libalpm
Arch Linux Package Manager Library
Defines | Functions
signing.c File Reference
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <locale.h>
#include <gpgme.h>
#include "base64.h"
#include "signing.h"
#include "package.h"
#include "util.h"
#include "log.h"
#include "alpm.h"
#include "handle.h"
Include dependency graph for signing.c:

Go to the source code of this file.

Defines

#define CHECK_ERR(void)

Functions

int _alpm_gpgme_checksig (alpm_handle_t *handle, const char *path, const char *base64_sig, alpm_siglist_t *siglist)
 Check the PGP signature for the given file path.
char * _alpm_sigpath (alpm_handle_t *handle, const char *path)
 Form a signature path given a file path.
int _alpm_check_pgp_helper (alpm_handle_t *handle, const char *path, const char *base64_sig, int optional, int marginal, int unknown, alpm_siglist_t **sigdata)
 Helper for checking the PGP signature for the given file path.
int _alpm_process_siglist (alpm_handle_t *handle, const char *identifier, alpm_siglist_t *siglist, int optional, int marginal, int unknown)
 Examine a signature result list and take any appropriate or necessary actions.
int alpm_pkg_check_pgp_signature (alpm_pkg_t *pkg, alpm_siglist_t *siglist)
 Check the PGP signature for the given package file.
int alpm_db_check_pgp_signature (alpm_db_t *db, alpm_siglist_t *siglist)
 Check the PGP signature for the given database.
int alpm_siglist_cleanup (alpm_siglist_t *siglist)
 Clean up and free a signature result list.

Define Documentation

#define CHECK_ERR (   void)
Value:
do { \
        if(gpg_err_code(err) != GPG_ERR_NO_ERROR) { goto error; } \
    } while(0)

Definition at line 39 of file signing.c.

Referenced by _alpm_gpgme_checksig().


Function Documentation

int _alpm_check_pgp_helper ( alpm_handle_t handle,
const char *  path,
const char *  base64_sig,
int  optional,
int  marginal,
int  unknown,
alpm_siglist_t **  sigdata 
)

Helper for checking the PGP signature for the given file path.

This wraps _alpm_gpgme_checksig in a slightly friendlier manner to simplify handling of optional signatures and marginal/unknown trust levels and handling the correct error code return values.

Parameters:
handlethe context handle
paththe full path to a file
base64_sigoptional PGP signature data in base64 encoding
optionalwhether signatures are optional (e.g., missing OK)
marginalwhether signatures with marginal trust are acceptable
unknownwhether signatures with unknown trust are acceptable
sigdataa pointer to storage for signature results
Returns:
0 on success, -1 on error (consult pm_errno or sigdata)

Definition at line 672 of file signing.c.

References _alpm_gpgme_checksig(), _alpm_log(), ALPM_ERR_MEMORY, ALPM_ERR_SIG_MISSING, ALPM_LOG_DEBUG, alpm_siglist_cleanup(), ALPM_SIGSTATUS_INVALID, ALPM_SIGSTATUS_KEY_DISABLED, ALPM_SIGSTATUS_KEY_EXPIRED, ALPM_SIGSTATUS_KEY_UNKNOWN, ALPM_SIGSTATUS_SIG_EXPIRED, ALPM_SIGSTATUS_VALID, ALPM_SIGVALIDITY_FULL, ALPM_SIGVALIDITY_MARGINAL, ALPM_SIGVALIDITY_NEVER, ALPM_SIGVALIDITY_UNKNOWN, CALLOC, _alpm_siglist_t::count, __alpm_handle_t::pm_errno, _alpm_siglist_t::results, RET_ERR, _alpm_sigresult_t::status, and _alpm_sigresult_t::validity.

Referenced by _alpm_pkg_validate_internal().

Here is the call graph for this function:

Here is the caller graph for this function:

int _alpm_gpgme_checksig ( alpm_handle_t handle,
const char *  path,
const char *  base64_sig,
alpm_siglist_t siglist 
)

Check the PGP signature for the given file path.

If base64_sig is provided, it will be used as the signature data after decoding. If base64_sig is NULL, expect a signature file next to path (e.g. "%s.sig").

The return value will be 0 if nothing abnormal happened during the signature check, and -1 if an error occurred while checking signatures or if a signature could not be found; pm_errno will be set. Note that "abnormal" does not include a failed signature; the value in siglist should be checked to determine if the signature(s) are good.

Parameters:
handlethe context handle
paththe full path to a file
base64_sigoptional PGP signature data in base64 encoding
siglista pointer to storage for signature results
Returns:
0 in normal cases, -1 if the something failed in the check process

Definition at line 409 of file signing.c.

References _, _alpm_access(), _alpm_log(), _alpm_sigpath(), ALPM_ERR_GPGME, ALPM_ERR_MEMORY, ALPM_ERR_NOT_A_FILE, ALPM_ERR_SIG_INVALID, ALPM_ERR_SIG_MISSING, ALPM_ERR_WRONG_ARGS, alpm_list_free(), ALPM_LOG_DEBUG, ALPM_LOG_ERROR, ALPM_SIGSTATUS_INVALID, ALPM_SIGSTATUS_KEY_DISABLED, ALPM_SIGSTATUS_KEY_EXPIRED, ALPM_SIGSTATUS_KEY_UNKNOWN, ALPM_SIGSTATUS_SIG_EXPIRED, ALPM_SIGSTATUS_VALID, ALPM_SIGVALIDITY_FULL, ALPM_SIGVALIDITY_MARGINAL, ALPM_SIGVALIDITY_NEVER, ALPM_SIGVALIDITY_UNKNOWN, CALLOC, CHECK_ERR, _alpm_siglist_t::count, _alpm_pgpkey_t::created, __alpm_list_t::data, _alpm_pgpkey_t::data, _alpm_pgpkey_t::email, _alpm_pgpkey_t::expires, _alpm_pgpkey_t::fingerprint, FREE, _alpm_sigresult_t::key, _alpm_pgpkey_t::name, __alpm_list_t::next, __alpm_handle_t::pm_errno, _alpm_siglist_t::results, RET_ERR, _alpm_sigresult_t::status, STRDUP, _alpm_pgpkey_t::uid, and _alpm_sigresult_t::validity.

Referenced by _alpm_check_pgp_helper(), alpm_db_check_pgp_signature(), and alpm_pkg_check_pgp_signature().

Here is the call graph for this function:

Here is the caller graph for this function:

int _alpm_process_siglist ( alpm_handle_t handle,
const char *  identifier,
alpm_siglist_t siglist,
int  optional,
int  marginal,
int  unknown 
)

Examine a signature result list and take any appropriate or necessary actions.

This may include asking the user to import a key or simply printing helpful failure messages so the user can take action out of band.

Parameters:
handlethe context handle
identifiera friendly name for the signed resource; usually a database or package name
siglista pointer to storage for signature results
optionalwhether signatures are optional (e.g., missing OK)
marginalwhether signatures with marginal trust are acceptable
unknownwhether signatures with unknown trust are acceptable
Returns:
0 if all signatures are OK, -1 on errors, 1 if we should retry the validation process

Definition at line 759 of file signing.c.

References _, _alpm_access(), _alpm_log(), ALPM_LOG_DEBUG, ALPM_LOG_ERROR, ALPM_LOG_WARNING, ALPM_QUESTION_IMPORT_KEY, ALPM_SIGSTATUS_INVALID, ALPM_SIGSTATUS_KEY_DISABLED, ALPM_SIGSTATUS_KEY_EXPIRED, ALPM_SIGSTATUS_KEY_UNKNOWN, ALPM_SIGSTATUS_SIG_EXPIRED, ALPM_SIGSTATUS_VALID, ALPM_SIGVALIDITY_FULL, ALPM_SIGVALIDITY_MARGINAL, ALPM_SIGVALIDITY_NEVER, ALPM_SIGVALIDITY_UNKNOWN, _alpm_siglist_t::count, _alpm_pgpkey_t::data, _alpm_pgpkey_t::fingerprint, __alpm_handle_t::gpgdir, _alpm_sigresult_t::key, QUESTION, _alpm_siglist_t::results, _alpm_sigresult_t::status, _alpm_pgpkey_t::uid, and _alpm_sigresult_t::validity.

Here is the call graph for this function:

char* _alpm_sigpath ( alpm_handle_t handle,
const char *  path 
)

Form a signature path given a file path.

Caller must free the result.

Parameters:
handlethe context handle
paththe full path to a file
Returns:
the path with '.sig' appended, NULL on errors

Definition at line 644 of file signing.c.

References ALPM_ERR_MEMORY, CALLOC, and RET_ERR.

Referenced by _alpm_gpgme_checksig(), _alpm_pkg_validate_internal(), and alpm_db_update().

Here is the caller graph for this function: