Send patches - preferably formatted by git format-patch - to patches at archlinux32 dot org.
summaryrefslogtreecommitdiff
path: root/lib/libalpm/package.c
diff options
context:
space:
mode:
authorAnatol Pomozov <anatol.pomozov@gmail.com>2020-05-26 19:12:08 -0700
committerAllan McRae <allan@archlinux.org>2020-07-07 21:38:13 +1000
commitb01bcc7d3d680856bd60c4ae03e4ba3f6d889cb2 (patch)
tree847eebcbde07999814ee3137f6d2f4ec11a0a11c /lib/libalpm/package.c
parentf3dfba73d22b7eca3810a8114f2aab63da488b4c (diff)
Fallback to detached signatures during keyring check
Pacman has a 'key in keyring' verification step that makes sure the signatures have a valid keyid. Currently pacman parses embedded package signatures only. Add a fallback to detached signatures. If embedded signature is missing then it tries to read corresponding *.sig file and get keyid from there. Verification: debug: found cached pkg: /var/cache/pacman/pkg/glib-networking-2.64.3-1-x86_64.pkg.tar.zst debug: found detached signature /var/cache/pacman/pkg/glib-networking-2.64.3-1-x86_64.pkg.tar.zst.sig with size 310 debug: found signature key: A5E9288C4FA415FA debug: looking up key A5E9288C4FA415FA locally debug: key lookup success, key exists Signed-off-by: Anatol Pomozov <anatol.pomozov@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
Diffstat (limited to 'lib/libalpm/package.c')
-rw-r--r--lib/libalpm/package.c40
1 files changed, 40 insertions, 0 deletions
diff --git a/lib/libalpm/package.c b/lib/libalpm/package.c
index 5c5fa073..0885b27b 100644
--- a/lib/libalpm/package.c
+++ b/lib/libalpm/package.c
@@ -268,6 +268,46 @@ const char SYMEXPORT *alpm_pkg_get_base64_sig(alpm_pkg_t *pkg)
return pkg->base64_sig;
}
+int SYMEXPORT alpm_pkg_get_sig(alpm_pkg_t *pkg, unsigned char **sig, size_t *sig_len)
+{
+ if(pkg != NULL) {
+ RET_ERR(pkg->handle, ALPM_ERR_WRONG_ARGS, -1);
+ }
+
+ if(pkg->base64_sig) {
+ int ret = alpm_decode_signature(pkg->base64_sig, sig, sig_len);
+ if(ret != 0) {
+ RET_ERR(pkg->handle, ALPM_ERR_SIG_INVALID, -1);
+ }
+ return 0;
+ } else {
+ char *pkgpath = NULL, *sigpath = NULL;
+ alpm_errno_t err;
+ int ret = -1;
+
+ pkgpath = _alpm_filecache_find(pkg->handle, pkg->filename);
+ if(!pkgpath) {
+ GOTO_ERR(pkg->handle, ALPM_ERR_PKG_NOT_FOUND, cleanup);
+ }
+ sigpath = _alpm_sigpath(pkg->handle, pkgpath);
+ if(!sigpath || _alpm_access(pkg->handle, NULL, sigpath, R_OK)) {
+ GOTO_ERR(pkg->handle, ALPM_ERR_SIG_MISSING, cleanup);
+ }
+ err = _alpm_read_file(sigpath, sig, sig_len);
+ if(err == ALPM_ERR_OK) {
+ _alpm_log(pkg->handle, ALPM_LOG_DEBUG, "found detached signature %s with size %ld\n",
+ sigpath, *sig_len);
+ } else {
+ GOTO_ERR(pkg->handle, err, cleanup);
+ }
+ ret = 0;
+cleanup:
+ FREE(pkgpath);
+ FREE(sigpath);
+ return ret;
+ }
+}
+
const char SYMEXPORT *alpm_pkg_get_arch(alpm_pkg_t *pkg)
{
ASSERT(pkg != NULL, return NULL);

Copyright © 2002-2022 Judd Vinet and Aaron Griffin. Copyright © 2022 Erich Eckner.
The Arch Linux name and logo are recognized trademarks. Some rights reserved. The registered trademark Linux® is used pursuant to a sublicense from LMI, the exclusive licensee of Linus Torvalds, owner of the mark on a world-wide basis.