signing: move to new signing verification and return scheme

This gives us more granularity than the former Never/Optional/Always
trifecta. The frontend still uses these values temporarily but that will
be changed in a future patch.

* Use 'siglevel' consistenly in method names, 'level' as variable name
* The level becomes an enum bitmask value for flexibility
* Signature check methods now return a array of status codes rather than
  a simple integer success/failure value. This allows callers to
  determine whether things such as an unknown signature are valid.
* Specific signature error codes mostly disappear in favor of the above
  returned status code; pm_errno is now set only to PKG_INVALID_SIG or
  DB_INVALID_SIG as appropriate.

Signed-off-by: Dan McGee <dan@archlinux.org>

4 files changed, 8 insertions, 4 deletions

diff --git a/src/util/cleanupdelta.c b/src/util/cleanupdelta.c
index 08d8a557..a45efdcc 100644
--- a/src/util/cleanupdelta.c
+++ b/src/util/cleanupdelta.c
@@ -71,11 +71,12 @@ static void checkdbs(const char *dbpath, alpm_list_t *dbnames) {
 	char syncdbpath[PATH_MAX];
 	alpm_db_t *db = NULL;
 	alpm_list_t *i;
+	const alpm_siglevel_t level = ALPM_SIG_DATABASE | ALPM_SIG_DATABASE_OPTIONAL;
 
 	for(i = dbnames; i; i = alpm_list_next(i)) {
 		char *dbname = alpm_list_getdata(i);
 		snprintf(syncdbpath, PATH_MAX, "%s/sync/%s", dbpath, dbname);
-		db = alpm_db_register_sync(handle, dbname, PM_PGP_VERIFY_OPTIONAL);
+		db = alpm_db_register_sync(handle, dbname, level);
 		if(db == NULL) {
 			fprintf(stderr, "error: could not register sync database (%s)\n",
 					alpm_strerror(alpm_errno(handle)));
diff --git a/src/util/pactree.c b/src/util/pactree.c
index 7b87ac13..9b678631 100644
--- a/src/util/pactree.c
+++ b/src/util/pactree.c
@@ -124,6 +124,7 @@ static int register_syncs(void) {
 	FILE *fp;
 	char *ptr, *section = NULL;
 	char line[LINE_MAX];
+	const alpm_siglevel_t level = ALPM_SIG_DATABASE | ALPM_SIG_DATABASE_OPTIONAL;
 
 	fp = fopen(CONFFILE, "r");
 	if(!fp) {
@@ -147,7 +148,7 @@ static int register_syncs(void) {
 			section = strndup(&line[1], strlen(line) - 2);
 
 			if(section && strcmp(section, "options") != 0) {
-				alpm_db_register_sync(handle, section, PM_PGP_VERIFY_OPTIONAL);
+				alpm_db_register_sync(handle, section, level);
 			}
 		}
 	}
diff --git a/src/util/testdb.c b/src/util/testdb.c
index 642890b6..ee169df2 100644
--- a/src/util/testdb.c
+++ b/src/util/testdb.c
@@ -148,10 +148,11 @@ static int check_syncdbs(alpm_list_t *dbnames) {
 	int ret = 0;
 	alpm_db_t *db = NULL;
 	alpm_list_t *i, *pkglist, *syncpkglist = NULL;
+	const alpm_siglevel_t level = ALPM_SIG_DATABASE | ALPM_SIG_DATABASE_OPTIONAL;
 
 	for(i = dbnames; i; i = alpm_list_next(i)) {
 		char *dbname = alpm_list_getdata(i);
-		db = alpm_db_register_sync(handle, dbname, PM_PGP_VERIFY_OPTIONAL);
+		db = alpm_db_register_sync(handle, dbname, level);
 		if(db == NULL) {
 			fprintf(stderr, "error: could not register sync database (%s)\n",
 					alpm_strerror(alpm_errno(handle)));
diff --git a/src/util/testpkg.c b/src/util/testpkg.c
index 03234ed5..ac2dde28 100644
--- a/src/util/testpkg.c
+++ b/src/util/testpkg.c
@@ -43,6 +43,7 @@ int main(int argc, char *argv[])
 	alpm_handle_t *handle;
 	enum _alpm_errno_t err;
 	alpm_pkg_t *pkg = NULL;
+	const alpm_siglevel_t level = ALPM_SIG_PACKAGE | ALPM_SIG_PACKAGE_OPTIONAL;
 
 	if(argc != 2) {
 		fprintf(stderr, "usage: %s <package file>\n", BASENAME);
@@ -58,7 +59,7 @@ int main(int argc, char *argv[])
 	/* let us get log messages from libalpm */
 	alpm_option_set_logcb(handle, output_cb);
 
-	if(alpm_pkg_load(handle, argv[1], 1, PM_PGP_VERIFY_OPTIONAL, &pkg) == -1
+	if(alpm_pkg_load(handle, argv[1], 1, level, &pkg) == -1
 			|| pkg == NULL) {
 		err = alpm_errno(handle);
 		switch(err) {