diff options
-rw-r--r-- | configure.ac | 4 | ||||
-rw-r--r-- | lib/libalpm/Makefile.am | 1 | ||||
-rw-r--r-- | lib/libalpm/alpm.h | 10 | ||||
-rw-r--r-- | lib/libalpm/error.c | 4 | ||||
-rw-r--r-- | lib/libalpm/signing.c | 219 | ||||
-rw-r--r-- | lib/libalpm/signing.h | 28 | ||||
-rw-r--r-- | lib/libalpm/sync.c | 36 |
7 files changed, 286 insertions, 16 deletions
diff --git a/configure.ac b/configure.ac index 45b0a4bb..defa3da1 100644 --- a/configure.ac +++ b/configure.ac @@ -161,6 +161,10 @@ AS_IF([test "x$with_curl" != "xno"], AC_MSG_RESULT(no)) AM_CONDITIONAL([HAVE_LIBCURL], [test "x$ac_cv_lib_curl_curl_easy_perform" = "xyes"]) +# Check for gpgme +AC_CHECK_LIB([gpgme], [gpgme_check_version], , + AC_MSG_ERROR([gpgme is needed to compile pacman!])) + # Checks for header files. AC_CHECK_HEADERS([fcntl.h glob.h libintl.h locale.h mntent.h string.h \ sys/ioctl.h sys/mount.h sys/param.h sys/statvfs.h \ diff --git a/lib/libalpm/Makefile.am b/lib/libalpm/Makefile.am index 7c411b2c..dc6d8516 100644 --- a/lib/libalpm/Makefile.am +++ b/lib/libalpm/Makefile.am @@ -43,6 +43,7 @@ libalpm_la_SOURCES = \ package.h package.c \ pkghash.h pkghash.c \ remove.h remove.c \ + signing.c signing.h \ sync.h sync.c \ trans.h trans.c \ util.h util.c \ diff --git a/lib/libalpm/alpm.h b/lib/libalpm/alpm.h index 1c8d232e..150730ce 100644 --- a/lib/libalpm/alpm.h +++ b/lib/libalpm/alpm.h @@ -246,6 +246,12 @@ off_t alpm_pkg_download_size(pmpkg_t *newpkg); alpm_list_t *alpm_pkg_unused_deltas(pmpkg_t *pkg); /* + * Signatures + */ + +int alpm_pkg_check_pgp_signature(pmpkg_t *pkg); + +/* * Deltas */ @@ -527,6 +533,7 @@ enum _pmerrno_t { PM_ERR_PKG_INVALID_ARCH, PM_ERR_PKG_REPO_NOT_FOUND, /* Signatures */ + PM_ERR_SIG_MISSINGDIR, PM_ERR_SIG_INVALID, PM_ERR_SIG_UNKNOWN, /* Deltas */ @@ -543,7 +550,8 @@ enum _pmerrno_t { /* External library errors */ PM_ERR_LIBARCHIVE, PM_ERR_LIBCURL, - PM_ERR_EXTERNAL_DOWNLOAD + PM_ERR_EXTERNAL_DOWNLOAD, + PM_ERR_GPGME }; extern enum _pmerrno_t pm_errno; diff --git a/lib/libalpm/error.c b/lib/libalpm/error.c index 71c058f6..4d4a065c 100644 --- a/lib/libalpm/error.c +++ b/lib/libalpm/error.c @@ -116,6 +116,8 @@ const char SYMEXPORT *alpm_strerror(int err) case PM_ERR_PKG_REPO_NOT_FOUND: return _("could not find repository for target"); /* Signatures */ + case PM_ERR_SIG_MISSINGDIR: + return _("signature directory not configured correctly"); case PM_ERR_SIG_INVALID: return _("invalid PGP signature"); case PM_ERR_SIG_UNKNOWN: @@ -152,6 +154,8 @@ const char SYMEXPORT *alpm_strerror(int err) /* obviously shouldn't get here... */ return _("download library error"); #endif + case PM_ERR_GPGME: + return _("gpgme error"); case PM_ERR_EXTERNAL_DOWNLOAD: return _("error invoking external downloader"); /* Unknown error! */ diff --git a/lib/libalpm/signing.c b/lib/libalpm/signing.c new file mode 100644 index 00000000..27855798 --- /dev/null +++ b/lib/libalpm/signing.c @@ -0,0 +1,219 @@ +/* + * signing.c + * + * Copyright (c) 2008-2011 Pacman Development Team <pacman-dev@archlinux.org> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +#include "config.h" + +#include <stdlib.h> +#include <stdio.h> +#include <string.h> +#include <locale.h> /* setlocale() */ +#include <gpgme.h> + +/* libalpm */ +#include "signing.h" +#include "package.h" +#include "util.h" +#include "log.h" +#include "alpm.h" + +#define CHECK_ERR(void) do { \ + if(err != GPG_ERR_NO_ERROR) { goto error; } \ + } while(0) + +static int gpgme_init(void) +{ + static int init = 0; + const char *version; + gpgme_error_t err; + gpgme_engine_info_t enginfo; + + ALPM_LOG_FUNC; + + if(init) { + /* we already successfully initialized the library */ + return 0; + } + + if(!alpm_option_get_signaturedir()) { + RET_ERR(PM_ERR_SIG_MISSINGDIR, 1); + } + + /* calling gpgme_check_version() returns the current version and runs + * some internal library setup code */ + version = gpgme_check_version(NULL); + _alpm_log(PM_LOG_DEBUG, "GPGME version: %s\n", version); + gpgme_set_locale(NULL, LC_CTYPE, setlocale(LC_CTYPE, NULL)); +#ifdef LC_MESSAGES + gpgme_set_locale(NULL, LC_MESSAGES, setlocale(LC_MESSAGES, NULL)); +#endif + /* NOTE: + * The GPGME library installs a SIGPIPE signal handler automatically if + * the default signal hander is in use. The only time we set a handler + * for SIGPIPE is in dload.c, and we reset it when we are done. Given that + * we do this, we can let GPGME do its automagic. However, if we install + * a library-wide SIGPIPE handler, we will have to be careful. + */ + + /* check for OpenPGP support (should be a no-brainer, but be safe) */ + err = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP); + CHECK_ERR(); + + /* set and check engine information */ + err = gpgme_set_engine_info(GPGME_PROTOCOL_OpenPGP, NULL, + alpm_option_get_signaturedir()); + CHECK_ERR(); + err = gpgme_get_engine_info(&enginfo); + CHECK_ERR(); + _alpm_log(PM_LOG_DEBUG, "GPGME engine info: file=%s, home=%s\n", + enginfo->file_name, enginfo->home_dir); + + init = 1; + return 0; + +error: + _alpm_log(PM_LOG_ERROR, _("GPGME error: %s\n"), gpgme_strerror(err)); + RET_ERR(PM_ERR_GPGME, 1); +} + +/** + * Check the PGP package signature for the given package file. + * @param pkgpath the full path to a package file + * @param sig PGP signature data in raw form (already decoded) + * @return a int value : 0 (valid), 1 (invalid), -1 (an error occured) + */ +int _alpm_gpgme_checksig(const char *pkgpath, const pmpgpsig_t *sig) +{ + int ret = 0; + gpgme_error_t err; + gpgme_ctx_t ctx; + gpgme_data_t pkgdata, sigdata; + gpgme_verify_result_t result; + gpgme_signature_t gpgsig; + FILE *pkgfile = NULL, *sigfile = NULL; + + ALPM_LOG_FUNC; + + if(!sig || !sig->rawdata) { + RET_ERR(PM_ERR_SIG_UNKNOWN, -1); + } + if(!pkgpath || access(pkgpath, R_OK) != 0) { + RET_ERR(PM_ERR_PKG_NOT_FOUND, -1); + } + if(gpgme_init()) { + /* pm_errno was set in gpgme_init() */ + return -1; + } + + _alpm_log(PM_LOG_DEBUG, "checking package signature for %s\n", pkgpath); + + memset(&ctx, 0, sizeof(ctx)); + memset(&sigdata, 0, sizeof(sigdata)); + memset(&pkgdata, 0, sizeof(pkgdata)); + + err = gpgme_new(&ctx); + CHECK_ERR(); + + /* create our necessary data objects to verify the signature */ + /* first the package itself */ + pkgfile = fopen(pkgpath, "rb"); + if(pkgfile == NULL) { + pm_errno = PM_ERR_PKG_OPEN; + ret = -1; + goto error; + } + err = gpgme_data_new_from_stream(&pkgdata, pkgfile); + CHECK_ERR(); + + /* next create data object for the signature */ + err = gpgme_data_new_from_mem(&sigdata, (char*)sig->rawdata, sig->rawlen, 0); + CHECK_ERR(); + + /* here's where the magic happens */ + err = gpgme_op_verify(ctx, sigdata, pkgdata, NULL); + CHECK_ERR(); + result = gpgme_op_verify_result(ctx); + gpgsig = result->signatures; + if (!gpgsig || gpgsig->next) { + _alpm_log(PM_LOG_ERROR, _("Unexpected number of signatures\n")); + ret = -1; + goto error; + } + fprintf(stdout, "\nsummary=%x\n", gpgsig->summary); + fprintf(stdout, "fpr=%s\n", gpgsig->fpr); + fprintf(stdout, "status=%d\n", gpgsig->status); + fprintf(stdout, "timestamp=%lu\n", gpgsig->timestamp); + fprintf(stdout, "wrong_key_usage=%u\n", gpgsig->wrong_key_usage); + fprintf(stdout, "pka_trust=%u\n", gpgsig->pka_trust); + fprintf(stdout, "chain_model=%u\n", gpgsig->chain_model); + fprintf(stdout, "validity=%d\n", gpgsig->validity); + fprintf(stdout, "validity_reason=%d\n", gpgsig->validity_reason); + fprintf(stdout, "key=%d\n", gpgsig->pubkey_algo); + fprintf(stdout, "hash=%d\n", gpgsig->hash_algo); + + if(gpgsig->summary & GPGME_SIGSUM_VALID) { + /* good signature, continue */ + } else if(gpgsig->summary & GPGME_SIGSUM_GREEN) { + /* 'green' signature, not sure what to do here */ + _alpm_log(PM_LOG_WARNING, _("Package %s has a green signature.\n"), + pkgpath); + } else if(gpgsig->summary & GPGME_SIGSUM_KEY_MISSING) { + pm_errno = PM_ERR_SIG_UNKNOWN; + _alpm_log(PM_LOG_WARNING, _("Package %s has a signature from an unknown key.\n"), + pkgpath); + ret = -1; + } else { + /* we'll capture everything else here */ + pm_errno = PM_ERR_SIG_INVALID; + _alpm_log(PM_LOG_ERROR, _("Package %s has an invalid signature.\n"), + pkgpath); + ret = 1; + } + +error: + gpgme_data_release(sigdata); + gpgme_data_release(pkgdata); + gpgme_release(ctx); + if(sigfile) { + fclose(sigfile); + } + if(pkgfile) { + fclose(pkgfile); + } + if(err != GPG_ERR_NO_ERROR) { + _alpm_log(PM_LOG_ERROR, _("GPGME error: %s\n"), gpgme_strerror(err)); + RET_ERR(PM_ERR_GPGME, -1); + } + return ret; +} + +/** + * Check the PGP package signature for the given package file. + * @param pkg the package to check + * @return a int value : 0 (valid), 1 (invalid), -1 (an error occured) + */ +int SYMEXPORT alpm_pkg_check_pgp_signature(pmpkg_t *pkg) +{ + ALPM_LOG_FUNC; + ASSERT(pkg != NULL, return 0); + + return _alpm_gpgme_checksig(alpm_pkg_get_filename(pkg), + alpm_pkg_get_pgpsig(pkg)); +} + +/* vim: set ts=2 sw=2 noet: */ diff --git a/lib/libalpm/signing.h b/lib/libalpm/signing.h new file mode 100644 index 00000000..bd12de42 --- /dev/null +++ b/lib/libalpm/signing.h @@ -0,0 +1,28 @@ +/* + * signing.h + * + * Copyright (c) 2008-2011 Pacman Development Team <pacman-dev@archlinux.org> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ +#ifndef _ALPM_SIGNING_H +#define _ALPM_SIGNING_H + +#include "alpm.h" + +int _alpm_gpgme_checksig(const char *pkgpath, const pmpgpsig_t *sig); + +#endif /* _ALPM_SIGNING_H */ + +/* vim: set ts=2 sw=2 noet: */ diff --git a/lib/libalpm/sync.c b/lib/libalpm/sync.c index e0a86706..5e7cf293 100644 --- a/lib/libalpm/sync.c +++ b/lib/libalpm/sync.c @@ -50,6 +50,7 @@ #include "delta.h" #include "remove.h" #include "diskspace.h" +#include "signing.h" /** Check for new version of pkg in sync repos * (only the first occurrence is considered in sync) @@ -665,32 +666,24 @@ static int apply_deltas(pmtrans_t *trans) * should be deleted. * * @param trans the transaction - * @param filename the filename of the file to test + * @param filename the absolute path of the file to test * @param md5sum the expected md5sum of the file * * @return 0 if the md5sum matched, 1 if not, -1 in case of errors */ -static int test_md5sum(pmtrans_t *trans, const char *filename, +static int test_md5sum(pmtrans_t *trans, const char *filepath, const char *md5sum) { - char *filepath; - int ret; - - filepath = _alpm_filecache_find(filename); - - ret = _alpm_test_md5sum(filepath, md5sum); - + int ret = _alpm_test_md5sum(filepath, md5sum); if(ret == 1) { int doremove = 0; - QUESTION(trans, PM_TRANS_CONV_CORRUPTED_PKG, (char *)filename, + QUESTION(trans, PM_TRANS_CONV_CORRUPTED_PKG, (char*)filepath, NULL, NULL, &doremove); if(doremove) { unlink(filepath); } } - FREE(filepath); - return ret; } @@ -800,12 +793,14 @@ int _alpm_sync_commit(pmtrans_t *trans, pmdb_t *db_local, alpm_list_t **data) for(i = deltas; i; i = i->next) { pmdelta_t *d = alpm_list_getdata(i); const char *filename = alpm_delta_get_filename(d); + char *filepath = _alpm_filecache_find(filename); const char *md5sum = alpm_delta_get_md5sum(d); - if(test_md5sum(trans, filename, md5sum) != 0) { + if(test_md5sum(trans, filepath, md5sum) != 0) { errors++; *data = alpm_list_add(*data, strdup(filename)); } + FREE(filepath); } if(errors) { pm_errno = PM_ERR_DLT_INVALID; @@ -829,6 +824,7 @@ int _alpm_sync_commit(pmtrans_t *trans, pmdb_t *db_local, alpm_list_t **data) EVENT(trans, PM_TRANS_EVT_INTEGRITY_START, NULL, NULL); errors = 0; + for(i = trans->add; i; i = i->next, current++) { pmpkg_t *spkg = i->data; int percent = (current * 100) / numtargs; @@ -839,17 +835,27 @@ int _alpm_sync_commit(pmtrans_t *trans, pmdb_t *db_local, alpm_list_t **data) numtargs, current); const char *filename = alpm_pkg_get_filename(spkg); + char *filepath = _alpm_filecache_find(filename); const char *md5sum = alpm_pkg_get_md5sum(spkg); + const pmpgpsig_t *pgpsig = alpm_pkg_get_pgpsig(spkg); - if(test_md5sum(trans, filename, md5sum) != 0) { + /* check md5sum first */ + if(test_md5sum(trans, filepath, md5sum) != 0) { errors++; *data = alpm_list_add(*data, strdup(filename)); + FREE(filepath); + continue; + } + /* check PGP signature next */ + if(_alpm_gpgme_checksig(filepath, pgpsig) != 0) { + errors++; + *data = alpm_list_add(*data, strdup(filename)); + FREE(filepath); continue; } /* load the package file and replace pkgcache entry with it in the target list */ /* TODO: alpm_pkg_get_db() will not work on this target anymore */ _alpm_log(PM_LOG_DEBUG, "replacing pkgcache entry with package file for target %s\n", spkg->name); - char *filepath = _alpm_filecache_find(filename); pmpkg_t *pkgfile; if(alpm_pkg_load(filepath, 1, &pkgfile) != 0) { _alpm_pkg_free(pkgfile); |