summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorDan McGee <dan@archlinux.org>2011-06-07 17:29:55 -0500
committerDan McGee <dan@archlinux.org>2011-06-24 02:34:50 -0500
commitdb3b86e7f34f4c3ccb42e98465f2069aa642a85f (patch)
tree34ee212bbcc0385674908f0d427779732f9aadfb /src
parent94d22f93096e210cd00d2e9c97c65f77d49ae387 (diff)
downloadpacman-db3b86e7f34f4c3ccb42e98465f2069aa642a85f.tar.xz
Do database signature checking at load time
This is the ideal place to do it as all clients should be checking the return value and ensuring there are no errors. This is similar to pkg_load(). We also add an additional step of validation after we download a new database; a subsequent '-y' operation can potentially invalidate the original check at registration time. Note that this implementation is still a bit naive; if a signature is invalid it is currently impossible to refresh and re-download the file without manually deleting it first. Similarly, if one downloads a database and the check fails, the database object is still there and can be used. These shortcomings will be addressed in a future commit. Signed-off-by: Dan McGee <dan@archlinux.org>
Diffstat (limited to 'src')
-rw-r--r--src/pacman/conf.c16
-rw-r--r--src/util/cleanupdelta.c2
-rw-r--r--src/util/testdb.c2
3 files changed, 5 insertions, 15 deletions
diff --git a/src/pacman/conf.c b/src/pacman/conf.c
index 081cdd5e..5c2a11d3 100644
--- a/src/pacman/conf.c
+++ b/src/pacman/conf.c
@@ -460,7 +460,7 @@ static int setup_libalpm(void)
ret = alpm_option_set_logfile(handle, config->logfile);
if(ret != 0) {
pm_printf(PM_LOG_ERROR, _("problem setting logfile '%s' (%s)\n"),
- config->logfile, alpm_strerror(alpm_errno(config->handle)));
+ config->logfile, alpm_strerror(alpm_errno(handle)));
return ret;
}
@@ -470,7 +470,7 @@ static int setup_libalpm(void)
ret = alpm_option_set_gpgdir(handle, config->gpgdir);
if(ret != 0) {
pm_printf(PM_LOG_ERROR, _("problem setting gpgdir '%s' (%s)\n"),
- config->gpgdir, alpm_strerror(alpm_errno(config->handle)));
+ config->gpgdir, alpm_strerror(alpm_errno(handle)));
return ret;
}
@@ -542,7 +542,7 @@ static int finish_section(struct section_t *section, int parse_options)
}
/* if we are not looking at options sections only, register a db */
- db = alpm_db_register_sync(config->handle, section->name);
+ db = alpm_db_register_sync(config->handle, section->name, section->sigverify);
if(db == NULL) {
pm_printf(PM_LOG_ERROR, _("could not register '%s' database (%s)\n"),
section->name, alpm_strerror(alpm_errno(config->handle)));
@@ -550,16 +550,6 @@ static int finish_section(struct section_t *section, int parse_options)
goto cleanup;
}
- if(section->sigverify) {
- if(alpm_db_set_pgp_verify(db, section->sigverify)) {
- pm_printf(PM_LOG_ERROR,
- _("could not set verify option for database '%s' (%s)\n"),
- section->name, alpm_strerror(alpm_errno(config->handle)));
- ret = 1;
- goto cleanup;
- }
- }
-
for(i = section->servers; i; i = alpm_list_next(i)) {
char *value = alpm_list_getdata(i);
if(_add_mirror(db, value) != 0) {
diff --git a/src/util/cleanupdelta.c b/src/util/cleanupdelta.c
index 98291706..5ee59dbb 100644
--- a/src/util/cleanupdelta.c
+++ b/src/util/cleanupdelta.c
@@ -75,7 +75,7 @@ static void checkdbs(const char *dbpath, alpm_list_t *dbnames) {
for(i = dbnames; i; i = alpm_list_next(i)) {
char *dbname = alpm_list_getdata(i);
snprintf(syncdbpath, PATH_MAX, "%s/sync/%s", dbpath, dbname);
- db = alpm_db_register_sync(handle, dbname);
+ db = alpm_db_register_sync(handle, dbname, PM_PGP_VERIFY_OPTIONAL);
if(db == NULL) {
fprintf(stderr, "error: could not register sync database (%s)\n",
alpm_strerror(alpm_errno(handle)));
diff --git a/src/util/testdb.c b/src/util/testdb.c
index 4937480d..af5007e2 100644
--- a/src/util/testdb.c
+++ b/src/util/testdb.c
@@ -151,7 +151,7 @@ static int check_syncdbs(alpm_list_t *dbnames) {
for(i = dbnames; i; i = alpm_list_next(i)) {
char *dbname = alpm_list_getdata(i);
- db = alpm_db_register_sync(handle, dbname);
+ db = alpm_db_register_sync(handle, dbname, PM_PGP_VERIFY_OPTIONAL);
if(db == NULL) {
fprintf(stderr, "error: could not register sync database (%s)\n",
alpm_strerror(alpm_errno(handle)));