summaryrefslogtreecommitdiff
path: root/lib/libalpm
diff options
context:
space:
mode:
Diffstat (limited to 'lib/libalpm')
-rw-r--r--lib/libalpm/alpm.h9
-rw-r--r--lib/libalpm/db.c18
-rw-r--r--lib/libalpm/db.h1
-rw-r--r--lib/libalpm/signing.c2
-rw-r--r--lib/libalpm/sync.c19
5 files changed, 44 insertions, 5 deletions
diff --git a/lib/libalpm/alpm.h b/lib/libalpm/alpm.h
index 150730ce..276d49cb 100644
--- a/lib/libalpm/alpm.h
+++ b/lib/libalpm/alpm.h
@@ -251,6 +251,15 @@ alpm_list_t *alpm_pkg_unused_deltas(pmpkg_t *pkg);
int alpm_pkg_check_pgp_signature(pmpkg_t *pkg);
+/* GPG signature verification option */
+typedef enum _pgp_verify_t {
+ PM_PGP_VERIFY_ALWAYS,
+ PM_PGP_VERIFY_OPTIONAL,
+ PM_PGP_VERIFY_NEVER
+} pgp_verify_t;
+
+int alpm_db_set_pgp_verify(pmdb_t *db, pgp_verify_t verify);
+
/*
* Deltas
*/
diff --git a/lib/libalpm/db.c b/lib/libalpm/db.c
index cb575c8a..f61ea918 100644
--- a/lib/libalpm/db.c
+++ b/lib/libalpm/db.c
@@ -181,6 +181,24 @@ int SYMEXPORT alpm_db_setserver(pmdb_t *db, const char *url)
return 0;
}
+/** Set the verify gpg signature option for a database.
+ * @param db database pointer
+ * @param verify enum pgp_verify_t
+ * @return 0 on success, -1 on error (pm_errno is set accordingly)
+ */
+int SYMEXPORT alpm_db_set_pgp_verify(pmdb_t *db, pgp_verify_t verify)
+{
+ ALPM_LOG_FUNC;
+
+ /* Sanity checks */
+ ASSERT(db != NULL, RET_ERR(PM_ERR_DB_NULL, -1));
+
+ db->pgp_verify = verify;
+ _alpm_log(PM_LOG_DEBUG, "adding VerifySig option to database '%s': %d\n",
+ db->treename, verify);
+
+ return(0);
+}
/** Get the name of a package database
* @param db pointer to the package database
diff --git a/lib/libalpm/db.h b/lib/libalpm/db.h
index 75776d71..dfd9f933 100644
--- a/lib/libalpm/db.h
+++ b/lib/libalpm/db.h
@@ -60,6 +60,7 @@ struct __pmdb_t {
pmpkghash_t *pkgcache;
alpm_list_t *grpcache;
alpm_list_t *servers;
+ pgp_verify_t pgp_verify;
struct db_operations *ops;
};
diff --git a/lib/libalpm/signing.c b/lib/libalpm/signing.c
index 27855798..08e9b297 100644
--- a/lib/libalpm/signing.c
+++ b/lib/libalpm/signing.c
@@ -168,6 +168,8 @@ int _alpm_gpgme_checksig(const char *pkgpath, const pmpgpsig_t *sig)
if(gpgsig->summary & GPGME_SIGSUM_VALID) {
/* good signature, continue */
+ _alpm_log(PM_LOG_DEBUG, _("Package %s has a valid signature.\n"),
+ pkgpath);
} else if(gpgsig->summary & GPGME_SIGSUM_GREEN) {
/* 'green' signature, not sure what to do here */
_alpm_log(PM_LOG_WARNING, _("Package %s has a green signature.\n"),
diff --git a/lib/libalpm/sync.c b/lib/libalpm/sync.c
index 5e7cf293..5428e40b 100644
--- a/lib/libalpm/sync.c
+++ b/lib/libalpm/sync.c
@@ -847,11 +847,17 @@ int _alpm_sync_commit(pmtrans_t *trans, pmdb_t *db_local, alpm_list_t **data)
continue;
}
/* check PGP signature next */
- if(_alpm_gpgme_checksig(filepath, pgpsig) != 0) {
- errors++;
- *data = alpm_list_add(*data, strdup(filename));
- FREE(filepath);
- continue;
+ pmdb_t *sdb = alpm_pkg_get_db(spkg);
+
+ if(sdb->pgp_verify != PM_PGP_VERIFY_NEVER) {
+ int ret = _alpm_gpgme_checksig(filepath, pgpsig);
+ if((sdb->pgp_verify == PM_PGP_VERIFY_ALWAYS && ret != 0) ||
+ (sdb->pgp_verify == PM_PGP_VERIFY_OPTIONAL && ret == 1)) {
+ errors++;
+ *data = alpm_list_add(*data, strdup(filename));
+ FREE(filepath);
+ continue;
+ }
}
/* load the package file and replace pkgcache entry with it in the target list */
/* TODO: alpm_pkg_get_db() will not work on this target anymore */
@@ -869,9 +875,12 @@ int _alpm_sync_commit(pmtrans_t *trans, pmdb_t *db_local, alpm_list_t **data)
i->data = pkgfile;
_alpm_pkg_free_trans(spkg); /* spkg has been removed from the target list */
}
+
PROGRESS(trans, PM_TRANS_PROGRESS_INTEGRITY_START, "", 100,
numtargs, current);
EVENT(trans, PM_TRANS_EVT_INTEGRITY_DONE, NULL, NULL);
+
+
if(errors) {
pm_errno = PM_ERR_PKG_INVALID;
goto error;