From b01bcc7d3d680856bd60c4ae03e4ba3f6d889cb2 Mon Sep 17 00:00:00 2001 From: Anatol Pomozov Date: Tue, 26 May 2020 19:12:08 -0700 Subject: Fallback to detached signatures during keyring check Pacman has a 'key in keyring' verification step that makes sure the signatures have a valid keyid. Currently pacman parses embedded package signatures only. Add a fallback to detached signatures. If embedded signature is missing then it tries to read corresponding *.sig file and get keyid from there. Verification: debug: found cached pkg: /var/cache/pacman/pkg/glib-networking-2.64.3-1-x86_64.pkg.tar.zst debug: found detached signature /var/cache/pacman/pkg/glib-networking-2.64.3-1-x86_64.pkg.tar.zst.sig with size 310 debug: found signature key: A5E9288C4FA415FA debug: looking up key A5E9288C4FA415FA locally debug: key lookup success, key exists Signed-off-by: Anatol Pomozov Signed-off-by: Allan McRae --- lib/libalpm/alpm.h | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'lib/libalpm/alpm.h') diff --git a/lib/libalpm/alpm.h b/lib/libalpm/alpm.h index 977c292c..614a530c 100644 --- a/lib/libalpm/alpm.h +++ b/lib/libalpm/alpm.h @@ -1405,6 +1405,17 @@ alpm_db_t *alpm_pkg_get_db(alpm_pkg_t *pkg); */ const char *alpm_pkg_get_base64_sig(alpm_pkg_t *pkg); +/** Extracts package signature either from embedded package signature + * or if it is absent then reads data from detached signature file. + * @param pkg a pointer to package. + * @param sig output parameter for signature data. Callee function allocates + * a buffer needed for the signature data. Caller is responsible for + * freeing this buffer. + * @param sig_len output parameter for the signature data length. + * @return 0 on success, negative number on error. + */ +int alpm_pkg_get_sig(alpm_pkg_t *pkg, unsigned char **sig, size_t *sig_len); + /** Returns the method used to validate a package during install. * @param pkg a pointer to package * @return an enum member giving the validation method -- cgit v1.2.3-54-g00ecf