Send patches - preferably formatted by git format-patch - to patches at archlinux32 dot org.
summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorDan McGee <dan@archlinux.org>2011-04-21 23:39:01 -0500
committerDan McGee <dan@archlinux.org>2011-04-24 10:48:34 -0500
commit4d63ebe2fbe932412a7b8340af49bf30c8e17a91 (patch)
tree83555011c2e8205a4243ac389647af50e964761e /src
parent1cf79eb8c8c7894d238cd906613dc1cd5b7ced1a (diff)
Perform package verification at package load time
Both md5sum verification and PGP verification can and should be done at package load time. This allows verification to happen as early as possible for packages provided by filename and loaded in the frontend, and moves more stuff out of sync_commit that doesn't really belong there. This should also set the stage for simplified parallel loading of packages later down the road. Signed-off-by: Dan McGee <dan@archlinux.org>
Diffstat (limited to 'src')
-rw-r--r--src/pacman/query.c2
-rw-r--r--src/pacman/sync.c3
-rw-r--r--src/pacman/upgrade.c3
-rw-r--r--src/util/testpkg.c3
4 files changed, 7 insertions, 4 deletions
diff --git a/src/pacman/query.c b/src/pacman/query.c
index eaf3b9e0..5ca52c38 100644
--- a/src/pacman/query.c
+++ b/src/pacman/query.c
@@ -547,7 +547,7 @@ int pacman_query(alpm_list_t *targets)
char *strname = alpm_list_getdata(i);
if(config->op_q_isfile) {
- alpm_pkg_load(strname, 1, &pkg);
+ alpm_pkg_load(strname, 1, PM_PGP_VERIFY_OPTIONAL, &pkg);
} else {
pkg = alpm_db_get_pkg(db_local, strname);
}
diff --git a/src/pacman/sync.c b/src/pacman/sync.c
index 5529288b..5fb8c346 100644
--- a/src/pacman/sync.c
+++ b/src/pacman/sync.c
@@ -211,7 +211,8 @@ static int sync_cleancache(int level)
/* attempt to load the package, prompt removal on failures as we may have
* files here that aren't valid packages. we also don't need a full
* load of the package, just the metadata. */
- if(alpm_pkg_load(path, 0, &localpkg) != 0 || localpkg == NULL) {
+ if(alpm_pkg_load(path, 0, PM_PGP_VERIFY_NEVER, &localpkg) != 0
+ || localpkg == NULL) {
if(yesno(_("File %s does not seem to be a valid package, remove it?"), path)) {
if(localpkg) {
alpm_pkg_free(localpkg);
diff --git a/src/pacman/upgrade.c b/src/pacman/upgrade.c
index 5b894001..0ffc94c4 100644
--- a/src/pacman/upgrade.c
+++ b/src/pacman/upgrade.c
@@ -42,6 +42,7 @@
int pacman_upgrade(alpm_list_t *targets)
{
alpm_list_t *i, *data = NULL;
+ pgp_verify_t check_sig = alpm_option_get_default_sigverify();
int retval = 0;
if(targets == NULL) {
@@ -75,7 +76,7 @@ int pacman_upgrade(alpm_list_t *targets)
char *targ = alpm_list_getdata(i);
pmpkg_t *pkg;
- if(alpm_pkg_load(targ, 1, &pkg) != 0) {
+ if(alpm_pkg_load(targ, 1, check_sig, &pkg) != 0) {
pm_fprintf(stderr, PM_LOG_ERROR, "'%s': %s\n",
targ, alpm_strerrorlast());
trans_release();
diff --git a/src/util/testpkg.c b/src/util/testpkg.c
index e562dde2..ad6ec30b 100644
--- a/src/util/testpkg.c
+++ b/src/util/testpkg.c
@@ -55,7 +55,8 @@ int main(int argc, char *argv[])
/* let us get log messages from libalpm */
alpm_option_set_logcb(output_cb);
- if(alpm_pkg_load(argv[1], 1, &pkg) == -1 || pkg == NULL) {
+ if(alpm_pkg_load(argv[1], 1, PM_PGP_VERIFY_OPTIONAL, &pkg) == -1
+ || pkg == NULL) {
switch(pm_errno) {
case PM_ERR_PKG_OPEN:
printf("Cannot open the given file.\n");

Copyright © 2002-2022 Judd Vinet and Aaron Griffin. Copyright © 2022 Erich Eckner.
The Arch Linux name and logo are recognized trademarks. Some rights reserved. The registered trademark Linux® is used pursuant to a sublicense from LMI, the exclusive licensee of Linus Torvalds, owner of the mark on a world-wide basis.