From b01bcc7d3d680856bd60c4ae03e4ba3f6d889cb2 Mon Sep 17 00:00:00 2001 From: Anatol Pomozov Date: Tue, 26 May 2020 19:12:08 -0700 Subject: Fallback to detached signatures during keyring check Pacman has a 'key in keyring' verification step that makes sure the signatures have a valid keyid. Currently pacman parses embedded package signatures only. Add a fallback to detached signatures. If embedded signature is missing then it tries to read corresponding *.sig file and get keyid from there. Verification: debug: found cached pkg: /var/cache/pacman/pkg/glib-networking-2.64.3-1-x86_64.pkg.tar.zst debug: found detached signature /var/cache/pacman/pkg/glib-networking-2.64.3-1-x86_64.pkg.tar.zst.sig with size 310 debug: found signature key: A5E9288C4FA415FA debug: looking up key A5E9288C4FA415FA locally debug: key lookup success, key exists Signed-off-by: Anatol Pomozov Signed-off-by: Allan McRae --- lib/libalpm/util.c | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) (limited to 'lib/libalpm/util.c') diff --git a/lib/libalpm/util.c b/lib/libalpm/util.c index 76728eb4..b70a8192 100644 --- a/lib/libalpm/util.c +++ b/lib/libalpm/util.c @@ -1489,3 +1489,40 @@ void _alpm_alloc_fail(size_t size) { fprintf(stderr, "alloc failure: could not allocate %zu bytes\n", size); } + +/** This functions reads file content. + * + * Memory buffer is allocated by the callee function. It is responsibility + * of the caller to free the buffer. + * + * @param filepath filepath to read + * @param data pointer to output buffer + * @param data_len size of the output buffer + * @return error code for the operation + */ +alpm_errno_t _alpm_read_file(const char *filepath, unsigned char **data, size_t *data_len) +{ + struct stat st; + FILE *fp; + + if((fp = fopen(filepath, "rb")) == NULL) { + return ALPM_ERR_NOT_A_FILE; + } + + if(fstat(fileno(fp), &st) != 0) { + fclose(fp); + return ALPM_ERR_NOT_A_FILE; + } + *data_len = st.st_size; + + MALLOC(*data, *data_len, fclose(fp); return ALPM_ERR_MEMORY); + + if(fread(*data, *data_len, 1, fp) != 1) { + FREE(*data); + fclose(fp); + return ALPM_ERR_SYSTEM; + } + + fclose(fp); + return ALPM_ERR_OK; +} -- cgit v1.2.3-54-g00ecf