summaryrefslogtreecommitdiffstats
path: root/lib/libalpm/signing.h
AgeCommit message (Collapse)AuthorFilesLines
2014-01-06Update copyright years for 2014Allan McRae1-1/+1
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-10-31Make functions to decode a signature and extract keyid publicAllan McRae1-5/+0
These are useful for frontends. Signed-off-by: Allan McRae <allan@archlinux.org>
2013-02-09Make decode_signature available to the libraryAllan McRae1-0/+2
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-02-09Add function to extract key id from signaturesAllan McRae1-0/+3
This does not support all possibilities of RFC4880, but it does cover every key currently used in Arch Linux. Signed-off-by: Allan McRae <allan@archlinux.org>
2013-02-09Move key importing into separate functionAllan McRae1-0/+1
This will be useful for checking the availablity of all keys before perfoming validation in sync operations and for downloading a needed key in upgrade operations. Signed-off-by: Allan McRae <allan@archlinux.org>
2013-02-09Make key_in_keychain available in libraryAllan McRae1-0/+2
In preparation for checking key presence and downloading needed keys before conflict checking. Signed-off-by: Allan McRae <allan@archlinux.org>
2013-01-03Update copyright year for 2013Allan McRae1-1/+1
Signed-off-by: Allan McRae <allan@archlinux.org>
2012-02-20Update copyright yearsAllan McRae1-1/+1
Add 2012 to the copyright range for all libalpm and pacman source files. Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-20signing: add a process and retry loop for database signaturesDan McGee1-0/+3
In reality, there is no retrying that happens as of now because we don't have any import or changing of the keyring going on, but the code is set up so we can drop this in our new _alpm_process_siglist() function. Wire up the basics to the sync database validation code, so we see something like the following: $ pacman -Ss unknowntrust error: core: signature from "Dan McGee <dpmcgee@gmail.com>" is unknown trust error: core: signature from "Dan McGee <dpmcgee@gmail.com>" is unknown trust error: database 'core' is not valid (invalid or corrupted database (PGP signature)) $ pacman -Ss missingsig error: core: missing required signature error: core: missing required signature error: database 'core' is not valid (invalid or corrupted database (PGP signature)) Yes, there is some double output, but this should be fixable in the future. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-09-20Allow our PGP helper method to pass back the signature resultsDan McGee1-1/+2
This will make its way up the call chain eventually to allow trusting and importing of keys as necessary. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-28Refactor signature result return formatDan McGee1-1/+1
I was trying to take a shortcut and not introduce a wrapper struct for the signature results, so packed it all into alpm_sigresult_t in the first iteration. However, this is painful when one wants to add new fields or only return information regarding a single signature. Refactor the type into a few components which are exposed to the end user, and will allow a lot more future flexibility. This also exposes more information regarding the key to the frontend than was previously available. The "private" void *data pointer is used by the library to store the actual key object returned by gpgme; it is typed this way so the frontend has no expectations of what is there, and so we don't have any hard gpgme requirement in our public API. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-25Remove argument from check_pgp_helperDan McGee1-2/+1
This one wasn't all that necessary as we only used it in one place in the function, which can be checked easily enough at the call site. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-15Only check necessary signatures and checksumsDan McGee1-0/+1
The precedence goes as follows: signature > sha256sum > md5sum Add some logic and helper methods to check what we have available when loading a package, and then only check what is necessary to verify the package. This should speed up sync database verifies as we no longer will be doing both a checksum and a signature validation. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-07-05signing: move to new signing verification and return schemeDan McGee1-1/+4
This gives us more granularity than the former Never/Optional/Always trifecta. The frontend still uses these values temporarily but that will be changed in a future patch. * Use 'siglevel' consistenly in method names, 'level' as variable name * The level becomes an enum bitmask value for flexibility * Signature check methods now return a array of status codes rather than a simple integer success/failure value. This allows callers to determine whether things such as an unknown signature are valid. * Specific signature error codes mostly disappear in favor of the above returned status code; pm_errno is now set only to PKG_INVALID_SIG or DB_INVALID_SIG as appropriate. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-06-30Make alpm_db_get_sigverify_level() publicDan McGee1-1/+0
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-06-28Rename pmdb_t to alpm_db_tAllan McRae1-1/+1
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-06-28Rename pmhandle_t to alpm_handle_tAllan McRae1-1/+1
Signed-off-by: Allan McRae <allan@archlinux.org>
2011-06-09Require handle argument to all alpm_option_(get|set)_*() methodsDan McGee1-1/+2
This requires a lot of line changes, but not many functional changes as more often than not our handle variable is already available in some fashion. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-04-24Rein in the complexity of the signature typeDan McGee1-11/+1
Given that we offer no transparency into the pmpgpsig_t type, we don't really need to expose it outside of the library, and at this point, we don't need it at all. Don't decode anything except when checking signatures. For packages/files not from a sync database, we now just read the signature file directly anyway. Also push the decoding logic down further into the check method so we don't need this hanging out in a less than ideal place. This will make it easier to conditionally compile things down the road. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-04-24signing: let GPGME handle loading signatures from filesDan McGee1-1/+0
Rather than go through all the hassle of doing this ourselves, just let GPGME handle the work by passing it a file handle. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-04-20Rename gpgsig struct fields for clarityDan McGee1-3/+3
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-04-20Allow VerifySig to act as a default verification in [options]Dave Reisner1-0/+1
* add _alpm_db_get_sigverify_level * add alpm_option_{get,set}_default_sigverify And set the default verification level to OPTIONAL if not set otherwise. Signed-off-by: Dave Reisner <d@falconindy.com> Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23Refactor signature loading code into common functionDan McGee1-0/+1
We can use this for both standalone package signatures as well as standalone database signatures. Signed-off-by: Dan McGee <dan@archlinux.org>
2011-03-23Add functions for verifying database signatureAllan McRae1-1/+11
Add a pmpgpsig_t struct to the database entry struct and functions for the lazy loading of database signatures. Add a function for checking database signatures, reusing (and generalizing) the code currently used for checking package signatures. TODO: The code for reading in signature files from the filesystem is duplicated for local packages and database and needs refactoring. Signed-off-by: Allan McRae <allan@archlinux.org>
2011-03-23Integrate GPGME into libalpmDan McGee1-0/+28
Signed-off-by: Dan McGee <dan@archlinux.org>