From 80e2e1c7c9f2cc2795f497f2101b0aeb7b7e8638 Mon Sep 17 00:00:00 2001 From: Jonas Witschel Date: Wed, 2 Oct 2019 16:40:54 +0200 Subject: signing: move key import confirmation before key_search Ask the user whether they want to import a missing key before even doing a search on the keyserver. This will be useful for getting Web Key Directory support in place: for a WKD, looking up and importing a key are a single action, so the current key_search -> QUESTION -> key_import workflow does not apply. Since only the ID of the package signing key is available before key_search, we display the packager variable in addition to the key ID for user convenience. Signed-off-by: Jonas Witschel Signed-off-by: Allan McRae --- lib/libalpm/signing.c | 50 +++++++++++++++++++++++++++----------------------- 1 file changed, 27 insertions(+), 23 deletions(-) (limited to 'lib/libalpm/signing.c') diff --git a/lib/libalpm/signing.c b/lib/libalpm/signing.c index 92598b0e..c1ae5354 100644 --- a/lib/libalpm/signing.c +++ b/lib/libalpm/signing.c @@ -433,42 +433,45 @@ gpg_error: /** * Import a key defined by a fingerprint into the local keyring. * @param handle the context handle + * @param uid a user ID of the key to import * @param fpr the fingerprint key ID to import * @return 0 on success, -1 on error */ -int _alpm_key_import(alpm_handle_t *handle, const char *fpr) +int _alpm_key_import(alpm_handle_t *handle, const char *uid, const char *fpr) { int ret = -1; alpm_pgpkey_t fetch_key; + + if(_alpm_access(handle, handle->gpgdir, "pubring.gpg", W_OK)) { + /* no chance of import succeeding if pubring isn't writable */ + _alpm_log(handle, ALPM_LOG_ERROR, _("keyring is not writable\n")); + return -1; + } + memset(&fetch_key, 0, sizeof(fetch_key)); + STRDUP(fetch_key.uid, uid, return -1); + STRDUP(fetch_key.fingerprint, fpr, return -1); - if(key_search(handle, fpr, &fetch_key) == 1) { - _alpm_log(handle, ALPM_LOG_DEBUG, - "unknown key, found %s on keyserver\n", fetch_key.uid); - if(!_alpm_access(handle, handle->gpgdir, "pubring.gpg", W_OK)) { - alpm_question_import_key_t question = { + alpm_question_import_key_t question = { .type = ALPM_QUESTION_IMPORT_KEY, .import = 0, .key = &fetch_key }; - QUESTION(handle, &question); - if(question.import) { - if(key_import(handle, &fetch_key) == 0) { - ret = 0; - } else { - _alpm_log(handle, ALPM_LOG_ERROR, - _("key \"%s\" could not be imported\n"), fetch_key.uid); - } + QUESTION(handle, &question); + if(question.import) { + if(key_search(handle, fpr, &fetch_key) == 1) { + _alpm_log(handle, ALPM_LOG_DEBUG, + _("key \"%s\" on keyserver\n"), fetch_key.uid); + if(key_import(handle, &fetch_key) == 0) { + ret = 0; + } else { + _alpm_log(handle, ALPM_LOG_ERROR, + _("key \"%s\" could not be imported\n"), fetch_key.uid); } } else { - /* keyring directory was not writable, so we don't even try */ - _alpm_log(handle, ALPM_LOG_WARNING, - _("key %s, \"%s\" found on keyserver, keyring is not writable\n"), - fetch_key.fingerprint, fetch_key.uid); + _alpm_log(handle, ALPM_LOG_ERROR, + _("key \"%s\" could not be looked up remotely\n"), fpr); } - } else { - _alpm_log(handle, ALPM_LOG_ERROR, - _("key \"%s\" could not be looked up remotely\n"), fpr); } gpgme_key_unref(fetch_key.data); @@ -714,7 +717,8 @@ int _alpm_key_in_keychain(alpm_handle_t UNUSED *handle, const char UNUSED *fpr) return -1; } -int _alpm_key_import(alpm_handle_t UNUSED *handle, const char UNUSED *fpr) +int _alpm_key_import(alpm_handle_t UNUSED *handle, const char UNUSED *uid, + const char UNUSED *fpr) { return -1; } @@ -900,7 +904,7 @@ int _alpm_process_siglist(alpm_handle_t *handle, const char *identifier, _alpm_log(handle, ALPM_LOG_ERROR, _("%s: key \"%s\" is unknown\n"), identifier, name); - if(_alpm_key_import(handle, result->key.fingerprint) == 0) { + if(_alpm_key_import(handle, result->key.uid, result->key.fingerprint) == 0) { retry = 1; } -- cgit v1.2.3-54-g00ecf