm_siglist_t

Signature list.

Contains the number of signatures found and a pointer to an array of results. The array is of size count.

Collaboration diagram for alpm_siglist_t:

[legend]

Data Fields
size_t	count	The amount of results in the array.
alpm_sigresult_t *	results	An array of sigresults.

Enumeration Type Documentation

◆ alpm_siglevel_t

enum alpm_siglevel_t

PGP signature verification options.

Enumerator
ALPM_SIG_PACKAGE	Packages require a signature.
ALPM_SIG_PACKAGE_OPTIONAL	Packages do not require a signature, but check packages that do have signatures.
ALPM_SIG_PACKAGE_MARGINAL_OK
ALPM_SIG_PACKAGE_UNKNOWN_OK	Allow packages with signatures that are unknown trust.
ALPM_SIG_DATABASE	Databases require a signature.
ALPM_SIG_DATABASE_OPTIONAL	Databases do not require a signature, but check databases that do have signatures.
ALPM_SIG_DATABASE_MARGINAL_OK	Allow databases with signatures that are marginal trust.
ALPM_SIG_DATABASE_UNKNOWN_OK	Allow databases with signatures that are unknown trust.
ALPM_SIG_USE_DEFAULT	The Default siglevel.

◆ alpm_sigstatus_t

enum alpm_sigstatus_t

PGP signature verification status return codes.

Enumerator
ALPM_SIGSTATUS_VALID	Signature is valid.
ALPM_SIGSTATUS_KEY_EXPIRED	The key has expired.
ALPM_SIGSTATUS_SIG_EXPIRED	The signature has expired.
ALPM_SIGSTATUS_KEY_UNKNOWN	The key is not in the keyring.
ALPM_SIGSTATUS_KEY_DISABLED	The key has been disabled.
ALPM_SIGSTATUS_INVALID	The signature is invalid.

◆ alpm_sigvalidity_t

enum alpm_sigvalidity_t

The trust level of a PGP key.

Enumerator
ALPM_SIGVALIDITY_FULL	The signature is fully trusted.
ALPM_SIGVALIDITY_MARGINAL	The signature is marginally trusted.
ALPM_SIGVALIDITY_NEVER	The signature is never trusted.
ALPM_SIGVALIDITY_UNKNOWN	The signature has unknown trust.

Function Documentation

◆ alpm_db_check_pgp_signature()

int alpm_db_check_pgp_signature	(	alpm_db_t *	db,
		alpm_siglist_t *	siglist )

Check the PGP signature for the given database.

Parameters

db	the database to check
siglist	a pointer to storage for signature results

Returns: 0 if valid, -1 if an error occurred or signature is invalid

References ALPM_ERR_OK, ALPM_ERR_WRONG_ARGS, ASSERT, and RET_ERR.

◆ alpm_decode_signature()

int alpm_decode_signature	(	const char *	base64_data,
		unsigned char **	data,
		size_t *	data_len )

Decode a loaded signature in base64 form.

Parameters

base64_data	the signature to attempt to decode
data	the decoded data; must be freed by the caller
data_len	the length of the returned data

Returns: 0 on success, -1 on failure to properly decode

References base64_decode(), error, and MALLOC.

Referenced by alpm_pkg_get_sig().

◆ alpm_extract_keyid()

int alpm_extract_keyid	(	alpm_handle_t *	handle,
		const char *	identifier,
		const unsigned char *	sig,
		const size_t	len,
		alpm_list_t **	keys )

Extract the Issuer Key ID from a signature.

Parameters

handle	the context handle
identifier	the identifier of the key. This may be the name of the package or the path to the package.
sig	PGP signature
len	length of signature
keys	a pointer to storage for key IDs

Returns: 0 on success, -1 on error

References _, ALPM_LOG_ERROR, length_check(), and parse_subpacket().

Referenced by alpm_pkg_load(), and check_keyring().

◆ alpm_pkg_check_pgp_signature()

int alpm_pkg_check_pgp_signature	(	alpm_pkg_t *	pkg,
		alpm_siglist_t *	siglist )

Check the PGP signature for the given package file.

Parameters

pkg	the package to check
siglist	a pointer to storage for signature results

Returns: 0 if valid, -1 if an error occurred or signature is invalid

References ALPM_ERR_OK, ALPM_ERR_WRONG_ARGS, ASSERT, and RET_ERR.

◆ alpm_siglist_cleanup()

int alpm_siglist_cleanup ( alpm_siglist_t * siglist )

Clean up and free a signature result list.

Note that this does not free the siglist object itself in case that was allocated on the stack; this is the responsibility of the caller.

Parameters

siglist a pointer to storage for signature results

Returns: 0 on success, -1 on error

References ASSERT, alpm_siglist_t::count, alpm_pgpkey_t::data, alpm_pgpkey_t::fingerprint, alpm_sigresult_t::key, and alpm_siglist_t::results.

Referenced by check_validity(), and sync_db_validate().

Data Structures

Enumerations

Functions

Detailed Description

Data Structure Documentation

◆ alpm_pgpkey_t

◆ alpm_sigresult_t

◆ alpm_siglist_t

Enumeration Type Documentation

◆ alpm_siglevel_t

◆ alpm_sigstatus_t

◆ alpm_sigvalidity_t

Function Documentation

◆ alpm_db_check_pgp_signature()

◆ alpm_decode_signature()

◆ alpm_extract_keyid()

◆ alpm_pkg_check_pgp_signature()

◆ alpm_siglist_cleanup()